Home page logo
/

basics logo Security Basics mailing list archives

Re: What Are These Shares(Remote Admin/Remote IPC)?
From: "Alex Lomas" <alex () alexlomas com>
Date: Mon, 29 Mar 2004 21:48:59 +0100 (BST)

are these neccessary..? I don't do any remote administration on/to this
host
(Win2kPro).

A 2k/XP box always has admin shares - they're hidden (hence the $). I
believe you can delete the IPC$ share but it always comes back after a
reboot. I have heard of attempts being made to brute force accounts using
IPC$ as it's used in authentication and RPC (I think).

You may also find a print$ share on the machine if you have a shared
printer - this is used to store printer drivers so that remote clients can
seemlessly install the correct drivers when they connect (kinda neat but
world readable I think!)

--Alex

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]