Do I need these services listening?

certain

system.

Yeah, I've heard a lot about people saying you can't run two firewalls at once, they'll confict, etc etc. But I am too determined to let that stop me, so I chose various security programs that seem to work well with each other. I may have had to do a little tinkering with a couple of firewalls whenever I had a problem getting something through that needed to get through, but all in all, its been pretty smooth going. I have everything working, including file & printer sharing between the two computers, and nothing has yet been able to get through from the outside. I feel that with an always-on DSL connection, you just can't be too careful these days...

hijackthis

I have always run both spybot and adware regularly. I keep Spybot resident on the second computer, but I prefer GIANT antispyware, so I have that resident and protecting the first computer. Never felt a need to use or post hijackthis logs, as I pretty much know what is running on my system and whether its supposed to be there or not. (I have some good process viewers that I occasionally run, that tell me every possible place where a program is being booted on my system).

Yes, true. But I also said I was paranoid about revealing personal information on the net, so.... ;-)

indicate

With Kaspersky's email guard on, Netstat does not show up ports 25,110 and your telnet command only gives me the command prompt at the end, no message about connecting or failing to connect. In actuality, Kaspersky's email guard is not protecting my email client. For one thing, it does not support my email client, and my client is not configured to use localhost, but connects directly to my ISP's mail server. I am presuming Kaspersky will open those two ports and listen to them, regardless of whether my email client takes advantage of this. And I'm not sure its a problem if it does open the ports, since we've established no ports are seen from the outside after an online port scan. All I know is I don't have any malware! No trojans, no worms, no adware, no spyware, no viruses... nothing.

You would think this it'd be easy to do with 4 or 5 firewalls... Not as easy as I thought, because I blocked off service ports 135-139 and 445 via the Netgear router configuration, and yet a scan of my 2nd computer still shows they are listening. However, a scan of my first computer shows they are closed! I'm not even sure if I should be trying to block them off, because perhaps I might need them to communicate between the two computers. If i ever do manage to block them, I guess I'll find out. I should say, my primary concern with these ports (besides worms coming in on 135) was NetBIOS. Because I read that its not a good thing to enable it, that it can then be accessed from the net if you do. But even though I don't mind entering an IP number into a program's configuration in place of an easy to remember name, I found I had to enable it to get my LAN messenger to work (WinMessenger). I think there may have been something else that didn't work when I disabled NetBIOS... In any case, the Lockdown site has a NetBIOS test, and I passed it. So the important thing is not that it is enabled, but that it can not be accessed from the net.

connections

replies

What I'm using now, Jetico, is a rule-based PFW. So it allows me to specify which protocol I want to block, whether TCP/UDP/ICMP etc.

For the record, I wish to submit my thanks to you Gerald (and Jason) for your time and patience in helping me sort out the many mysteries of network security on my home PC network. I may still not be 100% clear on everything, but I've made a lot of progress in understanding what is going on in my system vis a vis ports and services, and have a better idea of where my vulnerabilities are, and how to resolve them (and also whether I need to). I know enough now that I soon hope to be able to advise others where I can, in how to properly secure their home networks. I plan to save this thread for future reference, and I am sure that its presence will benefit others with similar concerns.

LOL!

Hmm. It also depends what you scan from where depending on the PFW settings. A local scan of the local computer usually shows more open than a remote scan. So you could do four scans: 1 scans 1, 1 scans 2, 2 scans 1, 2 scans 2. And still here, disable any PFW before you run the scans because some PFWs like to block any traffic from a particular IP for a couple of minutes once they figure that there is a port scan.

Regarding the Netgear I think it is only blocking traffic between the LAN and the WAN. The LAN itself should pretty much be unblocked by any setting of Netgear. The LAN is basically switched with no filters inbetween. The WAN-LAN connection is filered by the rules.

That is certainly the most important.

Gerald

Why don't you tell us what is so amusing?

FTR- I have also learned a lot, had some thoughts confirmed, and have also saved this thread.

Thanks,

Jack