Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?

From: Kurt Buff (kurt.buff_at_gmail.com)
Date: 06/24/05

  • Next message: Thor (Hammer of God): "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?" 
    Date: Fri, 24 Jun 2005 10:48:06 -0700
To: focus-ms@securityfocus.com

    Nick Duda wrote:
    | -----Original Message-----
    | From: Kurt Buff [mailto:kurt.buff@gmail.com]
    | Sent: Thursday, June 23, 2005 12:58 PM
    | To: michael.mailinglist@securityfocus.com; at
    | Cc: focus-ms@securityfocus.com
    | Subject: Re: Using Messenger Service for 'Net Send' Functionality ---
    | Dangerous?Why?
    |
    | michael.mailinglist@securityfocus.com wrote:
    |
    |>At a previous company I worked for we had issues with employees using
    |>it to taunt each other. Since the only audit trail is in the local
    |>machine's event logs, it is very difficult to keep track of who is
    |>abusing the service. We ended up disabling the service company wide.
    |>
    |
    |
    | However, the local machine event log entry *does* the NetBIOS name of
    | the sending machine, making it easy to track that, at least. Given only
    | minor sleuthing (and a lack of poorly configured multi-user machines),
    | tracking who did what when, in this case, is pretty simple.
    |
    | Kurt
    |
    | FYI, It's very easy to write a short VB app that:
    |
    | A. doesn't record net sends to event viewer
    | B. can spoof the sending name of the computer (NetBIOS)
    |
    | - Nick

    True, but then you're no longer using the Net Send command.

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Thor (Hammer of God): "Re: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"