Kyle wrote... >port 445 worm/virus/Trojans are the ones spread via SMB over TCP, port 445, >using "net use \\[machine]\ipc$. The Trojans include password dictionaries >for guessing admin ids and passwords. On my servers I remove these kind of builtin account using a batchfile which get executed from the startup folder: @echo off echo Unsharing default shares... net share ipc$ /delete net share admin$ /delete net share c$ /delete net share d$ /delete net share e$ /delete net share f$ /delete net share g$ /delete net share h$ /delete -- Michiel Overtoom - motoomat_private // Computers are Creative Wonder Machines ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:49:35 PST