15.1 Anonymous and Guest Login

Gather and study piles of SMB packet captures and you will notice that some SESSION SETUP requests contain no username and password at all. These are anonymous logins, and they are used to access special-purpose SMB shares such as the hidden " IPC$ " share (the I nter- P rocess C ommunications share). You can learn more about IPC$ in Part III on page 335. Put simply, though, this share allows one system to query another using RAP function calls.

Anonymous login may be a design artifact; something created in the days of Share Level security when it seemed safe to leave a share unprotected , and still with us today because it cannot easily be removed. Maybe not. One guess is as good as another.

"GUEST" account logons are also often sent sans password. The guest login is sometimes used in the same way as the anonymous login, but there are additional permissions which a guest account may have. Guest accounts are maintained like other "normal" accounts, so they can be a security problem and are commonly disabled. When SMB is doing its housekeeping, the anonymous login is generally preferred over the guest login.