From: Chris Robinson 

Thanks for the pointers anyway - it's all useful info.  Even if someone
wasn't a domain
member, they could still get to the share bacause I set it to
"Everyone" full controll
rather than "Domain Users" full controll.

Chris.

John Beckett wrote:

> Chris Robinson  wrote in message
> news::
> > Yeh, I'll add some of these things I think - thanks.  Surely though, a
virus that
> > propogated via network shares would go to a PC even if the Guest account
was
> > dissabled.  If the PC that sends it the virus is logged onto our network
then
> > that PC has full access to this share - so it would write to it... wouldn't
it?
>
> Yes, I see what you mean. If the virus were running in the context of the
> current user (which is likely), then the virus would have whatever network
> access the user has. If the user has write access to your share, then so
> would the virus.
>
> I was thinking of a more general arrangement. For example, someone
> connects a home laptop to the network. Laptop is not a member of the
> domain. A virus is resident in the laptop, and it starts scanning your
> network for open shares. It is likely then that the virus would not be
> using a username/password recognised by your honeypot, and so the virus
> would simply be refused access.
>
> John

--- BBBS/NT v4.01 Flag-4