Net Send problem
Hello Everybody! We disabled messenger service in our school so pranksters won't use them to disrupt computer classes. However, I found out a couple of machines yesterday which were able to use the net send command to message a teacher's pc.
Hello Everybody!
We disabled messenger service in our school so pranksters won't use them to disrupt computer classes. However, I found out a couple of machines yesterday which were able to use the net send command to message a teacher's pc. Those pc's messenger services were disabled (checked using mmc and net start), and nbtstat didn't show anything registered at [03]. So I'm naturally curious how this happend ;( . Any help is appreciated.
We disabled messenger service in our school so pranksters won't use them to disrupt computer classes. However, I found out a couple of machines yesterday which were able to use the net send command to message a teacher's pc. Those pc's messenger services were disabled (checked using mmc and net start), and nbtstat didn't show anything registered at [03]. So I'm naturally curious how this happend ;( . Any help is appreciated.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Quote:We disabled messenger service in our school so pranksters won't use them to disrupt computer classes. However, I found out a couple of machines yesterday which were able to use the net send command to message a teacher's pc. Those pc's messenger services were disabled (checked using mmc and net start), and nbtstat didn't show anything registered at [03].
netsvc \\machinename start messenger
net send Blah Blah
netsvc \\machinename stop messenger
Well thats only three lines of batch file code to get around that ... only issue is that it requires admin access to start a service ... has the admin account been compromised?
NET SEND uses NetBIOS, and the ports NetBIOS requires are 137, 138 and 139 ... either enable the firewall if you are using Windows XP or disable File and Printer Sharing
HTH
EDIT
I apologize, I misread your post and believed that you stopped the service and not disabled it. With that in mind, disregard the first half of my post.
Have you also considered using IPSEC policies to restrict the use of those ports and/or IPs?
netsvc \\machinename start messenger
net send Blah Blah
netsvc \\machinename stop messenger
Well thats only three lines of batch file code to get around that ... only issue is that it requires admin access to start a service ... has the admin account been compromised?
NET SEND uses NetBIOS, and the ports NetBIOS requires are 137, 138 and 139 ... either enable the firewall if you are using Windows XP or disable File and Printer Sharing
HTH
EDIT
I apologize, I misread your post and believed that you stopped the service and not disabled it. With that in mind, disregard the first half of my post.
Have you also considered using IPSEC policies to restrict the use of those ports and/or IPs?
Thanx for the advice, DS3Circuit.
To clarify, I was able to use net send with a student lab account.
I am not familiar with IPSec, but the teachers share a lot of teaching material on a server using file and print sharing, so I am not sure if restricting the netbios ports would also disable file and print sharing.
Oh, we are using win2k.
To clarify, I was able to use net send with a student lab account.
I am not familiar with IPSec, but the teachers share a lot of teaching material on a server using file and print sharing, so I am not sure if restricting the netbios ports would also disable file and print sharing.
Oh, we are using win2k.
Quote:the teachers share a lot of teaching material on a server using file and print sharing, so I am not sure if restricting the netbios ports would also disable file and print sharing.
As an addition, disabling/removing file and printer sharing from client workstation will not hinder their ability to retrieve files from a Print/File Server.
As an addition, disabling/removing file and printer sharing from client workstation will not hinder their ability to retrieve files from a Print/File Server.
