Which of these netstat connections should be banned on WinXP?

Which of these netstat connections should I ban on Windows XP?

I thought I was protected on a home wireless network behind a d-link router. But coworkers said that with BitTorrent, even with avast and sygate running I should run the netstat ban command to find what to ban and then ban it.

Running the netstat ban command gave me the output below. Can you help point me to the right connections to kill daily?

I appreciate your help Barbara

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\\Documents and Settings\\babs> netstat -ban Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 [System]

TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 2552 [alg.exe]

TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 2584 [ashMaiSv.exe]

TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 308 [ashWebSv.exe]

TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 2584 [ashMaiSv.exe]

TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 2584 [ashMaiSv.exe]

TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 2584 [ashMaiSv.exe]

TCP 192.168.0.100:139 0.0.0.0:0 LISTENING 4 [System]

TCP 127.0.0.1:1996 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:1998 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:2000 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:2003 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:2005 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:2007 127.0.0.1:12080 TIME_WAIT 0 TCP 192.168.0.100:1975 70.86.5.131:80 TIME_WAIT 0 TCP 192.168.0.100:1977 70.86.5.131:80 TIME_WAIT 0 UDP 0.0.0.0:445 *:* 4 [System]

UDP 0.0.0.0:500 *:* 1004 [lsass.exe]

UDP 0.0.0.0:4693 *:* 1488 [smc.exe]

UDP 0.0.0.0:1025 *:* 1360 [BTStackServer.exe]

UDP 0.0.0.0:4500 *:* 1004 [lsass.exe]

UDP 127.0.0.1:1034 *:* 1488 [smc.exe]

UDP 127.0.0.1:1900 *:* 1736 c:\\windows\\system32\\WS2_32.dll c:\\windows\\system32\\ssdpsrv.dll ntdll.dll C:\\WINDOWS\\system32\\kernel32.dll [svchost.exe]

UDP 127.0.0.1:123 *:* 1376 c:\\windows\\system32\\WS2_32.dll c:\\windows\\system32\\w32time.dll ntdll.dll C:\\WINDOWS\\system32\\kernel32.dll [svchost.exe]

UDP 192.168.0.100:1900 *:* 1736 c:\\windows\\system32\\WS2_32.dll c:\\windows\\system32\\ssdpsrv.dll ntdll.dll C:\\WINDOWS\\system32\\kernel32.dll [svchost.exe]

UDP 192.168.0.100:137 *:* 4 [System]

UDP 192.168.0.100:138 *:* 4 [System]

UDP 192.168.0.100:123 *:* 1376 c:\\windows\\system32\\WS2_32.dll c:\\windows\\system32\\w32time.dll ntdll.dll C:\\WINDOWS\\system32\\kernel32.dll [svchost.exe]

C:\\Documents and Settings\\babs>

Reply to
Barbara Bailey
Loading thread data ...

Which of these netstat connections should I ban on Windows XP?

I thought I was protected on a home wireless network behind a d-link router. But coworkers said that with BitTorrent, even with avast and sygate running I should run the netstat ban command to find what to ban and then ban it.

Running the netstat ban command gave me the output below. Can you help point me to the right connections to kill daily?

I appreciate your help Barbara

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\\Documents and Settings\\babs> netstat -ban Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 [System]

TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 2552 [alg.exe]

TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 2584 [ashMaiSv.exe]

TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 308 [ashWebSv.exe]

TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 2584 [ashMaiSv.exe]

TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 2584 [ashMaiSv.exe]

TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 2584 [ashMaiSv.exe]

TCP 192.168.0.100:139 0.0.0.0:0 LISTENING 4 [System]

TCP 127.0.0.1:1996 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:1998 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:2000 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:2003 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:2005 127.0.0.1:12080 TIME_WAIT 0 TCP 127.0.0.1:2007 127.0.0.1:12080 TIME_WAIT 0 TCP 192.168.0.100:1975 70.86.5.131:80 TIME_WAIT 0 TCP 192.168.0.100:1977 70.86.5.131:80 TIME_WAIT 0 UDP 0.0.0.0:445 *:* 4 [System]

UDP 0.0.0.0:500 *:* 1004 [lsass.exe]

UDP 0.0.0.0:4693 *:* 1488 [smc.exe]

UDP 0.0.0.0:1025 *:* 1360 [BTStackServer.exe]

UDP 0.0.0.0:4500 *:* 1004 [lsass.exe]

UDP 127.0.0.1:1034 *:* 1488 [smc.exe]

UDP 127.0.0.1:1900 *:* 1736 c:\\windows\\system32\\WS2_32.dll c:\\windows\\system32\\ssdpsrv.dll ntdll.dll C:\\WINDOWS\\system32\\kernel32.dll [svchost.exe]

UDP 127.0.0.1:123 *:* 1376 c:\\windows\\system32\\WS2_32.dll c:\\windows\\system32\\w32time.dll ntdll.dll C:\\WINDOWS\\system32\\kernel32.dll [svchost.exe]

UDP 192.168.0.100:1900 *:* 1736 c:\\windows\\system32\\WS2_32.dll c:\\windows\\system32\\ssdpsrv.dll ntdll.dll C:\\WINDOWS\\system32\\kernel32.dll [svchost.exe]

UDP 192.168.0.100:137 *:* 4 [System]

UDP 192.168.0.100:138 *:* 4 [System]

UDP 192.168.0.100:123 *:* 1376 c:\\windows\\system32\\WS2_32.dll c:\\windows\\system32\\w32time.dll ntdll.dll C:\\WINDOWS\\system32\\kernel32.dll [svchost.exe]

C:\\Documents and Settings\\babs>

Reply to
Barbara Bailey

;-)

There is no "ban". I think, you mean netstat -a -b -n, which can be written netstat -ban or netstat -nba, too ;-)

Yours, VB.

Reply to
Volker Birk

Google each named process with an active connection. Those beginning with "ash" are Avast processes, "BT" is bluetooth, others are MS. Some connections are the system talking to itself (127.0.0.1). You can determine who owns an external IP address at dnsstuff.com. You have two HTTP connections to 70.86.5.131 that would concern me if I hadn't visited a website in theplanet.com domain in the previous few minutes.

How you would "ban" anything I don't know.

nf

Reply to
nutso fasst

Direct SMB, used for Windows file and printer sharing.

These are listening on localhost only. Don't worry about them.

NetBIOS session service, used for Windows file and printer sharing.

These are connections that are about to be closed. The last two have most likely been to a webserver on 70.86.5.131.

Direct SMB, used for Windows file and printer sharing.

IPSec internet security association and key management protocol. Opened by the PolicyAgent service IIRC. You can disable the service if you don't use VPNs.

Sygate Personal Firewall. Funny that a personal firewall would open a listening port on all interfaces, don't you think? Remove that crap.

[BTStackServer.exe]

Probably a Bluetooth stack. Remove Bluetooth if you don't expressly need it.

AFAIK for IPSec NAT traversal. Probably also opened by the PolicyAgent service.

Listening on localhost. Don't mind.

SSDP is related to UPnP and can safely be disabled.

NetBIOS name service, used for Windows file and printer sharing.

NetBIOS datagram service, used for Windows file and printer sharing.

Windows time service. Leave it on if your box belongs to a Windows domain, otherwise shut it down.

Regards Ansgar Wiechers

Reply to
Ansgar -59cobalt- Wiechers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.