[31597] in North American Network Operators' Group
RE: Disabling QAZ (was Re: Port 139 scans)
daemon@ATHENA.MIT.EDU (Roeland M.J. Meyer)
Fri Sep 29 18:05:36 2000
Message-ID: <1148622BC878D411971F0060082B042C3752@hawk.lvrmr.mhsc.com>
From: "Roeland M.J. Meyer" <rmeyer@MHSC.com>
To: Dana Hudes <dhudes@hudes.org>,
"Roeland M.J. Meyer" <rmeyer@MHSC.com>
Cc: Dan Hollis <goemon@sasami.anime.net>, nanog@merit.edu
Date: Fri, 29 Sep 2000 14:46:37 -0700
MIME-Version: 1.0
Content-Type: text/plain
Errors-To: owner-nanog-outgoing@merit.edu
I never argued that.
> -----Original Message-----
> From: Dana Hudes [mailto:dhudes@hudes.org]
> Sent: Friday, September 29, 2000 2:43 PM
> To: Roeland M.J. Meyer
> Cc: Dan Hollis; nanog@merit.edu
> Subject: RE: Disabling QAZ (was Re: Port 139 scans)
>
>
> that does not give me authority to connect to stranger's PCs
>
> On Fri, 29 Sep 2000, Roeland M.J. Meyer wrote:
>
> > Just like they probably don't know that they're infected,
> they probably
> > won't know that they've been disinfected. At least the first time.
> >
> > > -----Original Message-----
> > > From: Dana Hudes [mailto:dhudes@hudes.org]
> > > Sent: Friday, September 29, 2000 2:03 PM
> > > To: Dan Hollis; nanog@merit.edu
> > > Subject: Re: Disabling QAZ (was Re: Port 139 scans)
> > >
> > >
> > >
> > > I am willing to scrap together a script to shutdown the virus
> > > on an infected machine and put it in a CGI web page.
> > > I'm not sure about volume but initially I think I can host
> > > it. In the event my 1Mbit connection is overwhelmed I'll need
> > > another place....
> > > What stops me at the moment is that I have no authorization
> > > to test against any infected machine.
> > > I need a target.
> > > I'm willing to also try for making the connection to the
> > > share and removing the infection but I'm not sure I can get
> > > it in time.
> > > At least a shutdown page would do something.
> > > I will start writing my code and await direct e-mail with
> > > authorization and a target IP address to test against.
> > > Note that I have plenty of potential test targets in my Samba
> > > logs :-( but no legal authority to connect to those machines.
> > >
> > > ----- Original Message -----
> > > From: "Dan Hollis" <goemon@sasami.anime.net>
> > > To: <nanog@merit.edu>
> > > Sent: Friday, September 29, 2000 4:42 PM
> > > Subject: Re: Disabling QAZ (was Re: Port 139 scans)
> > >
> > >
> > > >
> > > > On Fri, 29 Sep 2000, John Fraizer wrote:
> > > > > On Fri, 29 Sep 2000, Dan Hollis wrote:
> > > > > > It would be cool if someone would make a tool that
> > > would auto-disinfect
> > > > > > users...
> > > > > Yep. The problem with that is that current laws on the
> > > books (in the US
> > > > > at least) make this an illegal solution. If memory
> > > serves me correctly,
> > > > > the one I'm thinking about is worded something like:
> > > > > "...any person who without authorization, accesses,
> > > modifies, deletes or
> > > > > destroys..."
> > > >
> > > > A web page that users themselves must click "OK, disinfect
> > > me"? Seems
> > > > authorization enough to me...
> > > >
> > > > > The penalties are pretty stiff too. The best of
> > > intentions don't negate
> > > > > the fact that it's illegal.
> > > >
> > > > When the user initiates the disinfection themselves?
> > > >
> > > > -Dan
> > > >
> > >
> > >
> >
>
