From: Wayne S. Anderson (wfrazee@wynweb.net)
Date: Wed Dec 13 2006 - 00:33:48 EST
Out of curiosity, why not use IPSec policy or windows-firewall-centric GPOs
to control the ports that are involved with Windows file sharing? You can
use granular policies to restrict access on the requisite ports to specific
IPs or subnets that would need to access these folders, et al.
The ports required for file and printer sharing are:
UDP Ports 137, 138
TCP Ports 139, 445
As far as tripwire-type solutions with real time or near real time share
creation alerting, there are a few programs out there as well as a few
programs to monitor existing shares. Search google, I ran across a few
within a couple minutes that sound close to what you are asking for.
--------------------------------------
Wayne S. Anderson
"An sufficiently developed bug is indistinguisable from a feature."
http://www.linkedin.com/in/wayneanderson
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Milind Nanal
Sent: Tuesday, December 12, 2006 1:31 AM
To: security-basics@securityfocus.com
Cc: pen-test@securityfocus.com; focus-ms@securityfocus.com
Subject: Windows folder Sharing watch
Dear list,
I am looking out for tool ( not very costly, preferable freeware or open
source) which would take a snapshot of all folder sharing information in my
data center & notify me incase of any new folder being shared.
Rather doing periodic check of which are the new shares & go on disabling
them I want to control it or catch it when this happen.
I know about lot of tool which would scan network & give sharing list. But I
want to stop this at the point when some one add a new sharing.
Regards,
Milind
Disclaimer:
This e-mail may contain Privileged/Confidential information and is
intended only for the individual(s) named. Please notify the sender, if
you have received this e-mail by mistake and delete it from your system.
Information in this message that do not relate to the official business of
the company shall be understood as neither given nor endorsed by it.
E-mail transmission cannot be guaranteed to be secure or error-free. The
sender does not accept liability for any errors or omissions in the
contents of this message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Visit us at www.kaleconsultants.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:27 EDT