Hosting Provided By

re: Hidden Shares

From: Harlan Carvey <keydet89(at)yahoo.com>
Date: Wed Apr 30 2003 - 09:39:41 EDT

> Can viruses that propogate the network through
shares
> still propgate if the shares are hidden?

To be correct, viruses by definition don't propogate by searching for shares...worms do. Viruses can propogate by infecting files, which then passed between shares themselves.

Worms can propogate via the default "hidden" shares...for Rick, the correct nomenclature is "C$", not "$C". This is important b/c if someone reads your post and looks for "$C" and doesn't find it, they'll think they're 'secure'.

The term "hidden" simply refers to the fact that the shares don't appear in some of the GUIs. It's trivial to enumerate the existance of the hidden administrative shares remotely via null session enumeration, and even SNMP.

HTH, Harlan

Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-focus-virus

Received on Wed Apr 30 19:37:00 2003

This message: [ Message body ]
Next message: Marc Fossi: "Article Announcement: Madonna's Borderline MP3 Tactics"
Previous message: Eric Chien: "RE: Hidden Shares"
Maybe in reply to: Brett Bisbe: "Hidden Shares"
In reply to SCRIMSHER,JOHN (HP-Corvallis,ex1): "RE: Hidden Shares"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:39 EDT