Iain

Quite - I know it's there, and why. nicatronTg recommended putting commands in there, assuming it would run them automatically. I was simply pointing out that this would be futile if the OS is XP.

If you're using XP, autoexec.bat won't help because it isn't used in XP.

Ya made it too easy for the OP! Yes, it's a pain that some don't accept the switch. I suspect that this will change in due course.

I'm no expert (by far!) and am keen to look into OpenVPN. It looks to be a nightmare to configure properly. Maybe it could be included in a future episode? I know there are likely to be several here who are very familiar with it and such a slot may be regarded as a waste of time but I suspect there are more like me who'd really value a step through. It's just an idea for Darren to consider.

I recall there's a switch that can be used with it which accepts the EULA. Accepting the EULA makes a change in the registry so at least acceptance is remembered on that particular computer.

Would it be possible though? It sounds like the OP wants to play a video before, or as, Windows loads. Without the OS, how would the software (to play the video) run?

There are an awful lot of myspace subdomains to block (and the probability of missing at least one). Is it possible to have a wild card or does each subdomain have to be listed explicitly?

Would you care to share what the problem was and how you resolved it? Someone else might run into a similar problem at some stage.

Just the point that I was going to make. I'd really like to get Windows 2003 to gain experience but it's just too expensive.

I don't think it's possible. I have to configure my ADSL router via a web browser and there is no command line option. I'd be interested to know if there are any ADSL routers which allow it. It would make reconfiguring (after a reset if the configuration file hasn't been saved) via a batch file very simple.

Yes, that's exactly what I meant. I'm not sufficiently up to speed to lock it down 100% (if that's ever possible), or at least not without plenty of tutorials and guidance from groups such as this!

Hmm - this has set my brain into gear. If it can be as cheap and simple as that, maybe I should investigate myself? I realise that I shouldn't put this on my main PC nor let it be accessible from the internet (some ISPs don't allow home web servers). I'll look around for some tutorials.

No, I haven't found a way to block a specific port (by number) in the free version of ZoneAlarm. @Sparda - I'm interested to know how I could tell Windows that it 'can't' use a specific port. I've looked into disabling DCOM (via a registry tweak and Start>Run>dcomcnfg). The sites that I've seen say it *should* be OK to disable it on a standalone PC but some corporate users need it for some of their software. Does anyone have experience of disabling it? I'm confused about what it actually is and what it does so I'm hesitant to mess around - just in case. I'm starting to disable anything which I don't need (I've got rid of TCP/IPv6 after my earlier comment!).

Great - that's reassuring. I have ZoneAlarm (free version) and, as far as I'm aware, I can't block specific ports. I have checked my ADSL Router Firewall and have created a rule which will block incoming to TCP 135. I realise that the PIDs change on reboot. Thanks for your time.

Yes, I see about having only a specific range available. As I said, it was an academic question to see if it could be done, rather than a practical question of having to do it (not that I could think of a reason why it should be specified in the first place). I realise that ports have specific "associations" (FTP/TCP 21, HTTP/ TCP 80 etc.) and that it's possible to use ports for other connections and I guess that's where the "bad" guys come in! As a spin off from this, I've been looking further and know that some TCP ports are recommended strongly to be locked down, such as 135, 137, 138, 139, 445 etc. because of vulnerabilities of one kind or another. I was astonished to see the lines: Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1296 TCP [::]:135 [::]:0 LISTENING 1296 (yes, I do have TCP/IPv6 installed but I'm going to uncheck or uninstall it) in my Netstat output. I changed the format of the output and it mentioned epmap. I did some googling and was thoroughly confused. Some sites said close it down (the port) as it's not needed but others said if I close it down, my PC may not work normally. As I said earlier, I have XP Pro SP2 and I realise that it has the patch for the major vulnerability relating to port 135. I am connected to ADSL via a router so that has a hardware firewall and there's NAT so I reckon I'm fairly well protected. Do I need to worry about these local connections listening on port 135? If it's relevant, PID 1296 is svchost.exe and the User Name (in Task Manager) is NETWORK SERVICE. I ran tasklist /svc /FI "PID eq 1296" and it reported Image Name PID Services ====================== svchost.exe 1296 RpcSs Thanks again for your time.

