Re: Messenger service abuse (from inside the network)

From: Brad Arlt (
Date: 12/04/03

  • Next message: Alex Pimperton: "FW: Identifying a computer"
    Date: Wed, 3 Dec 2003 16:23:15 -0700
    To: Alexander Lukyanenko <>

    On Wed, Dec 03, 2003 at 09:58:11PM +0200, Alexander Lukyanenko wrote:
    > The problem is that the users abuse the Messenger service by sending
    > some mischief over the network (furthermore, they even write batch
    > files that repeatedly flood the domain with same text).

    Ahh... I remember doing the same thing in high school. Fond memories
    of mischief...

    You could use a network monitor or sniffer to tell which IP sent the
    message. Then you can use the IP to co-relate with users, and smack
    them around later. It doesn't stop this from happening, but it might
    provide accountablity.

    This could be really difficult to pull off with any credability with
    one common account.

    You might consider installing another software to accomplish the
    messaging, rather than using the default software. You could then
    disable the default messaging.

    And if your users don't have Administrator you could use the packet
    filter in XP/2K to only deny messages not from your admin server (or
    where ever you decide to send messages from). But I don't know if the
    default packet filter in XP/2K is flexable enough to handle such a
       __o Bradley Arlt Security Team Lead
     _ \<_ University Of Calgary
    (_)/(_) Joyously Canadian Computer Science


  • Next message: Alex Pimperton: "FW: Identifying a computer"