Security Basics mailing list archives

RE: Messenger service abuse (from inside the network)

From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Wed, 3 Dec 2003 16:47:55 -0800


        One account for all those students...*wimper*. You just angered
the Audit gods! I assume they are using the net command for it:

        net SEND /DOMAIN:YOURDOMAIN I-Hax0r-U

        Just ACL the net command to SYSTEM, DOMAIN ADMINS, etc. Make
sure you got everything locked down on the system (gpedit.msc). Also
make sure they aren't installing any software for messenger spamming.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: Alexander Lukyanenko [mailto:sashman () ua fm] 
Sent: Wednesday, December 03, 2003 11:58 AM
To: security-basics () securityfocus com
Subject: Messenger service abuse (from inside the network)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list.
I administer a high school network running W2K Pro in an Active
Directory domain.

The problem is that the users abuse the Messenger service by sending
some mischief over the network (furthermore, they even write batch
files that repeatedly flood the domain with same text).
Is there a way to prevent this, except by changing net.exe's
ACL on all machines (or beating the offenders after classes :)?
Stopping Messenger service on the workstations is not a solution, as it
is used for sending various administrative messages.
All students share a common AD account (it would be cumbersome to
maintain 300+ user accounts, as most of them use the PCs for short
periods only).

Best regards
* * * * * * * * * * * * * * *
* Alexander V. Lukyanenko   *
* ma1lt0: sashman ua fm     *
* ICQ#  : 86195208          *
* Phone : +380 44 458 07 23 *
* OpenPGP key ID: 75EC057C  *
* NIC   : SASH4-UANIC       *
* * * * * * * * * * * * * * *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQE/zkBXlz+8e3XsBXwRAi/VAKCTyRlRA4iAQY6Opbk0w1jYypvYNACdFaUR
kUWN82Zu6d+xu0bMpfQ2GlM=
=cpq+
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 03)
- Re: Messenger service abuse (from inside the network) InCisT (Dec 03)
  - RE: Messenger service abuse (from inside the network) David Gillett (Dec 04)
- Re: Messenger service abuse (from inside the network) Brad Arlt (Dec 04)
  - Re: Messenger service abuse (from inside the network) Jimi Thompson (Dec 08)
- RE: Messenger service abuse (from inside the network) Stephen McCauley (Dec 04)
- Re: Messenger service abuse (from inside the network) gregh (Dec 04)
- <Possible follow-ups>
- RE: Messenger service abuse (from inside the network) Shawn Jackson (Dec 04)
  - Re[2]: Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 04)
  - RE: Messenger service abuse (from inside the network) Zachary Mutrux (Dec 05)
    - RE: Messenger service abuse (from inside the network) Mark Harris (Dec 09)
    - RE: Messenger service abuse (from inside the network) Rod Trent (Dec 09)
- RE: Messenger service abuse (from inside the network) Hunt, Jim (Dec 04)
- RE: Re[2]: Messenger service abuse (from inside the network) Shawn Jackson (Dec 04)
  - Re[4]: Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 05)
- RE: Messenger service abuse (from inside the network) Nero, Nick (Dec 04)
- RE: Messenger service abuse (from inside the network) Camp, Mr Tony J. (Dec 05)
  - Re[2]: Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 05)

(Thread continues...)