[31595] in North American Network Operators' Group
RE: Disabling QAZ (was Re: Port 139 scans)
daemon@ATHENA.MIT.EDU (Roeland M.J. Meyer)
Fri Sep 29 17:57:07 2000
Message-ID: <1148622BC878D411971F0060082B042C3751@hawk.lvrmr.mhsc.com>
From: "Roeland M.J. Meyer" <rmeyer@MHSC.com>
To: Dana Hudes <dhudes@hudes.org>,
Dan Hollis <goemon@sasami.anime.net>, nanog@merit.edu
Date: Fri, 29 Sep 2000 14:37:02 -0700
MIME-Version: 1.0
Content-Type: text/plain
Errors-To: owner-nanog-outgoing@merit.edu
Just like they probably don't know that they're infected, they probably
won't know that they've been disinfected. At least the first time.
> -----Original Message-----
> From: Dana Hudes [mailto:dhudes@hudes.org]
> Sent: Friday, September 29, 2000 2:03 PM
> To: Dan Hollis; nanog@merit.edu
> Subject: Re: Disabling QAZ (was Re: Port 139 scans)
>
>
>
> I am willing to scrap together a script to shutdown the virus
> on an infected machine and put it in a CGI web page.
> I'm not sure about volume but initially I think I can host
> it. In the event my 1Mbit connection is overwhelmed I'll need
> another place....
> What stops me at the moment is that I have no authorization
> to test against any infected machine.
> I need a target.
> I'm willing to also try for making the connection to the
> share and removing the infection but I'm not sure I can get
> it in time.
> At least a shutdown page would do something.
> I will start writing my code and await direct e-mail with
> authorization and a target IP address to test against.
> Note that I have plenty of potential test targets in my Samba
> logs :-( but no legal authority to connect to those machines.
>
> ----- Original Message -----
> From: "Dan Hollis" <goemon@sasami.anime.net>
> To: <nanog@merit.edu>
> Sent: Friday, September 29, 2000 4:42 PM
> Subject: Re: Disabling QAZ (was Re: Port 139 scans)
>
>
> >
> > On Fri, 29 Sep 2000, John Fraizer wrote:
> > > On Fri, 29 Sep 2000, Dan Hollis wrote:
> > > > It would be cool if someone would make a tool that
> would auto-disinfect
> > > > users...
> > > Yep. The problem with that is that current laws on the
> books (in the US
> > > at least) make this an illegal solution. If memory
> serves me correctly,
> > > the one I'm thinking about is worded something like:
> > > "...any person who without authorization, accesses,
> modifies, deletes or
> > > destroys..."
> >
> > A web page that users themselves must click "OK, disinfect
> me"? Seems
> > authorization enough to me...
> >
> > > The penalties are pretty stiff too. The best of
> intentions don't negate
> > > the fact that it's illegal.
> >
> > When the user initiates the disinfection themselves?
> >
> > -Dan
> >
>
>
