nanog mailing list archives
Re: Disabling QAZ (was Re: Port 139 scans)
From: John Fraizer <nanog () EnterZone Net>
Date: Fri, 29 Sep 2000 16:17:19 -0400 (EDT)
On Fri, 29 Sep 2000, Mike Lewinski wrote:
It might be a good idea to implement filtering on the borders for TCP SYN from 0/0 to 0/0 port 7597. That way, at least it can't be used once it's installed.<snip>Anyone else have any thoughts on damage control here?Ok, guess it's time to get on nanog-post.... You can disable the clients, at least until next reboot. This won't work with telnet, you have to use netcat: $ nc qaz_infected_ip 7597 :qazwsx.hsqquit
Well, since I'm hardheaded, and I don't have netcat installed, I tried with telnet and it seems to have worked. $ telnet 216.30.78.100 7597 Trying 216.30.78.100... Connected to 216.30.78.100. Escape character is '^]'. :qazwsx.hsq
help die quit
Connection closed by foreign host. $ telnet 216.30.78.100 7597 Trying 216.30.78.100... telnet: Unable to connect to remote host: Connection refused --- John Fraizer EnterZone, Inc
Current thread:
- Re: Port 139 scans, (continued)
- Re: Port 139 scans John Fraizer (Sep 29)
- Re: Port 139 scans Charles Scott (Sep 29)
- Disabling QAZ (was Re: Port 139 scans) Mike Lewinski (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) John Fraizer (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Mike Lewinski (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Jason Slagle (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) Travis Pugh (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) Jason Slagle (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) John Fraizer (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Mike Lewinski (Sep 29)
- Message not available
- Re: Port 139 scans Ben Browning (Sep 27)
- Re: Port 139 scans Jason Slagle (Sep 27)
- Re: Port 139 scans Dan Hollis (Sep 27)
- Re: Port 139 scans Kai Schlichting (Sep 27)
- Re: Port 139 scans Jared Mauch (Sep 27)