~BD~
Sun Jun 29 14:48:47 CDT 2008
"Root Kit" <b__nice@hotmail.com> wrote in message
news:tsge645qsn674u3slk7e6ac5u4gi1uv4it@4ax.com...
> On Sat, 28 Jun 2008 21:04:35 +0100, "~BD~" <BoaterDave@nospam.invalid>
> wrote:
>
>>
>>"Root Kit" <b__nice@hotmail.com> wrote in message
>>news:oguc64d1g17d55iik4qgq28upb6664560n@4ax.com...
>>> On Sat, 28 Jun 2008 08:46:01 -0700, Dan
>>> <Dan@discussions.microsoft.com> wrote:
>>>
>>>>You are most welcome. I do like grc.com that you can use with Internet
>>>>Explorer to see if you have any ports that are not hidden on the first
>>>>1000+
>>>>ports by doing a scan.
>>>
>>> If by hidden you mean "stealth", how do you (with the help of
>>> mentioned tool) distinguish between a port which is filtered (or
>>> "stealthed") and a port occupied by a malware waiting for instructions
>>> on a UDP port?
>>>
>>
>>I personally have no idea, John (I call people I don't know by that name;
>>surprisingly, about 70% of the time it turns out to be correct! <g>)
>
> Maybe it's because you can't. If you didn't deal with this foolish
> "stealth" security theater, you would. What you want is to avoid
> unnecessary open ports. Whether they are otherwise closed or
> "stealthed" makes no difference in terms of security. "Stealth" only
> makes you feel better.
>
>>I've used the grc.com site on many occasions (as have several million
>>others!)
>
> Since when did volume say anything about quality?
OK - you win! ;)
>
> ShieldsUp is mainly a promotion tool. SU is good for one thing and one
> thing only: To quickly check if some kind of packet filter is in place
> either on your machine or somewhere upstream. That's it. Nothing more.
>
>>If you are aware of any other programme which can carry out a
>>similar safety check, perhaps you'll let us know Root Kit (John!). TIA
>
> Well, how about first of all checking your listening sockets on the
> machine itself by using something as simple as the cmd netstat?
I'd never come across this before ............ I've found
http://technet.microsoft.com/en-gb/library/bb490947(TechNet.10).aspx and
will explore further IDC. Thanx.
- Or
> for a more graphic experience use "TCPview" from MS-sysinternals
I found this:-
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
and have downloaded same. I've had a quick look, but will study later. Many
thanks. :)
or my
> personal favorite "CurrPorts" from NirSoft.
I found it here:
http://www.nirsoft.net/utils/cports.html Again, I've had
a quick look, but will study later. Many thanks. :)
>
> These will tell you all you need to know about what services are
> listening on what ports. For best security, you should have only the
> ones absolutely necesaary. If you then want to check from the outside
> to see if those are available or filtered, at least use an nmap-based
> service like the one available at
>
http://www.linux-sec.net/Audit/nmap.test.gwif.html
I've had a quick look. Never seen it before! Lots to investigate. Thank you
once more! :)
>
> And always remember that if you connect through some kind of gateway
> (e.g. a router), that's the one being examined and not your machine
> itself.
>
I do use a router ............... and connect wirelessly.
There's a lot to learn about 'computing' - when I started to learn they had
thermionic valves and the transistor was in its infancy! How things have
changed!
I really appreciate your guidance, John. (That's Root Kit, aka Straight
Talk, I believe!)
Thank you.
BD
