Results 1 to 5 of 5

Thread: NetBIOS IPC$ help

  1. #1
    Junior Member
    Join Date
    Nov 2001
    Posts
    13

    NetBIOS IPC$ help

    A hello to everyone at AntiOnline!

    I am an experienced computer user, but a newbie when it comes to security issues. Ever since getting my cable connection, and suffering a couple of attacks, I feel it is time to further my knowledge of the subject.

    I was recently attacked by someone connecting to my NetBIOS port. I now know lots about this subject, but there is just one thing I cannot find much information on. What is IPC$???

    I know that it stands for "Interprocess Control" share, but what is it used for? What benefits does a hacker gain after obtaining access to this share?

    My loose understanding of it, is that it adds an external machine to my network, but what can be done once this machine is connected?

    Any help, tips, or links would be greatly appreciated.

    Thanks in advance...

    K-Line

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    Don't know what to tell you about what can be done with access to this share, other than, copy files to replace system files, which could execute a trojan next time you boot, etc....

    There used to be some good info on netbios shares at

    http://www.grc.com

    but I just went there now, and took a quick look, didnt find anything in a quick scan of the site. They used to have a set of programs there which would turn on and of access to your netbios shares, with having to reboot. But, I couldnt find those either.

    Oh well, I didnt look very hard, maybe you can find what I missed.

  3. #3
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    You can find the GRC-pages IchNiSan (1,2,3 in Japanese, no?) was referring to here.

    Inter-Process-Communication links:

    This should answer your questions.

    IPC$ is a special, hidden systemwide share for InterProcess Communication, thus called IPC. Application communications fall into the area of IPC, and include Remote Procedure Calls made by NetBIOS, Named Pipes, Windows Sockets, and more. The dollar sign following the share name signifies a hidden share, which means that users will not be able to see those shares when they are browsing the network. Essentially, hidden shares ease administration and aid in system-service delivery.

    Hidden system shares are created when NT starts, so even if you delete them, they will return when you restart the server. The share will also reappear when you stop and restart the server service. Only those with administrative rights can assess hidden system shares. There is nothing to configuring the IPC$ share because it is part of the NT system and it needs to be left alone and running.
    How IPC can be abused

  4. #4
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    very good Negative,

    you are right about my name...

    and thanks for finding a link to the grc pages...

  5. #5
    Junior Member
    Join Date
    Nov 2001
    Posts
    13
    Thanks to you both, you've been a great help.

    Also, thanks for not pulling me apart, like some others seem to do to us newbies.

    Greatly appreiated.

    K-Line

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •