Security Basics mailing list archives
Re: Messenger service abuse (from inside the network)
From: Jimi Thompson <jimit () myrealbox com>
Date: Sat, 06 Dec 2003 14:26:05 -0600
I'd also suggest going to management and having them issue a policy with as many teeth as possible, preferably advocating firing the offender. Have HR make everyone read and sign. First violator gets smacked as hard as possible, again perferably fired. That should get the rest of them in line. Unfortunately, it's illegal to physically abuse id10T end users. Sounds draconian, but if they are creating a DOS situation on their own network, they aren't undeserving.
2 cents, Jimi Brad Arlt wrote:
On Wed, Dec 03, 2003 at 09:58:11PM +0200, Alexander Lukyanenko wrote:The problem is that the users abuse the Messenger service by sending some mischief over the network (furthermore, they even write batch files that repeatedly flood the domain with same text).Ahh... I remember doing the same thing in high school. Fond memories of mischief... You could use a network monitor or sniffer to tell which IP sent the message. Then you can use the IP to co-relate with users, and smack them around later. It doesn't stop this from happening, but it might provide accountablity. This could be really difficult to pull off with any credability with one common account. You might consider installing another software to accomplish the messaging, rather than using the default software. You could then disable the default messaging. And if your users don't have Administrator you could use the packet filter in XP/2K to only deny messages not from your admin server (or where ever you decide to send messages from). But I don't know if the default packet filter in XP/2K is flexable enough to handle such a task. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt () cpsc ucalgary ca University Of Calgary (_)/(_) Joyously Canadian Computer Science --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 03)
- Re: Messenger service abuse (from inside the network) InCisT (Dec 03)
- RE: Messenger service abuse (from inside the network) David Gillett (Dec 04)
- Re: Messenger service abuse (from inside the network) Brad Arlt (Dec 04)
- Re: Messenger service abuse (from inside the network) Jimi Thompson (Dec 08)
- RE: Messenger service abuse (from inside the network) Stephen McCauley (Dec 04)
- Re: Messenger service abuse (from inside the network) gregh (Dec 04)
- <Possible follow-ups>
- RE: Messenger service abuse (from inside the network) Shawn Jackson (Dec 04)
- Re[2]: Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 04)
- RE: Messenger service abuse (from inside the network) Zachary Mutrux (Dec 05)
- RE: Messenger service abuse (from inside the network) Mark Harris (Dec 09)
- RE: Messenger service abuse (from inside the network) Rod Trent (Dec 09)
- Re: Messenger service abuse (from inside the network) InCisT (Dec 03)
- RE: Messenger service abuse (from inside the network) Hunt, Jim (Dec 04)
- RE: Re[2]: Messenger service abuse (from inside the network) Shawn Jackson (Dec 04)
- Re[4]: Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 05)