Re: Strange Folder

[discipulus <rootman22 () attbi com>]

Thanks Mike,

I don't think this would work on my computer because I had previously
disabled all the admin shares.  I also tweaked the registry so that
shares would not become enabled after reboot.

Also, I had MS File and Printer Sharing turned off, so my computer
wasn't visible in "Network Neighborhood" or "My Network Places".

Thanks for the link, I read through it.

Near the bottom, it says:

"To disable anonymous connections altogether, block access to tcp139/445
(IPSec port filters or Internet Connection Firewall), or uncheck "File
and Print Sharing for Microsoft Networks" from the network interface in
question (via the properties tab of the network connection)."

I'm unsure as to whether or not ports 139/445 are blocked but I'll find
out today.  If they are enabled, I'll block them.

Thanks






On Sun, 2002-10-06 at 15:45, Midkaemia wrote:
> Another possibility is that they have exploited the default "null sessions" 
> vulnerability of a netbios enabled windows machine. They don't have to be a 
> domain user, they just connect as follows..
>
> net use * \\<target>\<any admin share> /user:"" ""
>
> admin shares can be...
> ipc$
> c$
> <any other drive>$
> admin$
>
> They can also connect to any public share with no security set.
>
> This way they connect with a blank username and a blank password. A single 
> registry key fixes some of the associated problems. See the following link 
> for a discussion of some of the nitty gritty.
>
> http://cert.uni-stuttgart.de/archive/focus-ms/2002/03/msg00088.html
>
> Cheers
>
> Mike
-- 
"The Computer made me do it."


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com