Sebastian Gottschalk wrote:
> warf wrote:
>
>> I have been trying to learn as much as I can about internet 'security'
snip diatribe and gratuitous snarling....
>> to get a better feeling for what data is leaving my home,

> Eh... is that any serious problem at all?

Yes, if you have, or ever did have, any media on your system, or if you
realize the RIAA and ilk will someday get the legal club to go after
'other' citizens for $750USD/title, or even if you are just fed up with
surreptitious datamining for unstated purposes. or if subversion of your

connection for nepharious purposes is 'problematic: then,YES.

>> BUT, netstat /a indicates netbios ports 137,138,139,445 listening
>
> See, you didn't learn anything. You didn't even disable the SMB binding and
> the NetBIOS bindings. And this even when some clever guys already collected
> an easily understandable overview on websites like
> <http://ntsvcfg.de/ntsvcfg_eng.html>.

I said I was "trying"....never claimed to 'know'. better ishould be like
the rest of the cattle and pretend it is not really going to affect me?
By making an effort to learn I take responsibility...you have been
helpful..even if grumpy.

>
>> when I allow ZA to allow T-bird to act as a server
snip.......
Restated "When I run T-bird ZA tells me T-bird wants to access the
internet and act as a server.
I have deleted "file and print sharing" under "internet connections and
disbled most recognizable "remote access" services under 'services.msc'
but ZA detects a few remote access modules running and gives them
permission if select "OK" to the suggested query.
AND
>> For eg; If I allow scvhost to access 0.0.0.0 when firefox2.0 opens i
>> notice randomly ports assigned to urls or ip addresss.
>
>> and firefox always has 4 connections local and 4 remote open inaddition
>> to the url i am browsing????


> *repeating the thousandth time*
> 'netstat' on Win2K provides a view on the state of the *TDI interface*, not
> the actual TCP/IP sockeets. The TDI interface has different semantics, and
> something appearing as 0.0.0.0 listening means "an outstanding request to
> open a TCP/IP connection", thus no actual TCP/IP socket in LISTENING state.
> If you had just take the simplest measures to actualy verify such bogus
> open ports with a port scan, you'd have found them closed.

Iam using Ethereal and there is traffic...I am 'learning' but it is a
very complex topic ...for non-pro's like me...but that is why i ask.

>> but Akamaitech~ is frequently there
>
> Wow... Windows Automatic Updates... the mysterious of technology aren't to
> be believed !!!11

no, WINUPDATE is manual...I reassembled the TCP/IP strream and saw in
one instance it was a ZA update. This concurrs with the stated utility
of those servers. I read conflicting ideas as to the scope of the AKAMAI
servers and wondered why I would be 'uploading' to them as well...with
optout selected for all products 'satisfaction' reports.

>> I have checked many netstat resources to no avail...help?
>
> MSDN... Ah, might just be better to get a replacement which works like the
> real netstat command, f.e. TcpView from Sysinternals^W Microsoft.

Now I have to spracken ze duetch. That is exactly what i needed but the
launguage for the links is all german!!! Damn.

Breifly: How does one interpret the 'listening', 'waiting',
'established' and all the other port information netstat lists? The only
one I get is one with a 'foreign' ip and 'established'...those are
actual internet connections right?
Eastlink is very coy and stingy with 'what services and ports I require'
info...so I am trying to learn thru you and int-resources.

Thanks for that helpful link...wish I spoke enough german to decipher it!
Warf.