File sharing in Windows XP is really quite easy. All you need to do is just right click on a folder and select Share. The folder will be instantly shared but without requiring any login credentials. Easy but dangerous because most of the time users are careless and forget to unshare the shared folders, leaving anyone on the same internal network to see what you have shared, fine only if everyone on the network is trusted. When it comes to Vista and Windows 7, the default file sharing security has been strengthened somewhat allowing the sharer to select who they want to share the file with.
For an IT security personnel, it is important to periodically scan the network for any open file shares to prevent the users from accidentally leaking out any sensitive company information. I personally have been using either Angry IP Scanner or SoftPerfect Network Scanner to do that. They are free, portable and are really fast in scanning the whole subnet for any open shares. Recently another tool was brought to my attention that does a similar thing and it’s called ShareScan, developed by security company McAfee.
The scan options available in ShareScan are:
1. Use credentials
Instead of using your current credentials, you can manually specify another username, password and domain.
2. Randomize scan order
This option randomizes the order in which IP addresses are chosen from the list when scanning.
3. Ping before checking
Pinging the computer first before checking might seem to be a good idea but it’s not fool proof since Ping replies can be blocked to pretend that the computer is offline/turned off. A number of software firewalls will have ping blocking or hiding on by default. This option is disable by default because of a better method at point number 4.
4. Test for open port 445 before checking
TCP Port 445 is used among other things for file sharing in Windows NT/2000/XP/Vista/7. File sharing would only work if TCP port 445 is open.
5. Show all systems
This option will show the all systems regardless of whether they have any open shares or not. Useful to check how many computers are connected to the network.
6. Resolve IP address to names
Shows computer and NETBIOS names of the scanned computers.
The scan results can be saved to a nicely format HTML file or other formats such as TXT, CSV, or XML. As useful as this tool is for a network administrator, it can also be used by anyone to scan for any open shares in public network to steal files that are openly shared.