Subj : Port Blocking
To   : Bob Jones
From : Stewart Buckingham
Date : Sat Apr 06 2002 02:45 am

Hi Bob,

>> This is what I had from the netstat -s command
>> --------------------------------------------------------------------------
>> AF_INET Address Family:
>> Total Number of sockets 5

>> SOCK   TYPE       FOREIGN          LOCAL         FOREIGN         STATE
>> PORT             PORT            HOST
>> ======  =====      ==========      ==========      ==========    ========
>> 1 STREAM               0               0         0.0.0.0  CLOSED
>> 2    RAW               0               0         0.0.0.0  RAW
>> 92 STREAM              22           58737    xxx.x.xxx.xx  ESTABLISH
>> 100 STREAM         ftp..21           58741    xxx.x.xxx.xx  ESTABLISH
>> 2119  DGRAM               0               0         0.0.0.0  UDP

>> The 2 ESTABLISH Local Ports were because I was FTP'ing

> Yes, the foreign ports of 21 and 22 are the FTP connection you had opened.  I
>find the "RAW" state interesting, along with the UDP state  entries.  What bug
>me is both of those are listed as PORT 0 for both your end and the remote end,
> along with a line showing local port 0 with a closed stated.  These three
> entries are probably left over in the system table from some prior IP
> connection.

>Most likely you are ok.  It would be interesting to see this output right afte
> you establish your internet connection.

OK. I did a reboot. I don't know if it affects anything but I've been testing 
the IBM MPTN Firewall. It activates on boot, I then manually disabled it. I've 
become maybe too paranoid, I know, hence this question in the first place. From 
what you have said I guess I won't be needing any firewalling software.

Here's my netstat -s immediately after booting.....
--------------------------------------------------------------------------
                              AF_INET Address Family:
                              Total Number of sockets 1

  SOCK   TYPE       FOREIGN          LOCAL         FOREIGN         STATE
                     PORT             PORT            HOST
======  =====      ==========      ==========      ==========    ========
  2052  DGRAM               0               0         0.0.0.0  UDP


And here it is again immediately after my internet connection (In-joy)
--------------------------------------------------------------------------
                              AF_INET Address Family:
                              Total Number of sockets 3

  SOCK   TYPE       FOREIGN          LOCAL         FOREIGN         STATE
                     PORT             PORT            HOST
======  =====      ==========      ==========      ==========    ========
     1 STREAM               0               0         0.0.0.0  CLOSED
     2    RAW               0               0         0.0.0.0  RAW
  2058  DGRAM               0               0         0.0.0.0  UDP


> You don't have any LISTEN ports,  so you don't have any TCP services open as
> far as I can tell.  I would have not been supprised if a UDP port was up on a
>standard port, but I don't see any such entries.  [Port 0 isn't supposed to be
> a "live" port....]

See latest output above.

>> Also,  check your network configuration to make sure
>> you don't have netbios
>> over TCP/IP enabled, or other similar tricks.....

>> My only network configuration is to enable TCP/IP Dial-Up (no LAN TCP/IP).

>Then from what I see, you are in pretty good shape.  Yes,  you can probably ge
>hit with DOS attacks, but any system on the internet can have that happen.  An
> concerning fragmented IP packets, if you have applied the appropriate fixes,

What fixes?

>then that shouldn't cause problems either.  Being on a dial upp line, I assume
>you have a dynamic IP address.  In that case, DOS and such stuff should be les
> likely than a full time network connection.

Yeah, I kinda guessed that. Thanks.

Stu/2

--- BBBS/2 v4.00 MP
 * Origin: The Chili Channel * OS/2 - Java - Linux * chilies.com * (6:751/12)

.