nanog mailing list archives
Re: Disabling QAZ (was Re: Port 139 scans)
From: Jason Slagle <raistlin () tacorp net>
Date: Sat, 30 Sep 2000 11:10:11 -0400 (EDT)
Get me specs on how it's done and I will give it a shot. We already have automated sub7 cleaners on Dalnet that we use to clean infected hosts. I could likely whip a daemon up pretty eaisly to monitor port 139 and auto disinfect. Jason --- Jason Slagle - CCNA - CCDA Network Administrator - Toledo Internet Access - Toledo Ohio - raistlin () tacorp net - jslagle () toledolink com - WHOIS JS10172 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GE d-- s:+ a-- C++ UL+++ P--- L+++ E- W- N+ o-- K- w--- O M- V PS+ PE+++ Y+ PGP t+ 5 X+ R tv+ b+ DI+ D G e+ h! r++ y+ ------END GEEK CODE BLOCK------ On Fri, 29 Sep 2000, Dan Hollis wrote:
On Fri, 29 Sep 2000, Mike Lewinski wrote:"exit" will close the connection but not the QAZ server, while "quit" does appear to shut it down. You can also "run x". Once QAZ has been shutdown, it's also possible to connect to the share and manually delete the infected notepad.exe, although I haven't yet figured out if there's a way to unshare someone's drives remotely via command line (if I did this, I wouldn't be able to get back in to clean the infection).It would be cool if someone would make a tool that would auto-disinfect users... -Dan
Current thread:
- Re: Port 139 scans, (continued)
- Re: Port 139 scans Etaoin Shrdlu (Sep 28)
- Re: Port 139 scans John Fraizer (Sep 29)
- Re: Port 139 scans Charles Scott (Sep 29)
- Disabling QAZ (was Re: Port 139 scans) Mike Lewinski (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) John Fraizer (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Mike Lewinski (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Jason Slagle (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) Travis Pugh (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) Jason Slagle (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) John Fraizer (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Mike Lewinski (Sep 29)
- Message not available
- Re: Port 139 scans Ben Browning (Sep 27)
- Re: Port 139 scans Jason Slagle (Sep 27)
- Re: Port 139 scans Dan Hollis (Sep 27)
- Re: Port 139 scans Kai Schlichting (Sep 27)
- Re: Port 139 scans Jared Mauch (Sep 27)