General discussion

Locked

hacker deleted ipc$ share....?

By reference ·
I recently discovered the presence of an unauthorized visitor on a 2000 server machine. I have gone through all the nessesary steps to prevent any further access, but I am curious about one thing. A batch file was created and placed in the startup folder that deleted the IPC$ share, along with a couple other default administrative shares. Does anyone know why a hacker would want to do that? Is this a standard procedure for some kind of established "hacking" technique? I also found Windows MediaServer had been installed on the system, any ideas why?
Thanks in advance

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

hacker deleted ipc$ share....?

by shmaltz In reply to hacker deleted ipc$ share ...

First of all; cracker not hacker.
I can't see any reason why someone would want to delete the IPC$ share. Unless it was an inside job and he wanted that you should not be able to connect remotely to that machine.

Collapse -

hacker deleted ipc$ share....?

by reference In reply to hacker deleted ipc$ share ...

Thanks for the input, I feel better knowing it appears to be a half-assed attempt, not some well know process.

Collapse -

hacker deleted ipc$ share....?

by AirHockeyNinja In reply to hacker deleted ipc$ share ...

the IPC$ share is used by several windows components. This was a poor attempt to make this server unavailable to your network. Basically what the CRACKER was trying to do was make it so you could not access the server to remove his little file sharing service. Totally blew it, as he obviously did not lock the box down right, you got in, and fixed the problem. This was probably an unskilled CRACKER trying something he had heard about, but not researched nor had fully explained.

Thats just myopinion, I could be wrong.
Joe

Collapse -

hacker deleted ipc$ share....?

by reference In reply to hacker deleted ipc$ share ...

Thanks for the input, I feel better knowing it appears to be a half-assed attempt, not some well know process.

Collapse -

hacker deleted ipc$ share....?

by sblades In reply to hacker deleted ipc$ share ...

Also, Media Server has a bunch of holes in it; if you are following Microsoft Security Patches, you'll see it mentioned all the time. They may have been trying to open up those as security holes after failing at the other holes.

Collapse -

hacker deleted ipc$ share....?

by reference In reply to hacker deleted ipc$ share ...

Thanks for the input, I feel better knowing it appears to be a half-assed attempt, not some well know process.

Collapse -

hacker deleted ipc$ share....?

by reference In reply to hacker deleted ipc$ share ...

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums