Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?
From: Jesse Weigert (weigert_at_gravitec.com)
Date: 06/24/05
- Previous message: Sap .: "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?"
- In reply to: Nick Duda: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Next in thread: Kurt Buff: "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Maybe reply: Kurt Buff: "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Reply: Thor (Hammer of God): "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Jun 2005 20:33:27 -0700 To: Nick Duda <nduda@VistaPrint.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would like to add that there is malware which does just this. Which
is why sometimes even blocking the service at the firewall doesn't stop
the messenger spam.
Nick Duda wrote:
| FYI, It's very easy to write a short VB app that:
|
| A. doesn't record net sends to event viewer
| B. can spoof the sending name of the computer (NetBIOS)
|
| - Nick
|
| -----Original Message-----
| From: Kurt Buff [mailto:kurt.buff@gmail.com]
| Sent: Thursday, June 23, 2005 12:58 PM
| To: michael.mailinglist@securityfocus.com; at
| Cc: focus-ms@securityfocus.com
| Subject: Re: Using Messenger Service for 'Net Send' Functionality ---
| Dangerous?Why?
|
| michael.mailinglist@securityfocus.com wrote:
|
|>At a previous company I worked for we had issues with employees using
|>it to taunt each other. Since the only audit trail is in the local
|>machine's event logs, it is very difficult to keep track of who is
|>abusing the service. We ended up disabling the service company wide.
|>
|
|
| However, the local machine event log entry *does* the NetBIOS name of
| the sending machine, making it easy to track that, at least. Given only
| minor sleuthing (and a lack of poorly configured multi-user machines),
| tracking who did what when, in this case, is pretty simple.
|
| Kurt
|
| ------------------------------------------------------------------------
| ---
| ------------------------------------------------------------------------
| ---
|
|
|
|
|
-
---------------------------------------------------------------------------
|
-
---------------------------------------------------------------------------
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
iD8DBQFCu374Y5IVgI4AZMERAidiAJ9m6tQCGx+SZCh1Ik3n+a42xWPBggCbB1Rn
zvR73Q+l4EVpMyxEVe6pY7A=
=Na9K
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Sap .: "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous? Why?"
- In reply to: Nick Duda: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Next in thread: Kurt Buff: "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Maybe reply: Kurt Buff: "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Reply: Thor (Hammer of God): "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
