Security Incidents mailing list archives
RE: SPM2000$ Rouge Share
From: Jonathan Rickman <jonathan () xcorps net>
Date: Wed, 19 Mar 2003 20:53:44 -0500 (EST)
On Tue, 18 Mar 2003, Robinson, Jonathon wrote:
Harlan, If I go to the management console> shared folders> shares> Right-click and properties> I get the following: "This has been shared for administrative purposes. The share permissions and file security cannot be set." However, I'm not able to reboot the server at this time as it's currently in production, so the reoccurrence of the share is simply an assumption. I'd just like to know why this share exists.
The software package mentioned earlier is produced by Gravity Storm Software http://securitybastion.com. I have used this software on NT4 with great success. It did not exhibit this behavior. I can't say that is does not exhibit this behavior by default on Win 2000 as I have not tested it. However, I suspect that it could have created the share for it's own use. Most likely to facilitate the distribution of service packs and hotfixes. The version I tested prompted you to do this on your own, perhaps newer versions do not. The maintainer can be contacted with the addresses on the web site. -- Jonathan Rickman X Corps Security http://www.xcorps.net ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- SPM2000$ Rouge Share Robinson, Jonathon (Mar 18)
- Re: SPM2000$ Rouge Share Harlan Carvey (Mar 19)
- <Possible follow-ups>
- RE: SPM2000$ Rouge Share Robinson, Jonathon (Mar 19)
- RE: SPM2000$ Rouge Share Robinson, Jonathon (Mar 19)
- RE: SPM2000$ Rouge Share Harlan Carvey (Mar 19)
- RE: SPM2000$ Rouge Share Jonathan Rickman (Mar 19)