Internet Connection Security for Windows Users
by Steve Gibson, Gibson Research Corporation

Here is a sample of a typical NetBIOS shares scanner. A scanning range is provided then the "Scan" button is pressed. That's all there is to it. A standard Windows "tree view" of machines appears in the left pane and a listing of their available and exposed network "shares" appears in the right pane.

The tree view can be expanded as shown on the left above. Any share can then be selected and the "Map Drive" button pressed. That drive then appears in Windows' Explorer view ... and its contents can be examined, altered, copied, deleted, etc.

The list of shares shown for the computer at IP [210.100.14.50] (upper left) allow us to conclude that the owner's name is "Ron" and that he has a collection of MP3 audio files. Since these might be of interest to the passing intruder, this demonstrates the importance of using obscure share names. (See next main page for a discussion of counter-measures.)

In the right side pane we see many "C" drives (which obviously give access to everything on the user's C partition) and a number of other interesting share names like "My Documents."

It's really very frightening that this is going on, isn't it?

Please note that the name of this scanning program, and the IP address range scanned, have been changed. I do not intend to promote NetBIOS shares scanning, nor do I wish to breach the privacy of those computers scanned. However, the scan results are absolutely authentic — I scanned them myself.

Please press your browser's BACK button
to return to the page you were viewing.