nanog mailing list archives
RE: Disabling QAZ (was Re: Port 139 scans)
From: "Carter, Gregory" <omni () dynmc net>
Date: Fri, 29 Sep 2000 13:58:19 -0700
-----BEGIN PGP SIGNED MESSAGE----- Greetings, The windows 2000 resource kit comes with a small tool that will add/remove/list shares on a machine. It is called share.vbs and works on other 2k boxes however I have not yet tried it on windows 9x platforms. It might be worth looking into however obviously the legalities of such actions still remain unfortunately. Cheers, Greg +(gcarter () infoDNS com)-------------------------------------------------+ | infoDNS http://www.infodns.com/ | | Senior Network Administrator bits/keyID 1024/7DF9C285 | | Register your domain name today for only $15/yr. | +--------[ DC 50 57 59 C3 76 46 E8 EB 75 A8 94 FE 96 9E D3 ]----------+ - -----Original Message----- From: John Fraizer [mailto:nanog () EnterZone Net] Sent: Friday, September 29, 2000 1:30 PM To: Dan Hollis Cc: Mike Lewinski; nanog () merit edu Subject: Re: Disabling QAZ (was Re: Port 139 scans) On Fri, 29 Sep 2000, Dan Hollis wrote:
On Fri, 29 Sep 2000, Mike Lewinski wrote:"exit" will close the connection but not the QAZ server, while "quit" does appear to shut it down. You can also "run x". Once QAZ has been shutdown, it's also possible to connect to the share and manually delete the infected notepad.exe, although I haven't yet figured out if there's a way to unshare someone's drives remotely via command line (if I did this, I wouldn't be able to get back in to clean the infection).It would be cool if someone would make a tool that would auto-disinfect users... -Dan
Yep. The problem with that is that current laws on the books (in the US at least) make this an illegal solution. If memory serves me correctly, the one I'm thinking about is worded something like: "...any person who without authorization, accesses, modifies, deletes or destroys..." The penalties are pretty stiff too. The best of intentions don't negate the fact that it's illegal. - --- John Fraizer EnterZone, Inc -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQCVAwUBOdT7PG2piax9+cKFAQFVcQQAnfq88CRumG9MBsxGJOYqLX7mdCGoFozj yIPTPohfwSu56Q0ekNecwaHNFKLqfwBZY6LkWZg12Mt5k+ozaPNBv5F4w2sRCEh7 2n1VIdrXqNfczTPpPSmJWFwsY4O7xFWV791oUYhLWTdML13WpErOoLArz1wqwAPa 5AuN1Lw/cNc= =EEXT -----END PGP SIGNATURE-----
Current thread:
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- <Possible follow-ups>
- RE: Disabling QAZ (was Re: Port 139 scans) Carter, Gregory (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Alex Bligh (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Ben Browning (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Roland Dobbins (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Bennett Todd (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Roeland M.J. Meyer (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Roeland M.J. Meyer (Sep 29)