RE: Messenger service abuse (from inside the network)

["David Gillett" <gillettdavid () fhda edu>]

  If workstation A sends a message to workstation B, and
workstation B must be able to receive legitimate messages, 
then there is no "server side" where it can be blocked, 
and turning off the service on B is not an option.

David Gillett


> -----Original Message-----
> From: InCisT [mailto:InCisT () popsikle net]
> Sent: December 3, 2003 14:27
> To: Alexander Lukyanenko
> Cc: security-basics () securityfocus com
> Subject: Re: Messenger service abuse (from inside the network)
>
>
> Alexander Lukyanenko wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello list.
> > I administer a high school network running W2K Pro in an Active
> > Directory domain.
> >
> > The problem is that the users abuse the Messenger service by sending
> > some mischief over the network (furthermore, they even write batch
> > files that repeatedly flood the domain with same text).
> > Is there a way to prevent this, except by changing net.exe's
> > ACL on all machines (or beating the offenders after classes :)?
> > Stopping Messenger service on the workstations is not a 
> solution, as it
> > is used for sending various administrative messages.
> > All students share a common AD account (it would be cumbersome to
> > maintain 300+ user accounts, as most of them use the PCs for short
> > periods only).
>
> Block the port either on serverside or issue a site wide 
> policy to turn 
> off messenger service.
>
> InCisT
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------