Home page logo

basics logo Security Basics mailing list archives

RE: Messenger service abuse (from inside the network)
From: "Mark Harris" <mharris () aspacesolutions com>
Date: Tue, 9 Dec 2003 10:25:27 -0000

I believe Yahoo do a supposedly 'secure' mesesenger service. It being off
the main track of Microsoft may mean it will be less open to attack (but we
all know that may not be correct ;-)

Have not looked into this myself, but am checking into this for my own
comapny, any feedback welcome.


Mark Harris, CISSP

ASPACE Solutions - Securing your multi-channel business
T: +44 (0)20 7744 6248
M: +44 (0)7793 047 875
Website www.aspacesolutions.com

Three Tuns House
109 Borough High Street
London SE1 1NL

-----Original Message-----
From: Zachary Mutrux [mailto:zmutrux () compumentor org]
Sent: 05 December 2003 17:13
To: Security-Basics
Subject: RE: Messenger service abuse (from inside the network)

Like Shawn said, use NTFS permissions to deny access to the net.exe program,
to anyone but system and whatever groups should have authorized access. No
need to visit each computer individually, these settings can be assigned via
group policy.

However, this won't stop someone from bringing his own copy of net.exe in on
a floppy or downloaded from the Internet.

Does anyone know of a good replacement for the Messenger service? I would be
particularly interested in a cross-platform (Mac/PC) solution. Or something
that will let the Mac receive notes sent via the Messenger service. Maybe
that should be a separate thread.

If the students' computers aren't already on their own separate network,
that might be a place to start. Then their Messenger hijinks won't affect
computers used by teachers and administration.

I like the idea of being able to block messenger traffic with a packet
filter, but where would this be implemented? Not on the firewall, not on the
server. It would have to be implemented on all the workstations. Is there a
way to do that in W2K Pro? A managed personal firewall might work, but the
administrative overhead is too high to justify, just to stop this problem.


-----Original Message-----
From: Shawn Jackson [mailto:sjackson () horizonusa com]
Sent: Wednesday, December 03, 2003 4:48 PM
To: Alexander Lukyanenko; security-basics () securityfocus com
Subject: RE: Messenger service abuse (from inside the network)

      Just ACL the net command to SYSTEM, DOMAIN ADMINS, etc. Make
sure you got everything locked down on the system (gpedit.msc). Also
make sure they aren't installing any software for messenger spamming.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]