IPC$ Explained

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

What is the IPC$ Share in Computer Management:Shared Folders:Shares?

No sharing is turned on and Remote Access is off, yet it is still there.

Concerned it is a security risk.
 
From: "Hughes" <[email protected]>

| What is the IPC$ Share in Computer Management:Shared Folders:Shares?
|
| No sharing is turned on and Remote Access is off, yet it is still there.
|
| Concerned it is a security risk.

It is a security risk because there are Internet worms and other infectors will use this
share as an infection vector.

The following is only a sample listing as is in no way a complete listing...
W32/Lioten.worm -- http://vil.nai.com/vil/content/v_99897.htm
IRC/Backdoor.g -- http://vil.nai.com/vil/content/v_100022.htm
PWS-NTSMB -- http://vil.nai.com/vil/content/v_100050.htm
W32/Sdbot.worm -- http://vil.nai.com/vil/content/v_100454.htm
IRC/Flood.dz -- http://vil.nai.com/vil/content/v_100908.htm
W32/Randin.worm.gen -- http://vil.nai.com/vil/content/v_127742.htm
W32/Mugly.a@MM -- http://vil.nai.com/vil/content/v_130237.htm
W32/HLLP.Philis.g -- http://vil.nai.com/vil/content/v_130255.htm
W32/Gaobot.worm.gen -- http://vil.nai.com/vil/content/v_100785.htm
IRC-Bun -- http://vil.nai.com/vil/content/v_100930.htm

Basically, these are infectors targeting MS Networking. A FireWall and AV software is the
best protection. If you are on Broadband then using a Router such as the Linksys BEFSR41 is
a good way to mitigate the above threats from the Internet.

As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO Router.

It should also be noted that IPC$ is not alone. There are PRINT$, C$, D$, etc that are also
infection vectors so IPC$ should not be singled out. To help mitigate the attack on these
shares (some use dictionary attack methodologies), one must institute strong passwords to
user accounts and the Administrative accounts.

Suggested strong password method...

10 digit password minimum using.
2 - Upper case chars.
2 - Lower case chars.
2 - Numbers
2 - Special chars.

http://www.governmentsecurity.org/articles/ExploitingTheIPCShare.php

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314984&sd=tech
 
Back
Top