Home page logo
/

basics logo Security Basics mailing list archives

RE: Messenger service abuse (from inside the network)
From: "Zachary Mutrux" <zmutrux () compumentor org>
Date: Fri, 5 Dec 2003 09:12:48 -0800

Like Shawn said, use NTFS permissions to deny access to the net.exe program,
to anyone but system and whatever groups should have authorized access. No
need to visit each computer individually, these settings can be assigned via
group policy.

However, this won't stop someone from bringing his own copy of net.exe in on
a floppy or downloaded from the Internet.

Does anyone know of a good replacement for the Messenger service? I would be
particularly interested in a cross-platform (Mac/PC) solution. Or something
that will let the Mac receive notes sent via the Messenger service. Maybe
that should be a separate thread.

If the students' computers aren't already on their own separate network,
that might be a place to start. Then their Messenger hijinks won't affect
computers used by teachers and administration.

I like the idea of being able to block messenger traffic with a packet
filter, but where would this be implemented? Not on the firewall, not on the
server. It would have to be implemented on all the workstations. Is there a
way to do that in W2K Pro? A managed personal firewall might work, but the
administrative overhead is too high to justify, just to stop this problem.

zm

-----Original Message-----
From: Shawn Jackson [mailto:sjackson () horizonusa com]
Sent: Wednesday, December 03, 2003 4:48 PM
To: Alexander Lukyanenko; security-basics () securityfocus com
Subject: RE: Messenger service abuse (from inside the network)


      Just ACL the net command to SYSTEM, DOMAIN ADMINS, etc. Make
sure you got everything locked down on the system (gpedit.msc). Also
make sure they aren't installing any software for messenger spamming.


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault