Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IPC$ share ?? 1

Status
Not open for further replies.
alphaMIKE429

alphaMIKE429

MIS
Jun 27, 2005
7
0
0
US
I am in the process of removing then readding the ADMIN$, C$ and other hidden drive shares with customized names for security reasons. My question is if I remove the IPC$ hidden share am I impacting any functions of the server as far as communication between itself and other servers?

What exactly is the IPC$ share for ??

Thanks in advance
 
Sort by date Sort by votes
IPC stands for Inter-Process Communications and is used to setup connections to other shares.

Although you can delete admin-shares, I would strongly advice you to keep IPC$.

Why do you want to delete those shares btw?
 
Upvote 0 Downvote
My thoughts were that some viruses utilize these well known hidden shares [admin$, c$, etc.] to propogate. If for some reason the admin password was comprimised or a network admin is logged in this could be a security risk. Correct me if I am wrong but wouldn't this be a recommended best practice for securing hidden admin type shares?

I did create alternative hidden shares to access our servers that do not follow the standard naming scheme....

Thanks in advance for your feedback
 
Upvote 0 Downvote
Many viruses that do this go in through a vonrubility in the RPC sub-system on the OS, not through the network shares them selves. While a few years ago the viruses would go in through the c$ and the admin$ share the virus writters quickly learned ways around this.

They will normally not bother with the admin shares because going through them requires knowing if the logged on user is an admin on the remote machine. It's less codding work to simply exploit the RPC sub-system and then elevate the access through known buffer overflow problems (or how ever they do it these days) then they have full access to the remote machine.

With all that in mind a good virus scanner on every machine (servers and workstations alike) as well as a good firewall protecting the network and you shouldn't have any problems.

I would recommend against changing the default network shares. Many pieces of network based managment software uses these default shares to communicate with the remote server. And most remote install software requires these default shares to exist to push the software through.

Denny
MCSA (2003) / MCDBA (SQL 2000)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
Donate to Katrina relief
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
129
strongm
strongm
Carlvic
  • Locked
  • Question
Not authorize to access to rename,edit or delete on windows share
Replies
0
Views
39
Carlvic
Carlvic
kjv1611
  • Locked
  • Question
New Client Picks Up Old Client IP Address, Both now Share?
Replies
4
Views
74
kjv1611
kjv1611
gbaughma
  • Locked
  • Question
Shared folder permissions
Replies
0
Views
26
gbaughma
gbaughma
steveagen
  • Locked
  • Question
Access a shared folder while not logged on
Replies
1
Views
35
steveagen
steveagen

Part and Inventory Search

Sponsor

Back
Top