Re: Strange Folder

From: discipulus (rootman22@attbi.com)
Date: 10/07/02 

From: discipulus <rootman22@attbi.com>
To: Midkaemia <midkaemia@midkaemia.fsnet.co.uk>
Date: 07 Oct 2002 05:44:49 -0600

Thanks Mike,

I don't think this would work on my computer because I had previously
disabled all the admin shares. I also tweaked the registry so that
shares would not become enabled after reboot.

Also, I had MS File and Printer Sharing turned off, so my computer
wasn't visible in "Network Neighborhood" or "My Network Places".

Thanks for the link, I read through it.

Near the bottom, it says:

"To disable anonymous connections altogether, block access to tcp139/445
(IPSec port filters or Internet Connection Firewall), or uncheck "File
and Print Sharing for Microsoft Networks" from the network interface in
question (via the properties tab of the network connection)."

I'm unsure as to whether or not ports 139/445 are blocked but I'll find
out today. If they are enabled, I'll block them.

Thanks

On Sun, 2002-10-06 at 15:45, Midkaemia wrote:
>
> Another possibility is that they have exploited the default "null sessions"
> vulnerability of a netbios enabled windows machine. They don't have to be a
> domain user, they just connect as follows..
>
> net use * \\<target>\<any admin share> /user:"" ""
>
> admin shares can be...
> ipc$
> c$
> <any other drive>$
> admin$
>
> They can also connect to any public share with no security set.
>
> This way they connect with a blank username and a blank password. A single
> registry key fixes some of the associated problems. See the following link
> for a discussion of some of the nitty gritty.
>
> http://cert.uni-stuttgart.de/archive/focus-ms/2002/03/msg00088.html
>
> Cheers
>
> Mike 

-- 
"The Computer made me do it."

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: Cant connect to computers
    ... Now that the connection has been made, ... machine via network neighborhood then the good machine can ... by using Registry Editor or by using another method. ... How much time elapses between when the laptops ...
    (microsoft.public.windows.server.networking)
  • Re: Old LAN Connection
    ... To rid your computer of the phantom adaptor follow the instructions here: http://support.microsoft.com/kb/269155 If after doing the above you still have problems then delete the registry entries for the network adapter. ... Remembering back to the original post, the problem is that although my network connection works fine for me to be on the Internet, I can never see the status. ... You could try deleting all the NIC devices shown in device manager, rebooting the PC, and letting XP find the NIC and reinstall the device drivers. ...
    (microsoft.public.windowsxp.general)
  • Re: WCESmgr ActiveSync app wont start
    ... when try to open ActiveSync WCESMGR will appear in running processes for a ... and the connection is available via Network Connections. ... What files were left in registry to delete and what program did you ...
    (microsoft.public.pocketpc.activesync)
  • Re: CANT LOGIN!! (urgent)
    ... registry can't be accssed due it i telling me the service isn't enabled. ... get to c$ drive over the network that didn't work" you need ... YOU DO to make the connection and WHAT YOU SEE ... Your system drive letter has changed. ...
    (microsoft.public.windows.server.general)
  • Re: Remote Desktop Disconnects
    ... When I've seen this symptom, looking at the devices connecting the server to the Internet, and the traffic load, has usually been helpful. ... An RDP or VPN connection should be able to stay up for hours if not days at a time, even with bottom rung consumer grade equipment and connections. ... Contact the network adapter manufacturer or contact the original equipment ... Modify the registry to disable Receive Side Scaling ...
    (microsoft.public.windows.server.sbs)