DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  Netware


SYSTEMS AFFECTED

  Win 95

  

PROBLEM


    The following text is Paul Brainard copyright.



    With Remote Administration and  File Sharing for Netware  Networks

    enabled  on  a  Windows  95  machine,  once a remote administrator

    accesses the system, a shared resource pointing to the hard  drive

    is created  to which  all users  on the  same network have access.

    This share  remains available  even after  the administrator  logs

    off the system.



    The shared drive is not visible by browsing through the  Explorer,

    but may be found by mapping a network drive to  \\computername\C$.

    This gives read-only access to the entire local hard drive of  the

    sharing computer.





EXPLOIT

  

SOLUTION


    Defending  against  this  problem  is  a  common  sense issue that

    requires  a  bit  of  dicipline  and  dilligence. DON'T ALLOW YOUR

    NETWORK  ADMINSTRATORS  TO  LOG   ON  TO  WORKSTATIONS  WITH   THE

    "ADMINISTRATOR"  ACCOUNT  UNDER  ANY  CIRCUMSTANCES.  KILL  HIM IF

    NECESSARY.  This  simple  policy  will  also  help prevent against

    password cache attacks.  Remember,  when you log on to  a standard

    Windows workstation, you user passwords are cached -- unless  this

    feature has been disable.