How to prevent others from using ipc $ and default shared intrusion

Null connection and ipc $ (internet process connection) are different concepts. An empty connection is a session established with the server without trust. In other words, it is an anonymous access to the server. Ipc $ is a named pipe open for inter-process communication. You can obtain the relevant permissions by verifying the user name and password. Many tools must use ipc $. By default, shared disks are shared to facilitate remote management, including all logical disks (c $, d $, e $ ......) and the system directory winnt or windows (admin $ ). A. One way is to delete both ipc $ and default share. But there will be again after the restart. You need to modify the registry.

1. First Delete the existing

Net share ipc $/del

Net share admin $/del

Net share c $/del

.............. (Delete several)

2. Do not create a null connection

Run regedit and find the following primary key [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSA] to change the key value of RestrictAnonymous (DWORD) to 00000001.

3. Disable auto-enable default share

For server, find the following primary key [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters] and change the key value of AutoShareServer (DWORD) to 00000000.

For pro, [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters] changes the key value of auto‑wks (DWORD) to 00000000.

If the preceding primary key does not exist, create a new one and change the key value.

B. Disable ipc $ and default shared dependencies (not recommended)

Net stop lanmanserver

You may be prompted whether the XXX service will be closed or not. Some secondary services depend on lanmanserver. Generally, Press y to continue.

C. The simplest way is to set a complex password to prevent the password from being lifted through ipc $. However, if you have other vulnerabilities, ipc $ will facilitate further intrusion.

D. You can install a firewall or filter ports.