[31584] in North American Network Operators' Group
Re: Disabling QAZ (was Re: Port 139 scans)
daemon@ATHENA.MIT.EDU (Dan Hollis)
Fri Sep 29 16:21:36 2000
Date: Fri, 29 Sep 2000 13:14:08 -0700 (PDT)
From: Dan Hollis <goemon@sasami.anime.net>
To: Mike Lewinski <mike@rockynet.com>
Cc: nanog@merit.edu
In-Reply-To: <007901c02a50$02bb6640$1cd8a8ce@rockynet.com>
Message-ID: <Pine.LNX.4.21.0009291312510.16988-100000@anime.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 29 Sep 2000, Mike Lewinski wrote:
> "exit" will close the connection but not the QAZ server, while "quit" does
> appear to shut it down. You can also "run x". Once QAZ has been shutdown,
> it's also possible to connect to the share and manually delete the infected
> notepad.exe, although I haven't yet figured out if there's a way to unshare
> someone's drives remotely via command line (if I did this, I wouldn't be
> able to get back in to clean the infection).
It would be cool if someone would make a tool that would auto-disinfect
users...
-Dan
