Security Incidents mailing list archives
RE: SPM2000$ Rouge Share
From: "Robinson, Jonathon" <Jonathon.Robinson () sykes com>
Date: Tue, 18 Mar 2003 14:57:14 -0500
If I go to the management console> shared folders> shares> Right-click and properties> I get the following: This has been shared for administrative purposes. The share permissions and file security cannot be set. Thanks, Jonathon -----Original Message----- From: Dan Bartley [mailto:bartleyd () corp netcarrier com] Sent: Tuesday, March 18, 2003 2:54 PM To: Robinson, Jonathon Subject: RE: SPM2000$ Rouge Share What makes you feel it is an administrative share? The $ only means hidden, not necessarily administrative. Best Regards, Dan Bartley -----Original Message----- From: Robinson, Jonathon [mailto:Jonathon.Robinson () sykes com] Sent: Tuesday, March 18, 2003 14:27 To: 'incidents () securityfocus com' I have two [NT and 2K] servers that have an administrative share named SPM2000$. This share has full access rights to drive C for the Everyone group. I can deactivate it, but since it's an administrative share it's going to come back at reboot. After "Googling" the string, I found something called Service Pack Manager 2000, but I don't think that's what created this as this software uses the default ADMIN$ share. Have any of you seen this share anywhere before? Thanks, Jonathon W. Robinson Network Security Specialist This information is intended only for the person or entity to which it is addressed and may contain confidential or privileged material. Any review, retransmission, dissemination, or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ------------------------------------------------------------------------ ---- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A> ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
Current thread:
- SPM2000$ Rouge Share Robinson, Jonathon (Mar 18)
- Re: SPM2000$ Rouge Share Harlan Carvey (Mar 19)
- <Possible follow-ups>
- RE: SPM2000$ Rouge Share Robinson, Jonathon (Mar 19)
- RE: SPM2000$ Rouge Share Robinson, Jonathon (Mar 19)
- RE: SPM2000$ Rouge Share Harlan Carvey (Mar 19)
- RE: SPM2000$ Rouge Share Jonathan Rickman (Mar 19)