I've scanned and seen a whole lot of traffic around here about this, but nothing that quite gets at what I'm looking for, so here's hoping... 
I work in the IT department at private college and we're just now starting to get bombarded with the sort of NET SEND spam that's been flooding some other networks. I'd sure like to find a way of controlling it. Let me lay out for a few facts and see if anyone has some suggestions of how to work with this setting:
1)Disabling Messenger Service is not really an option. First, we've found that there are a handful of important Windows uses for the service; it's not just for NET SEND. Second, going around to a few hundred PC's to disable a service isn't a really viable option, except in a situation demanding the last resort.
2) We've tried using the Active Directory security policies to stop our students from using NET.EXE. It took them about half a day to start copying NET.EXE to a non-administrative folder, renaming it to BOB.EXE and continue spamming the instructor while he was using Power Point to deliver lecture material.
3) We've tried using the batch file work-around, and the students did pretty much the same thing.
4) We do not have any internal firewalls, either hardware or software. We have a WAN which connects two Cisco-based LANs, and we have a Packetshaper controlling the traffic between campuses. It wouldn't take much to block NET SEND messages from going out over the WAN, but most of the problem is internal -- either within classes, or from students wanting to spam all the people they know.
5) Today a student used NET SEND * to bombard a whole lot of PC's. For some reason, the message did not go out to everyone on the domain like it should have -- thank goodness! -- but it still spread too far and wide for our comfort.
So I'm not sure what I'm looking for, but a security-based solution would obviously be ideal. Any suggestions would sure be appreciated though! Thanks!!
NickC---
I work in the IT department at private college and we're just now starting to get bombarded with the sort of NET SEND spam that's been flooding some other networks. I'd sure like to find a way of controlling it. Let me lay out for a few facts and see if anyone has some suggestions of how to work with this setting:
1)Disabling Messenger Service is not really an option. First, we've found that there are a handful of important Windows uses for the service; it's not just for NET SEND. Second, going around to a few hundred PC's to disable a service isn't a really viable option, except in a situation demanding the last resort.
2) We've tried using the Active Directory security policies to stop our students from using NET.EXE. It took them about half a day to start copying NET.EXE to a non-administrative folder, renaming it to BOB.EXE and continue spamming the instructor while he was using Power Point to deliver lecture material.
3) We've tried using the batch file work-around, and the students did pretty much the same thing.
4) We do not have any internal firewalls, either hardware or software. We have a WAN which connects two Cisco-based LANs, and we have a Packetshaper controlling the traffic between campuses. It wouldn't take much to block NET SEND messages from going out over the WAN, but most of the problem is internal -- either within classes, or from students wanting to spam all the people they know.
5) Today a student used NET SEND * to bombard a whole lot of PC's. For some reason, the message did not go out to everyone on the domain like it should have -- thank goodness! -- but it still spread too far and wide for our comfort.
So I'm not sure what I'm looking for, but a security-based solution would obviously be ideal. Any suggestions would sure be appreciated though! Thanks!!
NickC---
