From: "Geo." 

It would most likely do that if it were a mapped share, with just a share
on some machine on the network a lot of the virus won't even know it's
there let alone try using the current login on it (usually the ones that
search empty space assume they are searching the internet).

Geo.

"Chris Robinson"  wrote in
message news:3F0062BF.92FB3FA0{at}NOSPAMtotalise.co.uk...
> Yeh, I'll add some of these things I think - thanks.  Surely though, a
virus that
> propogated via network shares would go to a PC even if the Guest account
was
> dissabled.  If the PC that sends it the virus is logged onto our network
then
> that PC has full access to this share - so it would write to it...
wouldn't it?
>
> Chris.
>
> John Beckett wrote:
>
> > Chris Robinson  wrote in message
> > news::
> > >  I just wanted to set something up with an open share so I know if
anything
> > > like this happens again.
> >
> > Yes, but on NT4, if you don't enable Guest with a blank password, then
if
> > there is a network-share-probing virus, your honeypot will probably NOT
> > detect it. These kinds of viruses are pretty primitive so far. They are
> > looking for shares that can be written by an anonymous (Guest) user, or
by
> > Administrator with one of a limited number of guessed passwords (e.g.
> > "admin" or "password").
> >
> > Probably a more scientific approach would be to run Snort (which detects
> > any suspicious network activity), or enable auditing on your NT machine.
> > Log failed logon attempts and failed write attempts to the shared
folder.
> >
> > Attempts to access the share with an unknown user or incorrect password
> > would appear in the Security log of Event Viewer.
> >
> > John
>

--- BBBS/NT v4.01 Flag-4