Thanks for the detailed response - I guessed that the local ports were random. I don't know of any reason why I should want to, but is it possible to fix the local ports to a particular number or range of numbers? It's an academic question really.

Hi everyone I have XP Pro SP2 which is fully updated. I've been examining the status of my ports using netstat and a couple of online scans. Fortunately, the scans revealed nothing of concern, but I found something that I don't understand. Here is the netstat output: Proto Local Address Foreign Address State TCP <ComputerName>:1248 fh-in-f165.google.com:http ESTABLISHED TCP <ComputerName>:1249 fh-in-f165.google.com:http ESTABLISHED TCP <ComputerName>:1251 ik-in-f103.google.com:http ESTABLISHED TCP <ComputerName>:1266 pop3.mail.<ISP>.net:pop3 TIME_WAIT One of the scan reports mentioned that well-known ports (such as 21, 22, 25, 80 and 110) should be open only if I have the relevant server running, and I don't have any of these servers running on my PC. So far, so good as my local port connections are 1248, 1249, 1251, and 1266 and ports 80 and 110 were reported as "Stealth". There are two things that I'd like to know about: Firsty, how are the local port numbers decided? I have tried this experiment several times and the local http/pop3 port numbers are rarely the same (I know that the first 1024 are "reserved"). Is it random? Is it possible to force a particular connection to use a specific local port (i.e. if I want my pop3 connection to be 2468 always)? Secondly, I have only one instance of IE7 running, so why are there 3 http connections open? If I renew the page or navigate elsewhere, there may be up to 10 http connections displayed. Thanks for your time and patience.

This sounds very dodgy. I doubt that anyone will give advice other than to knock on the door and ask politely. That's the correct (and legal) way to get access to documents.

Good points about 2 * 1GB vs 4 * 512MB. Whenever I've repaired PCs or built them (for others' specifications) , I've almost invariably seen the former, rather than the latter. I wondered if there was any performance benefit, rather than avoiding anything becoming faulty.

As a spinoff (and purely from a theoretical point of view), which is likely to give the better performance: 2 * 1GB or 4 * 512MB? I realise that the individual sticks must be identical in respect of speed, capacity etc. but don't know if one configuration will give a better performance than the other.

I've seen some odd behaviour at the login page for the last 10 days or so. When I've entered my username and password, it's returned a message indicating that I've used the incorrect password. I entered it again and everything was OK. On the first couple of occasions, I wondered if I had genuinely made a mistake but latterly, I've been VERY careful not to make a mistake. I wondered initially if it was some sort of scam - some malware intercepts the password, generates an error message on a page identical with Hak5 login then I'm asked to re-enter the password which takes me to the correct site. This behaviour ONLY occurs with Hak5 and not with any of the other groups that I visit, nor my Hotmail account. The only difference that I know is that I don't store the Hak5 password for it to autocomplete but the rest are stored. I've done Spybot and AdAware scans (clear) and my AV is up to date. Any ideas?

Yes, a sneaky registry location, isn't it? There are plenty more though!

Look at HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist. The entries are ROT13 and date/time 64bit little endian.

I tried to see the site but it's down. Did you grab the article & any tools?

A bit off topic, but I subsrcibe to another group which, in their rules, specifically bar contributors from posting useless comments, "Thanks", "WTF?" etc. The moderators are VERY strict in issuing warning points. A certain number of warning points means the account is suspended for a period whilst further points means that the account is cancelled. This seemingly draconian policy has resulted in posts being useful to the community and has also had the effect of no-one simply posting to get their post count up. I rarely see points being handed out more than once. I tend to respond here to anyone who contibutes positively to a problem that I've posed but that's simply being polite, rather than trying to get my count up. The mechanism on the other group is to send a PM to thank someone directly.