"net send" vulnerability behind firewall 1

[toryman]

I am an end-user in a huge corporate network. It has just come to the attention of our IT dept that we have been using "net send" (for years) to communicate with coworkers when their phone is busy, etc.

The IT dept has disabled net send per "hardening guidelines." I located this guideline and could not, for sure, determine whether it was talking about dmz and desktops or just dmz.

So, my question is:
If net-bios and other related ports are blocked at the firewall, is it reasonably safe for end-users to have these ports listening; to enable workstation and messenger so they can use "net send?"

A link to the answer will be as appreciated as the answer in this forum. Thanks.

 

[Grenage]

If the firewall is blocking the appropriate port then you will be safe from external misuse. It won't stop internal programs or spyware from abusing it though.

There is of course always the chance that they are stopping the messenger service so that you are forced to use e-mail instead (which is usually logged).


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

 

[tfg13]

Grenage,
Utilizing the net send feature will indeed create a log entry. The application log captures info on the "receiving" PC.

 

[Grenage]

True, but it's a lot easier if it's all in one place!


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.