Messenger Service DoS - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Messenger Service DoS

  1. #11
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Tedob1 wrote:
    Schrodinger i wouldn't woryy about it in a corporate environment behind a firewall. fws block these messages from the internet.
    I disagree with this assessment: all it's gonna take is a new virus that infects just ONE machine on your LAN and it could spread to all other machines. Yes, the firewall will (and does) block any direct attempts from the Internet but you are still exposed inside due to user carelessness (re.; clicking or opening up attachment from unknown sender...that doesn't happen does it?! ).

    This service for the most part is useless and many agree should be disabled. The only use that we have seen in our corporate environment is print messages: after a document has printed a message gets sent to their workstations stating it has printed.

    We are developing a VB script which we will run, as a domain administrator, and remotely across the network stop and disable the Messenger service. Further, we're incorporating the disabling of this service in our standard build.

    If anyone is interested in this script PM me and I'll send it to you when it's done (we expect to be done with it in next day or so).

  2. #12
    Member
    Join Date
    Oct 2003
    Posts
    93
    Originally posted here by Tedob1
    Schrodinger i wouldn't woryy about it in a corporate environment behind a firewall. fws block these messages from the internet.
    You have more faith in our firewall than I do.

    I thought there was a feeling that relying on border security was dangerous, because securing the border rigorously is impossible. We have serious concerns about laptops, which we know are taken home, and connected to personal internet connections - probably completely unprotected. We suspect our last infection came in this way.

    phishphreek - you know this is so tempting. Just for the sheer hell of it. When I am starting a few days away.

  3. #13
    Junior Member
    Join Date
    Sep 2003
    Posts
    2
    you can use the name of a user currenlty logged in instead if ip or comp name.

    you can also disable it by typing at the dos prompt: net stop messenger

  4. #14
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    you know this is so tempting. Just for the sheer hell of it. When I am starting a few days away
    Use the ISS scanner utility: it puts a nasty popup on users screen telling them to patch. It's located at http://www.iss.net/support/product_utilities/ms03-043

    Have fun!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides