Home page logo
/

basics logo Security Basics mailing list archives

RE: Messenger service abuse (from inside the network)
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 3 Dec 2003 17:20:10 -0800

  If workstation A sends a message to workstation B, and
workstation B must be able to receive legitimate messages, 
then there is no "server side" where it can be blocked, 
and turning off the service on B is not an option.

David Gillett


-----Original Message-----
From: InCisT [mailto:InCisT () popsikle net]
Sent: December 3, 2003 14:27
To: Alexander Lukyanenko
Cc: security-basics () securityfocus com
Subject: Re: Messenger service abuse (from inside the network)


Alexander Lukyanenko wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list.
I administer a high school network running W2K Pro in an Active
Directory domain.

The problem is that the users abuse the Messenger service by sending
some mischief over the network (furthermore, they even write batch
files that repeatedly flood the domain with same text).
Is there a way to prevent this, except by changing net.exe's
ACL on all machines (or beating the offenders after classes :)?
Stopping Messenger service on the workstations is not a 
solution, as it
is used for sending various administrative messages.
All students share a common AD account (it would be cumbersome to
maintain 300+ user accounts, as most of them use the PCs for short
periods only).

Block the port either on serverside or issue a site wide 
policy to turn 
off messenger service.

InCisT


--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]