Re: Worrying security lapse with C$. Can someone explain?
From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 01/09/03
- Next message: Roger Abell [MVP]: "Re: 2questions"
- Previous message: Joseph Hart: "copying user profiles"
- In reply to: Roger Abell [MVP]: "Re: Worrying security lapse with C$. Can someone explain?"
- Next in thread: Durand: "Re: Worrying security lapse with C$. Can someone explain?"
- Reply: Durand: "Re: Worrying security lapse with C$. Can someone explain?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> Date: Wed, 8 Jan 2003 23:27:27 -0700
Bad form, but it occurred to me that it is not really said
where this appeared.
If this was within the browse list, i.e.
My Network Places / Entire Network / Microsoft Windows Network
then this is worrisome.
If this was seen within the MachineName node, then this is normal
for a drive mapping, and since it disappeared on reboot it would
be from a mapping that was not persistent (an option when mapping).
If this is where it was, then is it possible someone might have gained
access to the machine while it was logged in with the account, or that
during the life of that login sessions the c$ had been accessed?
-- Roger "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message news:#rgXOa6tCHA.1644@TK2MSFTNGP12... > That would be worrisome if we could only reproduce it. > > The fact that you say you could access the security dialog > for the remote partitions (c$) makes this sound as if the > folder was mapped as a drive. I say this as in my experience > there is no way to access the NTFS permissions with this > dialog using an UNC path, but rather one must first get a > local device name (the mapped as drive letter) associated. > Of course, if the currently logged in user would be recognized > on the remote system as a administrator then this mapping > could happen transparently without a prompting (either > due to domain config, or in workgroups by having the > same username and password on both systems and it being > an administrator on the remote). I am not trying to say > that you mapped the drive, only that it was behaving as > if mapped. > > So, reproducibility is the missing factor here. > If you can get it to do this again it would certainly > be most interesting to hear about. > > -- > Roger > > "Worried" <xxx@xxx.com> wrote in message > news:#$GVbL2tCHA.1624@TK2MSFTNGP11... > > I have never seen this before and have no idea how to recreate but just > now > > C$ on another XP-pro SP1 machine on my private network became visible > under > > Microsft Windows Network in the folder pane. I could browse all of my > remote > > system even though only a few folders were conciously shared. I could even > > right click on C$ and see the security settings (not normally possible > even > > in computer management) and it said that administrators had full > read/write > > priviledges and even users had read permissions. > > > > I rebooted the PC that was browsing (not the PC whose C$ was visible) and > > now C$ has disappeared. > > > > But how did this happen? Surely this is a massive security lapse. What > > especially worries me is this went away just by rebooting the browsing PC. > > this suggests that C$ is open to any remote connected PC if they know how > to > > connect to it. > > > > I have the very latest Norton antivirus and all my machines are confirmed > > clean. > > > > > >
- Next message: Roger Abell [MVP]: "Re: 2questions"
- Previous message: Joseph Hart: "copying user profiles"
- In reply to: Roger Abell [MVP]: "Re: Worrying security lapse with C$. Can someone explain?"
- Next in thread: Durand: "Re: Worrying security lapse with C$. Can someone explain?"
- Reply: Durand: "Re: Worrying security lapse with C$. Can someone explain?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
