SPM2000$ Rouge Share

From: Robinson, Jonathon (Jonathon.Robinson@sykes.com)
Date: 03/18/03

Next message: Andrew Bates: "Re: CodeRed Observations. ##"

Previous message: ciso@hushmail.com: "Animal Rights Hacktivist Group?"
Next in thread: Robinson, Jonathon: "RE: SPM2000$ Rouge Share"
Maybe reply: Robinson, Jonathon: "RE: SPM2000$ Rouge Share"
Maybe reply: Robinson, Jonathon: "RE: SPM2000$ Rouge Share"
Reply: Harlan Carvey: "Re: SPM2000$ Rouge Share"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Robinson, Jonathon" <Jonathon.Robinson@sykes.com>
To: "'incidents@securityfocus.com'" <incidents@securityfocus.com>
Date: Tue, 18 Mar 2003 14:26:32 -0500

I have two [NT and 2K] servers that have an administrative share named
SPM2000$.
This share has full access rights to drive C for the Everyone group.
I can deactivate it, but since it's an administrative share it's going to
come back at reboot.

After "Googling" the string, I found something called Service Pack Manager
2000, but I don't think that's what created this as this software uses the
default ADMIN$ share.
Have any of you seen this share anywhere before?

Thanks,

Jonathon W. Robinson
Network Security Specialist

This information is intended only for the person or entity to which it is
addressed and may contain confidential or privileged material. Any review,
retransmission, dissemination, or other use of, or taking of any action in
reliance upon, this information by persons or entities other than the
intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

Next message: Andrew Bates: "Re: CodeRed Observations. ##"

Previous message: ciso@hushmail.com: "Animal Rights Hacktivist Group?"
Next in thread: Robinson, Jonathon: "RE: SPM2000$ Rouge Share"
Maybe reply: Robinson, Jonathon: "RE: SPM2000$ Rouge Share"
Maybe reply: Robinson, Jonathon: "RE: SPM2000$ Rouge Share"
Reply: Harlan Carvey: "Re: SPM2000$ Rouge Share"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: S85 not quite right !!
... you may want to increase the number of aio servers available. ... S80s with Oracle need 300-1000 aio servers. ... maximum pinable=80.0% of real memory minperm=5.0% of real memory ... If you are not the intended recipient, ...
(AIX-L)
moving from plain SCSI to Hardware Raid, possible ?
... We're not really interested in going down the software RAID path, ... We really don't want to rebuild the servers from scratch. ... you initialize/wipe the disks afaik. ... If you are not the intended recipient or responsible for ...
(Debian-User)
Re: [fw-wiz] Question about a Cisco PIX 515 - Routing question (I think)
... to config the PIX to handle it. ... get the mail servers to bypass DNS resloution for each other and send to ... If you are not the intended recipient, ...
(Firewall-Wizards)
x86 jumpstart
... I am successful in setting up jumpstart for Sparc servers ... proprietary information for the sole use of the intended recipient. ... message in error, please notify Brooks Automation, Inc. immediately by reply ...
(SunManagers)
Opening port 135
... I am trying to connect remotely to disk management on a couple 2003-2000 ... I get the message you do not have access rights on the 2000 servers ... and on the 2003 it says I do not have port 135 open. ...
(microsoft.public.windows.server.general)