IPC$ Explained

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

What is the IPC$ Share in Computer Management:Shared Folders:Shares?

No sharing is turned on and Remote Access is off, yet it is still there.

Concerned it is a security risk.
1 answer Last reply
More about explained
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Hughes" <Hughes@discussions.microsoft.com>

    | What is the IPC$ Share in Computer Management:Shared Folders:Shares?
    |
    | No sharing is turned on and Remote Access is off, yet it is still there.
    |
    | Concerned it is a security risk.

    It is a security risk because there are Internet worms and other infectors will use this
    share as an infection vector.

    The following is only a sample listing as is in no way a complete listing...
    W32/Lioten.worm -- http://vil.nai.com/vil/content/v_99897.htm
    IRC/Backdoor.g -- http://vil.nai.com/vil/content/v_100022.htm
    PWS-NTSMB -- http://vil.nai.com/vil/content/v_100050.htm
    W32/Sdbot.worm -- http://vil.nai.com/vil/content/v_100454.htm
    IRC/Flood.dz -- http://vil.nai.com/vil/content/v_100908.htm
    W32/Randin.worm.gen -- http://vil.nai.com/vil/content/v_127742.htm
    W32/Mugly.a@MM -- http://vil.nai.com/vil/content/v_130237.htm
    W32/HLLP.Philis.g -- http://vil.nai.com/vil/content/v_130255.htm
    W32/Gaobot.worm.gen -- http://vil.nai.com/vil/content/v_100785.htm
    IRC-Bun -- http://vil.nai.com/vil/content/v_100930.htm

    Basically, these are infectors targeting MS Networking. A FireWall and AV software is the
    best protection. If you are on Broadband then using a Router such as the Linksys BEFSR41 is
    a good way to mitigate the above threats from the Internet.

    As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO Router.

    It should also be noted that IPC$ is not alone. There are PRINT$, C$, D$, etc that are also
    infection vectors so IPC$ should not be singled out. To help mitigate the attack on these
    shares (some use dictionary attack methodologies), one must institute strong passwords to
    user accounts and the Administrative accounts.

    Suggested strong password method...

    10 digit password minimum using.
    2 - Upper case chars.
    2 - Lower case chars.
    2 - Numbers
    2 - Special chars.

    http://www.governmentsecurity.org/articles/ExploitingTheIPCShare.php

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314984&sd=tech

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
Ask a new question

Read More

Remote Access Security Management Microsoft Computers Windows XP