Re: Disabling QAZ (was Re: Port 139 scans)

["Dana Hudes" <dhudes () hudes org>]

I am willing to scrap together a script to shutdown the virus on an infected machine and put it in a CGI web page.
I'm not sure about volume but initially I think I can host it. In the event my 1Mbit connection is overwhelmed I'll 
need another place....
What stops me at the moment is that I have no authorization to test against any infected machine.
I need a target.
I'm willing to also try for making the connection to the share and removing the infection but I'm not sure I can get it 
in time.
At least a shutdown page would do something.
I will start writing my code and await direct e-mail with authorization and a target IP address to test against.
Note that I have plenty of potential test targets in my Samba logs :-( but no legal authority to connect to those 
machines.

----- Original Message ----- 
From: "Dan Hollis" <goemon () sasami anime net>
To: <nanog () merit edu>
Sent: Friday, September 29, 2000 4:42 PM
Subject: Re: Disabling QAZ (was Re: Port 139 scans)


> On Fri, 29 Sep 2000, John Fraizer wrote:
> > On Fri, 29 Sep 2000, Dan Hollis wrote:
> > > It would be cool if someone would make a tool that would auto-disinfect
> > > users...
> > Yep.  The problem with that is that current laws on the books (in the US
> > at least) make this an illegal solution.  If memory serves me correctly,
> > the one I'm thinking about is worded something like:
> > "...any person who without authorization, accesses, modifies, deletes or
> > destroys..."
>
> A web page that users themselves must click "OK, disinfect me"? Seems
> authorization enough to me...
>
> > The penalties are pretty stiff too.  The best of intentions don't negate
> > the fact that it's illegal.
>
> When the user initiates the disinfection themselves?
>
> -Dan