[31598] in North American Network Operators' Group
RE: Disabling QAZ (was Re: Port 139 scans)
daemon@ATHENA.MIT.EDU (Dana Hudes)
Fri Sep 29 18:21:06 2000
Date: Fri, 29 Sep 2000 17:43:03 -0400 (EDT)
From: Dana Hudes <dhudes@hudes.org>
To: "Roeland M.J. Meyer" <rmeyer@MHSC.com>
Cc: Dan Hollis <goemon@sasami.anime.net>, nanog@merit.edu
In-Reply-To: <1148622BC878D411971F0060082B042C3751@hawk.lvrmr.mhsc.com>
Message-ID: <Pine.LNX.4.21.0009291742470.1001-100000@harmony.hudes.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
that does not give me authority to connect to stranger's PCs
On Fri, 29 Sep 2000, Roeland M.J. Meyer wrote:
> Just like they probably don't know that they're infected, they probably
> won't know that they've been disinfected. At least the first time.
>
> > -----Original Message-----
> > From: Dana Hudes [mailto:dhudes@hudes.org]
> > Sent: Friday, September 29, 2000 2:03 PM
> > To: Dan Hollis; nanog@merit.edu
> > Subject: Re: Disabling QAZ (was Re: Port 139 scans)
> >
> >
> >
> > I am willing to scrap together a script to shutdown the virus
> > on an infected machine and put it in a CGI web page.
> > I'm not sure about volume but initially I think I can host
> > it. In the event my 1Mbit connection is overwhelmed I'll need
> > another place....
> > What stops me at the moment is that I have no authorization
> > to test against any infected machine.
> > I need a target.
> > I'm willing to also try for making the connection to the
> > share and removing the infection but I'm not sure I can get
> > it in time.
> > At least a shutdown page would do something.
> > I will start writing my code and await direct e-mail with
> > authorization and a target IP address to test against.
> > Note that I have plenty of potential test targets in my Samba
> > logs :-( but no legal authority to connect to those machines.
> >
> > ----- Original Message -----
> > From: "Dan Hollis" <goemon@sasami.anime.net>
> > To: <nanog@merit.edu>
> > Sent: Friday, September 29, 2000 4:42 PM
> > Subject: Re: Disabling QAZ (was Re: Port 139 scans)
> >
> >
> > >
> > > On Fri, 29 Sep 2000, John Fraizer wrote:
> > > > On Fri, 29 Sep 2000, Dan Hollis wrote:
> > > > > It would be cool if someone would make a tool that
> > would auto-disinfect
> > > > > users...
> > > > Yep. The problem with that is that current laws on the
> > books (in the US
> > > > at least) make this an illegal solution. If memory
> > serves me correctly,
> > > > the one I'm thinking about is worded something like:
> > > > "...any person who without authorization, accesses,
> > modifies, deletes or
> > > > destroys..."
> > >
> > > A web page that users themselves must click "OK, disinfect
> > me"? Seems
> > > authorization enough to me...
> > >
> > > > The penalties are pretty stiff too. The best of
> > intentions don't negate
> > > > the fact that it's illegal.
> > >
> > > When the user initiates the disinfection themselves?
> > >
> > > -Dan
> > >
> >
> >
>
