Security Basics mailing list archives
RE: Messenger service abuse (from inside the network)
From: "Nero, Nick" <Nick.Nero () disney com>
Date: Thu, 4 Dec 2003 16:07:08 -0500
I recently had to head this one off too. With a GPO simply disable the service as part of a machine policy. Also, apply perms to that registry key so that it takes an Admin to reactivate the service. Even disabling it should work though. Cause even if someone re-enables it, the policy will update and disable it again. I just did that to 1000 servers to head off the Messenger service bug last month. -----Original Message----- From: Stephen McCauley [mailto:smccauley () cox net] Sent: Wednesday, December 03, 2003 7:17 PM To: 'Alexander Lukyanenko'; security-basics () securityfocus com Subject: RE: Messenger service abuse (from inside the network) Use a GPO and remove the run line and command prompt options from them. If they can't get there, they can't use it. Stephen McCauley -----Original Message----- From: Alexander Lukyanenko [mailto:sashman () ua fm] Sent: Wednesday, December 03, 2003 11:58 AM To: security-basics () securityfocus com Subject: Messenger service abuse (from inside the network) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello list. I administer a high school network running W2K Pro in an Active Directory domain. The problem is that the users abuse the Messenger service by sending some mischief over the network (furthermore, they even write batch files that repeatedly flood the domain with same text). Is there a way to prevent this, except by changing net.exe's ACL on all machines (or beating the offenders after classes :)? Stopping Messenger service on the workstations is not a solution, as it is used for sending various administrative messages. All students share a common AD account (it would be cumbersome to maintain 300+ user accounts, as most of them use the PCs for short periods only). Best regards * * * * * * * * * * * * * * * * Alexander V. Lukyanenko * * ma1lt0: sashman ua fm * * ICQ# : 86195208 * * Phone : +380 44 458 07 23 * * OpenPGP key ID: 75EC057C * * NIC : SASH4-UANIC * * * * * * * * * * * * * * * * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQE/zkBXlz+8e3XsBXwRAi/VAKCTyRlRA4iAQY6Opbk0w1jYypvYNACdFaUR kUWN82Zu6d+xu0bMpfQ2GlM= =cpq+ -----END PGP SIGNATURE----- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Messenger service abuse (from inside the network), (continued)
- RE: Messenger service abuse (from inside the network) Stephen McCauley (Dec 04)
- Re: Messenger service abuse (from inside the network) gregh (Dec 04)
- RE: Messenger service abuse (from inside the network) Shawn Jackson (Dec 04)
- Re[2]: Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 04)
- RE: Messenger service abuse (from inside the network) Zachary Mutrux (Dec 05)
- RE: Messenger service abuse (from inside the network) Mark Harris (Dec 09)
- RE: Messenger service abuse (from inside the network) Rod Trent (Dec 09)
- RE: Messenger service abuse (from inside the network) Hunt, Jim (Dec 04)
- RE: Re[2]: Messenger service abuse (from inside the network) Shawn Jackson (Dec 04)
- Re[4]: Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 05)
- RE: Messenger service abuse (from inside the network) Nero, Nick (Dec 04)
- RE: Messenger service abuse (from inside the network) Camp, Mr Tony J. (Dec 05)
- Re[2]: Messenger service abuse (from inside the network) Alexander Lukyanenko (Dec 05)
- RE: Messenger service abuse (from inside the network) Shawn Jackson (Dec 05)
- RE: Messenger service abuse (from inside the network) Day, David (Dec 08)