lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <004a01c59347$8127afb0$0301a8c0@cb.com>
Date: Thu Jul 28 09:13:24 2005
From: jerome.athias at free.fr (Jerome Athias)
Subject: NETBIOS SMB IPC$ unicode share access

Hi,

you can try:

SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareServer

create a dword called AutoShareServer and set its value to 0 (for a server) OR AutoShareWks=0 (for workstations). It removes all $ (hidden) shares EXCEPT IPC$ (need reboot)


net share ipc$ /delete
(ie in: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)


/JA
*****************************************************************
http://www.athias.fr - Alertes et bulletins de s?curit?
  ----- Original Message ----- 
  From: Ramachandrand 
  To: full-disclosure@...ts.grok.org.uk 
  Sent: Thursday, July 28, 2005 9:16 AM
  Subject: [Full-disclosure] NETBIOS SMB IPC$ unicode share access


  Hi,

              AM NEW TO SNORT KINDLY HELP ME 

  In my network all r 2000 & XP Pc in that all the users home folder was mapped as 

  \\servername\username$ In server we use to create a folder and give access to the particular user. 

  Recently we I have installed snort in that it keeps on alerting this msg

  " NETBIOS SMB IPC$ unicode share access"

  How to stop this event ie not to detect for this event. plz tell me in brief note

   

  Thanks in advance.

   

   

  Regards,

  D.Ramachandran



------------------------------------------------------------------------------


  _______________________________________________
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050728/c75e20a0/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