From: Tim Bird Message-Id: <199703120211.TAA32004@caldera.com> Subject: Re: [opendos] Net Send command To: dholley AT wusd DOT willows DOT k12 DOT ca DOT us (Dennis Holley) Date: Tue, 11 Mar 1997 19:11:51 -0700 (MST) Cc: opendos AT mail DOT tacoma DOT net In-Reply-To: <3325A3AF.52CA@wusd.willows.k12.ca.us> from "Dennis Holley" at Mar 11, 97 10:25:51 am Content-Type: text Sender: owner-opendos AT mail DOT tacoma DOT net Precedence: bulk Dennis Holley wrote: > > Mike and others familiar with the OpenDos kernel, > > The Net Send command has enough minor flaws in its function to make it > a nuisance in an educational lab environment at the high school level > (for example, you can easily use a purposely failed login attempt to > masquerade as another user & then do a profane Net Send All). > > Do you know of a way to deal with this other than Net Receive Off? Is > it necessary to obtain a recompiled command.com with this function > removed in order to negate this command? Know of any tricks? This is actually not in the OpenDOS kernel, but is a feature of Personal NetWare. The NET SEND command actually transmits a single IPX packet to all of the machines where it has detected users, on a specific IPX socket, I believe. It may be possible to write a (very) short program to close that socket, which would make it impossible to receive the messages on that machine. The VLM.EXE program (and it's subordinates) actually receives the message, displays it on the screen, and waits for a keystroke. After the special program was run, it would be impossible to re-open the socket on behalf of VLM.EXE, without a REALLY good understanding of IPX internals. The students would have an easier time disabling the program in the first place. Whether this system would work would depend on whether the students were allowed to reconfigure the AUTOEXEC.BAT or other parts of the system and reboot, to avoid loading the program which closed the socket. You could probably "hide" the program somewhere during bootup, and have it produce no output, to make it a little more difficult to track down. Either that, or give it a name which no student would want to mess with, like EMM388.EXE, and precede it with distracting comments like: Rem This next line is required to enable upper network memory blocks Writing the program to close the socket is trivial, if you know the socket - which, unfortunately I can't remember off the top of my head right now. I believe its the third socket of three dynamic ones allocated by VLM.EXE on startup. A second idea also occurs to me. VLM.EXE (or more likely PNW.VLM) could be patched to never open the socket in the first place. With the sources, it would be fairly easy to create such a patch. Then you would use this special patched version of the client on the public machines at your school. I don't know if the source release of OpenDOS will include VLM source or not. I kind of doubt it. Hope this helps. Tim Bird