Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?
From: Sap . (0xsapx0_at_gmail.com)
Date: 06/23/05
- Previous message: Nick Duda: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- In reply to: Kurt Buff: "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Jun 2005 10:42:11 -0700 To: kurt.buff@gmail.com
The Messenger service can easily be used for flooding, and if the
offending person was smart they would name their machine "-" for the
flooding, then rename it back after the offense. Harder to track.
ping - .... Damn
Tracert - ... Damn
nmap - ... Damn
Get my drift?. There is a reason its turned off by default now....
0xSaPx0
On 6/23/05, Kurt Buff <kurt.buff@gmail.com> wrote:
> michael.mailinglist@securityfocus.com wrote:
> > At a previous company I worked for we had issues with employees using
> > it to taunt each other. Since the only audit trail is in the local
> > machine's event logs, it is very difficult to keep track of who is
> > abusing the service. We ended up disabling the service company wide.
> >
>
> However, the local machine event log entry *does* the NetBIOS name of
> the sending machine, making it easy to track that, at least. Given only
> minor sleuthing (and a lack of poorly configured multi-user machines),
> tracking who did what when, in this case, is pretty simple.
>
> Kurt
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
