Smallvoid.com
  • Home
  • About
  • Articles
  • Links
  • Forum

Description of the IPC$ share

March 3, 2003 by Snakefoot | 2 Comment

The IPC$ is a hidden share maintained by the Server service (Disabling the service will remove the share). The IPC$ share is used for Inter Proces Communication by using RPC (Remote Procedure Call), allowing the client to send different commands to the server:
  • List all shares
  • List all users
  • List files within a share
  • Stop/Start services
  • ...
Certain commands can be accessed anonymously through a NULL session depending on the configuration of the server. If the command cannot be called anonymously, then the client has to authenticate. Access is granted if the client can provide proper credentials (username and password), that matches an account on the server. If not able to do this, then the user at the client machine will get an error like:

IPC$, The domain password you supplied is not correct

You must supply a password to make this connection:

Incorrect password or unknown username for:

Note it is possible to access the IPC$ share of a server by using a different credentials, than those used when logging on the client machine. (Even if needing to use a domain-user to access a server from outside the domain).

net use q: \\10.0.0.2\c$ [password] /user:[domain\]username

Note to block access to Remote Procedure Call (RPC), then one should ensure that the firewall blocks the following network ports:
  • TCP Port 135 - RPC Endpoint Mapper
  • UDP Port 137 - Netbios
  • UDP Port 138 - Netbios
  • TCP Port 139 - Netbios
  • TCP and UDP Port 445 - Named Pipes
Note Windows 95/98/Me doesn't support logon with different credentials. Therefore one have to make sure the userid and password on the Win9x machine matches one of the accounts on the WinNT machine. This can be done by using one of the following options:
  • Create an account on the WinNT machine which matches the username and password (If any) used on the Win9x machine.
    • If the account already exist, then try to reenter the account password for the account (And check the password doesn't expire)
  • Create an account on the Win9x machine which matches the username and password of an account on the WinNT machine and then logon to Win9x with the new account.
  • Activate the guest account, though it is not recommended:
    • How to enable Win9x filesharing in Windows 2000
    • How to enable Win9x filesharing in Windows XP
Note if sure that the account is properly setup then one can configure an audit to see what account name is used to login to the machine.

More Info MS KB101150
More Info MS KB139592
More Info MS KB162325
More Info MS KB258717
More Info MS KB262916
Tags:
  • anonymous-access, guest-account, inter-proces-communication, network-share, remote-procedure-call
Category:
  • File Sharing,
  • File Sharing,
  • File Sharing,
  • File Sharing

Comments:

  1. chris says:
    8 August 2008 at 17:07

    Is IPC$ a security issue? Is it possible to "spy" my computer from another on the local network?

    Reply
  2. Snakefoot says:
    13 August 2008 at 19:05

    chris wrote:
    Is IPC$ a security issue?

    IPC$ is a necessity for sharing files with other computers using the Microsoft Network.

    But if connecting directly to the Internet without a properly configured firewall, then it becomes a security issue.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related Posts

  • Configure opportunistic locking for files on network shares
  • Configure automatic handling of network file sharing violations
  • Prevent the creation of the administrator shares
  • Creating file shares that are hidden
  • No more than 10 concurrent connections to a remote computer

Recent Posts

  • Disable IPv6 imaginary tunnel network interfaces
  • Encrypted backup to OneDrive or DropBox
  • Description of soft and hard page faults
  • Windows 10 Upgrade with black screen
  • Wordpress 4.2 Upgrade

Meta

  • Log in
  • Entries feed
  • Comments feed