[31594] in North American Network Operators' Group
Re: Disabling QAZ (was Re: Port 139 scans)
daemon@ATHENA.MIT.EDU (Dana Hudes)
Fri Sep 29 17:33:42 2000
Message-ID: <009a01c02a58$9f471ba0$3d5cdcd1@hudes.org>
From: "Dana Hudes" <dhudes@hudes.org>
To: "Dan Hollis" <goemon@sasami.anime.net>, <nanog@merit.edu>
Date: Fri, 29 Sep 2000 17:02:48 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: owner-nanog-outgoing@merit.edu
I am willing to scrap together a script to shutdown the virus on an =
infected machine and put it in a CGI web page.
I'm not sure about volume but initially I think I can host it. In the =
event my 1Mbit connection is overwhelmed I'll need another place....
What stops me at the moment is that I have no authorization to test =
against any infected machine.
I need a target.
I'm willing to also try for making the connection to the share and =
removing the infection but I'm not sure I can get it in time.
At least a shutdown page would do something.
I will start writing my code and await direct e-mail with authorization =
and a target IP address to test against.
Note that I have plenty of potential test targets in my Samba logs :-( =
but no legal authority to connect to those machines.
----- Original Message -----=20
From: "Dan Hollis" <goemon@sasami.anime.net>
To: <nanog@merit.edu>
Sent: Friday, September 29, 2000 4:42 PM
Subject: Re: Disabling QAZ (was Re: Port 139 scans)
>=20
> On Fri, 29 Sep 2000, John Fraizer wrote:
> > On Fri, 29 Sep 2000, Dan Hollis wrote:
> > > It would be cool if someone would make a tool that would =
auto-disinfect
> > > users...
> > Yep. The problem with that is that current laws on the books (in =
the US
> > at least) make this an illegal solution. If memory serves me =
correctly,
> > the one I'm thinking about is worded something like:
> > "...any person who without authorization, accesses, modifies, =
deletes or
> > destroys..."
>=20
> A web page that users themselves must click "OK, disinfect me"? Seems
> authorization enough to me...
>=20
> > The penalties are pretty stiff too. The best of intentions don't =
negate
> > the fact that it's illegal.
>=20
> When the user initiates the disinfection themselves?
>=20
> -Dan
>=20
