RE: No NetBios share + No Open Port = Safe Win98?

["Robert D. Holtz - Lists" <robert.d.holtz () gmail com>]

I would definitely look into one of the software based firewall products.  

Better still would be a small firewall appliance that would sit between your
ADSL box and you inside network.  I use the Symantec Gateway Appliance
myself.

Since you're running '98 your options may be limited when it comes to a
software based firewall.

Just my $.02 ...

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of gohyongkwang () hotmail com
Sent: Friday, September 22, 2006 10:01 PM
To: security-basics () securityfocus com
Subject: No NetBios share + No Open Port = Safe Win98?

Hi,


I'm using an old computer at home for casual personal communication
(checking Web based emails and MSN instant messaging) and Web surfing and it
is still running on Windows 98 SE due to its limited RAM and CPU power. No
plan to upgrade and the computer is still good enough for the simple job.


Nevertheless, since I connect my computer to the Internet via a ADSL
router/modem, I did some preliminary check on my computer to see how secure
I am.


I used winipcfg.exe to obtain my IP address (192.168.1.101) and did a
netstat -a on it to find out what ports are open and/or listening. It
reports only port 139 as listening, which after googling around a bit says
it's a NetBios session port. Dunnoe what this means though, but I've _not_
enabled "File and Printer Sharing."


Now assuming I'm a cautious Web surfer who uses Firefox and only visit
reputable sites like MSN, Yahoo! and Google, and avoid visiting hacking
sites and running hacking tools, and that my computer is currently not
infected by malware, virus or rootkit (i.e. computer is clean and updated),
is there any way that a hacker can still connect to my computer over the
Internet, browse my hard disk and steal my files?


Theoretically, I've not enabled port forwarding in my router/modem, and so
external computer trying to ping or connect to my computer should not
succeed, and if there's no port listening at all (except for port 139), no
other computer should be able to infilitrate right?


Yet, I can't say anything is foolproof. So just like to seek your expert
opinion. What are the other areas I should continue to look at to further
protect my system? Is it still possible to be attacked through a listening
port 139 with file sharing disabled?


Thanks in advance.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------