9.8 Share Enumerators

File sharing is a major benefit of client/server networking. A major risk in file sharing arises when a node or server is improperly configured and data are exposed to unauthorized access. Share enumerators are software programs that can scan a Windows subnet for open file shares. Open file shares are directories on a Windows network that are made available to users for public browsing. Exploiting open file shares is a method used by some Internet Trojans and viruses to transmit and infect users. Others users on the Internet may be able to view or use files on the host computer. The computer could be used for distributing files (e.g., music and video) using peer-to-peer file-sharing programs. Windows open file shares provide anyone with public or domain-level access the ability to see the share, access it, and obtain data from it. Legion 2.1 is a popular freeware program that quickly scans a Windows subnet and lists all open file shares. An auditor or hacker can use Legion to quickly determine what file shares are available for access on a network. A common open file share attack methodology is to access another computer's Windows registry remotely and redefine the properties of a file share to allow root-level access. After a system reboot, the file share still appears the same to the unsuspecting victim. When a hacker browses the share, it allows him or her to view the entire contents of the root drive. If a node on the wireless segment has open file shares, those shares are exposed to any intruder who has gained access to the wireless network. Once file shares are located on the network, even those shares whose settings are not public can be cracked or their properties can be changed to allow further access.