Messenger Question

[Mike Trozzo]

I'm well aware of all the Messenger spam, and have disabled the Messenger
service on my network. Is it possible with, say, a GPO, to allow NET SEND
messages only to and from machines on the local network, or should I let the
software firewall (Zone Alarm) handle it?

Thanks,
Mike

 

[Bruce Chambers]

Greetings --

If you've disabled the messenger service, then you cannot use the
Net Send feature.

Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Mike Trozzo]

Greetings --

If you've disabled the messenger service, then you cannot use the
Net Send feature.

Bruce Chambers

Understood. What I'm trying to find out, though, is if I re-enable the
service, can I set it up to only send/receive within the network. Can I do
it from within XP, or through my firewall?

Mike

 

[Bruce Chambers]

Greetings --

I guess I'm not really understanding your question then. Is it
your goal to be able to use messenger service on an internal LAN while
preventing messenger service spam?

Your LAN's perimeter firewall should be preventing any messenger
service spam, along with the other exploits it's designed to stop,
from getting to any of the LAN's client machines. If you do want to
run a software firewall on each workstation, as well, for better
protection-in-depth against any of your users who download and install
malware, you'll need to use something more flexible that WinXP's
built-in Internet Connection Firewall, which was not designed for use
on internal LAN connections. (Actually, you could use WinXP's ICF, if
you wanted to manually open the necessary ports for file and print
sharing, as well as for the messenger service, but doing so would
leave those ports open to _anything_.)

The messenger service, itself, is not very configurable; it's
either on or off, and cannot identify (for filtering purposes) the
source of any messages it receives.


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Mike Trozzo]

Greetings --

I guess I'm not really understanding your question then. Is it
your goal to be able to use messenger service on an internal LAN while
preventing messenger service spam?

Your LAN's perimeter firewall should be preventing any messenger
service spam, along with the other exploits it's designed to stop,
from getting to any of the LAN's client machines. If you do want to
run a software firewall on each workstation, as well, for better
protection-in-depth against any of your users who download and install
malware, you'll need to use something more flexible that WinXP's
built-in Internet Connection Firewall, which was not designed for use
on internal LAN connections. (Actually, you could use WinXP's ICF, if
you wanted to manually open the necessary ports for file and print
sharing, as well as for the messenger service, but doing so would
leave those ports open to _anything_.)

The messenger service, itself, is not very configurable; it's
either on or off, and cannot identify (for filtering purposes) the
source of any messages it receives.


Bruce Chambers

Bruce,

Thanks..that's exacly what I was trying to find out. I'll re-enable it and
make sure my firewall grabs the unwasted stuff.

Mike

 

[Bruce Chambers]

Greetings --

You're welcome.

Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH