From: John Beckett 

Chris Robinson  wrote in message
news::
> Yeh, I'll add some of these things I think - thanks.  Surely though, a virus
that
> propogated via network shares would go to a PC even if the Guest account was
> dissabled.  If the PC that sends it the virus is logged onto our network then
> that PC has full access to this share - so it would write to it... wouldn't
it?

Yes, I see what you mean. If the virus were running in the context of the
current user (which is likely), then the virus would have whatever network
access the user has. If the user has write access to your share, then so
would the virus.

I was thinking of a more general arrangement. For example, someone connects
a home laptop to the network. Laptop is not a member of the domain. A virus
is resident in the laptop, and it starts scanning your network for open
shares. It is likely then that the virus would not be using a
username/password recognised by your honeypot, and so the virus would
simply be refused access.

John

--- BBBS/NT v4.01 Flag-4