127.0.0.1 - few Questions

Hi,
As u can probably see from the type of post im submitting, im fairly new to networking, but it is a topic that i am interested in
becoming more advanced in understanding.
My aim is to make myself 100% secure, and to understand if I am secure or not at the moment.
At present, I know I will never be this way until I hold a much deeper comprehension to it all first.

I'm hoping some more advanced users can help me with what I got to ask.

1a. I understand that 127.0.0.1 is a loopback IP address and I take it this just causes your computer to loop to your own actually ipaddress and in turn, back to your machine?

1b. Should I be concerned with netstat showing that I got about 18 "established" connections to this address, and 3 @ "TIME_WAIT"
I am fairly new so a bit more clarification on the different states would be nice to read also.

2. I know of the Tracert program, and that it shows you a list of all servers that the IP address passes through to reach yours, but is there a way to see who the IP addresses are?
I mean, to tell if it is msn, my virus killer, or my firewall?

3. Is there a way within MSDOS to close ports? Or does this have to be done through the firewall?
As my firewall displays a list of programs, not the ports.
Because of the issue on question 1b, I would like to be able to close down the ports the loopback ip is connected through.

4. On Netstat, it displays, TCP and UDP. Can someone explain what TCP and UDP are?

5. On IPConfig, you got a list of various things including Description, physical address, DHcp enabled, IP Address, Subnet mask, Default gateway and DNS servers.
Can someone explain a bit more about the each one of these? What is DHcp and does it matter if its enabled or not? What is the physical address? etc etc.


6. Also, I understand you can disconnect by typing ipconfig -release, and connect with ipconfig -renew
But on my system it does not let me. It states "The operation failed as no adapter is in the state permissible for this operation" Does anyone know why it would say this?


Anyway, I think thats all I can digest for the time being. Once I understand all the above, Im sure Ill have more questions to ask.


Thanks for your time.

Itsacraig.

Here are some quick responses:

1a) The loopback adapter is used to test your network card and TCP/IP stack.

1b) No.

2) You could do nslookup on the IP addresses and go from there.

3) Not that I know of from within MSDOS. You would have to use the Windows firewall. There may be a MSDOS version of a firewall.

4) TCP and UDP are Transport layer protocols. You need to Google those. Too much to explain here.

5) Physical address is the MAC burned into the NIC. Default Gateway is usually a router or some other device that your computer will send packets to that are not on the same subnet. DNS servers translate names to IP addresses. Dynamic Host Configuration Protocol. It is used to automatically assign IP addresses.

6) The command is IPCONFIG /release and IPCONFIG /renew. You could get that message if your computer has a static IP address set. Those commands only work with DHCP.

You would be better off searching Google for this type of general information. You would get a better explanation.

Thanks Skepticals, I appreciate you writing all that.

I guess my concerns are rogue dll files. I see a lot of the time the I got about 4-5 svchosts running, and alot of dll files try and connect to the internet via svchost.

How do you know for sure that the dll files arent malware or spyware?
You try doing a nslookup on the remote IP but it isn't found.
All these unknown questions leave me still wondering if i am vulnerable.

Thanks for your advice on google, i am finding it to be a fantastic tool if used correctly! And a lot of reading still to do.

Any more info into svchost would be good. This is my main concern right now...rogue dll's!

Thanks again,

Craig.

Hello neomax. If you're worried you could always give your machine a healthcheck by:
Running a full virus scan
Download Spybot Search & Destroy and run that
Download Ad-Aware (the free version) and run that
Beware of just 'fixing' things that these checks find - you need to know what you are doing, but at least you'll have a named and specific problem to research. Then its back to Google for more reading I'm afraid...

Avast also makes a free version of their antivirus software for home use.

Thanks guys, I appreciate your help.

Ive got spybot, hijackthis, Norton Internet Security, and about to download advanced taskmanager which i've heard good things about.

But im still curious about svchost, and I am still curious if by any chance some programs containing malware could be getting by undetected.

Example..if spybot, norton etc thing the malware/ dll files are that of the actual verified program, and in turn allowing them to run undetected. Is this at all possible? And as a result, could one of the SVCHosts or dlls be undetected malware??