Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IPC$ share ?? 1

Status
Not open for further replies.
Jun 27, 2005
7
US
I am in the process of removing then readding the ADMIN$, C$ and other hidden drive shares with customized names for security reasons. My question is if I remove the IPC$ hidden share am I impacting any functions of the server as far as communication between itself and other servers?

What exactly is the IPC$ share for ??

Thanks in advance
 
IPC stands for Inter-Process Communications and is used to setup connections to other shares.

Although you can delete admin-shares, I would strongly advice you to keep IPC$.

Why do you want to delete those shares btw?
 
My thoughts were that some viruses utilize these well known hidden shares [admin$, c$, etc.] to propogate. If for some reason the admin password was comprimised or a network admin is logged in this could be a security risk. Correct me if I am wrong but wouldn't this be a recommended best practice for securing hidden admin type shares?

I did create alternative hidden shares to access our servers that do not follow the standard naming scheme....

Thanks in advance for your feedback
 
Many viruses that do this go in through a vonrubility in the RPC sub-system on the OS, not through the network shares them selves. While a few years ago the viruses would go in through the c$ and the admin$ share the virus writters quickly learned ways around this.

They will normally not bother with the admin shares because going through them requires knowing if the logged on user is an admin on the remote machine. It's less codding work to simply exploit the RPC sub-system and then elevate the access through known buffer overflow problems (or how ever they do it these days) then they have full access to the remote machine.

With all that in mind a good virus scanner on every machine (servers and workstations alike) as well as a good firewall protecting the network and you shouldn't have any problems.

I would recommend against changing the default network shares. Many pieces of network based managment software uses these default shares to communicate with the remote server. And most remote install software requires these default shares to exist to push the software through.

Denny
MCSA (2003) / MCDBA (SQL 2000)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
Donate to Katrina relief
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top