Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?

From: Sap . (0xsapx0_at_gmail.com)
Date: 06/23/05

  • Next message: Jesse Weigert: "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
    Date: Thu, 23 Jun 2005 10:42:11 -0700
    To: kurt.buff@gmail.com
    
    

    The Messenger service can easily be used for flooding, and if the
    offending person was smart they would name their machine "-" for the
    flooding, then rename it back after the offense. Harder to track.
    ping - .... Damn
    Tracert - ... Damn
    nmap - ... Damn

    Get my drift?. There is a reason its turned off by default now....

    0xSaPx0

    On 6/23/05, Kurt Buff <kurt.buff@gmail.com> wrote:
    > michael.mailinglist@securityfocus.com wrote:
    > > At a previous company I worked for we had issues with employees using
    > > it to taunt each other. Since the only audit trail is in the local
    > > machine's event logs, it is very difficult to keep track of who is
    > > abusing the service. We ended up disabling the service company wide.
    > >
    >
    > However, the local machine event log entry *does* the NetBIOS name of
    > the sending machine, making it easy to track that, at least. Given only
    > minor sleuthing (and a lack of poorly configured multi-user machines),
    > tracking who did what when, in this case, is pretty simple.
    >
    > Kurt
    >
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------
    >
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Jesse Weigert: "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"