Someone correct me if I am mistaken but I don't believe zone alarm will show an alert for a request to a port that is not listening. I believe it traps just prior to the connection being made. To test this theory, try telneting to port 26 or 27 (one that is not listening) and see if zone alarm will warn you. I personally don't run any firewall software. I simply just close all the possible holes. However I did forget on an NT machine to disable NBT once but I never forget to audit login failures, and I saw probably 100 failures in a week while it was dialed up to the net.. After I disabled NBT(WINS), the failures disappeared.
I did write a perl script a while back that scans a subnet and checks for for open NBT machines and it was really scary seeing how many people there were out there that had their entire machine wide open. On your statement, I am not sure if I totally understand it... If NBT is disabled on your home computer, no one can make a connection to you. If Netbios is disabled on your schools Internet routers, then you cannot make a connection, regardless if the PC behind the router is listening for NBT. I would think they would need TCP helper enabled and NetBios to allow that. Danny At 10/13/2001 10:31 PM, you wrote: >Hmmm, cant even connect to my shared drives at school (no hardware >firewall, and ZoneAlarm shows no alerts) over NBT from home. > > >At 11:14 PM 10/12/2001 -0500, you wrote: >>That is the symptom you will get if the server has nbt disabled on the >>internet NIC. >>This is a good thing in that as I mentioned, you can't even attempt to login. >>Opening up access to drive letters and whatnot are just some things that >>nimda >>will do. But it will not enable NBT on a disabled machine. So This >>machine was >>more than likely infected by one of the IIS exploits but yet NBT is still >>secure. >> > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Chris Kafer http://www.grad-college.iastate.edu/ippm/ippmhomepage.html >ICQ: 12594489 >PGP key available http://thornlab2.bb.iastate.edu > > >-------------------------------------------------------------------------------- >For unsubscription of this list send an email to [EMAIL PROTECTED] with >email >data containing unsubscribe emailadd sambar > -------------------------------------------------------------------------------- For unsubscription of this list send an email to [EMAIL PROTECTED] with email data containing unsubscribe emailadd sambar
