RE: Messenger service abuse (from inside the network)

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 12/04/03

  • Next message: dmacleo_at_upsource.ca: "RE: Scan Tool Question" 
    To: "'InCisT'" <InCisT@popsikle.net>, "'Alexander Lukyanenko'" <sashman@ua.fm>
Date: Wed, 3 Dec 2003 17:20:10 -0800

      If workstation A sends a message to workstation B, and
    workstation B must be able to receive legitimate messages,
    then there is no "server side" where it can be blocked,
    and turning off the service on B is not an option.

    David Gillett

    > -----Original Message-----
    > From: InCisT [mailto:InCisT@popsikle.net]
    > Sent: December 3, 2003 14:27
    > To: Alexander Lukyanenko
    > Cc: security-basics@securityfocus.com
    > Subject: Re: Messenger service abuse (from inside the network)
    >
    >
    > Alexander Lukyanenko wrote:
    >
    > > -----BEGIN PGP SIGNED MESSAGE-----
    > > Hash: SHA1
    > >
    > > Hello list.
    > > I administer a high school network running W2K Pro in an Active
    > > Directory domain.
    > >
    > > The problem is that the users abuse the Messenger service by sending
    > > some mischief over the network (furthermore, they even write batch
    > > files that repeatedly flood the domain with same text).
    > > Is there a way to prevent this, except by changing net.exe's
    > > ACL on all machines (or beating the offenders after classes :)?
    > > Stopping Messenger service on the workstations is not a
    > solution, as it
    > > is used for sending various administrative messages.
    > > All students share a common AD account (it would be cumbersome to
    > > maintain 300+ user accounts, as most of them use the PCs for short
    > > periods only).
    >
    > Block the port either on serverside or issue a site wide
    > policy to turn
    > off messenger service.
    >
    > InCisT
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > --------------
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: dmacleo_at_upsource.ca: "RE: Scan Tool Question"

    Relevant Pages

    • Re: Netdiag NetBT test
      ... The workstation service is running, ... > messenger service is not. ... The WINS server is 2k. ... >>> entry for that server. ...
      (microsoft.public.windows.server.networking)
    • Windows Server 2003 Standard and Fax Receipt
      ... Setup a Windows Server 2003 Standard server from scratch and an XP Pro ... Both computers are setup in a workgroup ... enabled pop up receipts and enabled the messenger service. ... workstation I created a newtork printer which maps to the shared fax ...
      (microsoft.public.windows.server.general)
    • Re: Netdiag NetBT test
      ... The workstation service is running, ... messenger service is not. ... The WINS server is 2k. ... >> entry for that server. ...
      (microsoft.public.windows.server.networking)
    • Re: Netdiag NetBT test
      ... check that Netbios over TCP/IP is enabled on the interface. ... check that the workstation and/or messenger service ... The WINS server is 2k. ...
      (microsoft.public.windows.server.networking)
    • RE: Net Send between XP Pro SP3 and Server 2003 R2
      ... OK, if I enable File and Printer Sharing in XP firewall, it works fine. ... those port numbers instead of enabling File and Printer Sharing? ... not able to net send from the server to the workstation. ... The Messenger service is started on both computers. ...
      (microsoft.public.windows.server.networking)