-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would like to add that there is malware which does just this. Which
is why sometimes even blocking the service at the firewall doesn't stop
the messenger spam.
Nick Duda wrote:
| FYI, It's very easy to write a short VB app that:
|
| A. doesn't record net sends to event viewer
| B. can spoof the sending name of the computer (NetBIOS)
|
| - Nick
|
| -----Original Message-----
| From: Kurt Buff [mailto:kurt.buff@gmail.com]
| Sent: Thursday, June 23, 2005 12:58 PM
| To: michael.mailinglist@securityfocus.com; at
| Cc: focus-ms@securityfocus.com
| Subject: Re: Using Messenger Service for 'Net Send' Functionality ---
| Dangerous?Why?
|
| michael.mailinglist@securityfocus.com wrote:
|
|>At a previous company I worked for we had issues with employees using
|>it to taunt each other. Since the only audit trail is in the local
|>machine's event logs, it is very difficult to keep track of who is
|>abusing the service. We ended up disabling the service company wide.
|>
|
|
| However, the local machine event log entry *does* the NetBIOS name of
| the sending machine, making it easy to track that, at least. Given only
| minor sleuthing (and a lack of poorly configured multi-user machines),
| tracking who did what when, in this case, is pretty simple.
|
| Kurt
|
| ------------------------------------------------------------------------
| ---
| ------------------------------------------------------------------------
| ---
|
|
|
|
|
-
---------------------------------------------------------------------------
|
-
---------------------------------------------------------------------------
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
iD8DBQFCu374Y5IVgI4AZMERAidiAJ9m6tQCGx+SZCh1Ik3n+a42xWPBggCbB1Rn
zvR73Q+l4EVpMyxEVe6pY7A=
=Na9K
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
---------------------------------------------------------------------------
