nanog mailing list archives
RE: Disabling QAZ (was Re: Port 139 scans)
From: "Roeland M.J. Meyer" <rmeyer () MHSC com>
Date: Fri, 29 Sep 2000 14:37:02 -0700
Just like they probably don't know that they're infected, they probably won't know that they've been disinfected. At least the first time.
-----Original Message----- From: Dana Hudes [mailto:dhudes () hudes org] Sent: Friday, September 29, 2000 2:03 PM To: Dan Hollis; nanog () merit edu Subject: Re: Disabling QAZ (was Re: Port 139 scans) I am willing to scrap together a script to shutdown the virus on an infected machine and put it in a CGI web page. I'm not sure about volume but initially I think I can host it. In the event my 1Mbit connection is overwhelmed I'll need another place.... What stops me at the moment is that I have no authorization to test against any infected machine. I need a target. I'm willing to also try for making the connection to the share and removing the infection but I'm not sure I can get it in time. At least a shutdown page would do something. I will start writing my code and await direct e-mail with authorization and a target IP address to test against. Note that I have plenty of potential test targets in my Samba logs :-( but no legal authority to connect to those machines. ----- Original Message ----- From: "Dan Hollis" <goemon () sasami anime net> To: <nanog () merit edu> Sent: Friday, September 29, 2000 4:42 PM Subject: Re: Disabling QAZ (was Re: Port 139 scans)On Fri, 29 Sep 2000, John Fraizer wrote:On Fri, 29 Sep 2000, Dan Hollis wrote:It would be cool if someone would make a tool thatwould auto-disinfectusers...Yep. The problem with that is that current laws on thebooks (in the USat least) make this an illegal solution. If memoryserves me correctly,the one I'm thinking about is worded something like: "...any person who without authorization, accesses,modifies, deletes ordestroys..."A web page that users themselves must click "OK, disinfectme"? Seemsauthorization enough to me...The penalties are pretty stiff too. The best ofintentions don't negatethe fact that it's illegal.When the user initiates the disinfection themselves? -Dan
Current thread:
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- <Possible follow-ups>
- RE: Disabling QAZ (was Re: Port 139 scans) Carter, Gregory (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Alex Bligh (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Ben Browning (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Roland Dobbins (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Bennett Todd (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Roeland M.J. Meyer (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Roeland M.J. Meyer (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Ben Browning (Sep 29)