Re[2]: Messenger service abuse (from inside the network)

From: Alexander Lukyanenko (sashman_at_ua.fm)
Date: 12/04/03

Next message: Meritt James: "CSI/FBI Survey"

Previous message: Fahr, Sam_at_HHSDC-SFIS: "RE: Ad-aware"
In reply to: Shawn Jackson: "RE: Messenger service abuse (from inside the network)"
Next in thread: Shawn Jackson: "RE: Re[2]: Messenger service abuse (from inside the network)"
Maybe reply: Shawn Jackson: "RE: Re[2]: Messenger service abuse (from inside the network)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 5 Dec 2003 00:34:32 +0200
To: "Shawn Jackson" <sjackson@horizonusa.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Shawn et al.
Thank you all for the responces...

SJ> One account for all those students...*wimper*.
300+students' accounts for a 10-boxen domain powered by one wimpy
Cel 1200 would kill the poor server's storage.
It works fine, even when there's Unreal running at the DC %)
Don't tell me about redundancy, they'll wait for logon for some 10
minutes if the DC is down. :) The AD domain is mostly for fun there,
no time-critical stuff, just a playground to learn some administration
basics without doing any real harm if something goes wrong.

SJ> You just angered
SJ> the Audit gods! I assume they are using the net command for it:
SJ> net SEND /DOMAIN:YOURDOMAIN I-Hax0r-U
they {abusers} make it even simpler:
net send * foobar

SJ> Just ACL the net command to SYSTEM, DOMAIN ADMINS, etc. Make
SJ> sure you got everything locked down on the system (gpedit.msc). Also
SJ> make sure they aren't installing any software for messenger spamming.
Don't worry, everything is GP'ed to the `minimum working' state, they
can't write even to the HKCU, not to mention that they can't control
services, install programs etc, but the messenger service (or an analogue)
is still needed... Pro'lly I'll have to write one myself (won't be
hard, as I have a remote administration project at rced.sf.net,
currently in a neglected state).

SJ> Shawn Jackson
SJ> Systems Administrator
SJ> Horizon USA
SJ> 1190 Trademark Dr #107
SJ> Reno NV 89521
SJ> www.horizonusa.com

SJ> Email: sjackson@horizonusa.com
SJ> Phone: (775) 858-2338
SJ> (800) 325-1199 x338

SJ> -----Original Message-----
SJ> From: Alexander Lukyanenko [mailto:sashman@ua.fm]
SJ> Sent: Wednesday, December 03, 2003 11:58 AM
SJ> To: security-basics@securityfocus.com
SJ> Subject: Messenger service abuse (from inside the network)

SJ> -----BEGIN PGP SIGNED MESSAGE-----
SJ> Hash: SHA1

SJ> Hello list.
SJ> I administer a high school network running W2K Pro in an Active
SJ> Directory domain.

SJ> The problem is that the users abuse the Messenger service by sending
SJ> some mischief over the network (furthermore, they even write batch
SJ> files that repeatedly flood the domain with same text).
SJ> Is there a way to prevent this, except by changing net.exe's
SJ> ACL on all machines (or beating the offenders after classes :)?
SJ> Stopping Messenger service on the workstations is not a solution, as it
SJ> is used for sending various administrative messages.
SJ> All students share a common AD account (it would be cumbersome to
SJ> maintain 300+ user accounts, as most of them use the PCs for short
SJ> periods only).

SJ> Best regards
SJ> * * * * * * * * * * * * * * *
SJ> * Alexander V. Lukyanenko *
SJ> * ma1lt0: sashman ua fm *
SJ> * ICQ# : 86195208 *
SJ> * Phone : +380 44 458 07 23 *
SJ> * OpenPGP key ID: 75EC057C *
SJ> * NIC : SASH4-UANIC *
SJ> * * * * * * * * * * * * * * *
SJ> -----BEGIN PGP SIGNATURE-----
SJ> Version: GnuPG v1.2.3 (MingW32)

SJ> iD8DBQE/zkBXlz+8e3XsBXwRAi/VAKCTyRlRA4iAQY6Opbk0w1jYypvYNACdFaUR
SJ> kUWN82Zu6d+xu0bMpfQ2GlM=
SJ> =cpq+
SJ> -----END PGP SIGNATURE-----

SJ> ------------------------------------------------------------------------
SJ> ---
SJ> ------------------------------------------------------------------------
SJ> ----
* * * * * * * * * * * * * * *
* Alexander V. Lukyanenko *
* ma1lt0: sashman ua fm *
* ICQ# : 86195208 *
* Phone : +380 44 458 07 23 *
* OpenPGP key ID: 75EC057C *
* NIC : SASH4-UANIC *
* * * * * * * * * * * * * * *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQE/z7Z+lz+8e3XsBXwRAhY/AKCZUzDvp++YLs9LlXgeyT3UJTfoJwCeMCRb
UxS9Rpu3NqOX0lI53PJ2mkE=
=r2wC
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Meritt James: "CSI/FBI Survey"

Previous message: Fahr, Sam_at_HHSDC-SFIS: "RE: Ad-aware"
In reply to: Shawn Jackson: "RE: Messenger service abuse (from inside the network)"
Next in thread: Shawn Jackson: "RE: Re[2]: Messenger service abuse (from inside the network)"
Maybe reply: Shawn Jackson: "RE: Re[2]: Messenger service abuse (from inside the network)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Hillary Catches Yet Another Republican lying
... Experts expect that private accounts would yield a real ... In regard to future rate of return for equities, ... administered system patterned after the government employees TSP ... Security Administration to invest in equities if you're willing to ...
(sci.econ)
Re: Administrator accounts
... Accounts used for purely administrative purposes do not require CALs. ... I had it in my mind somhow that you were allowed 2 distinct 'admin' user ... accounts for purely administration duties like patching etc. ...
(microsoft.public.windows.server.sbs)
Re: Script help
... Network administration is always a ... > shared on a server somewhere on campus, then yes, individual accounts are ... >> those trying to save files on workstations. ...
(microsoft.public.windows.server.scripting)
Re: Administrator accounts
... I had it in my mind somhow that you were allowed 2 distinct 'admin' user ... accounts for purely administration duties like patching etc. ...
(microsoft.public.windows.server.sbs)