North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Disabling QAZ (was Re: Port 139 scans)

  • From: Roeland M.J. Meyer
  • Date: Fri Sep 29 17:58:58 2000

Just like they probably don't know that they're infected, they probably
won't know that they've been disinfected. At least the first time.

> -----Original Message-----
> From: Dana Hudes [mailto:dhudes@hudes.org]
> Sent: Friday, September 29, 2000 2:03 PM
> To: Dan Hollis; nanog@merit.edu
> Subject: Re: Disabling QAZ (was Re: Port 139 scans)
> 
> 
> 
> I am willing to scrap together a script to shutdown the virus 
> on an infected machine and put it in a CGI web page.
> I'm not sure about volume but initially I think I can host 
> it. In the event my 1Mbit connection is overwhelmed I'll need 
> another place....
> What stops me at the moment is that I have no authorization 
> to test against any infected machine.
> I need a target.
> I'm willing to also try for making the connection to the 
> share and removing the infection but I'm not sure I can get 
> it in time.
> At least a shutdown page would do something.
> I will start writing my code and await direct e-mail with 
> authorization and a target IP address to test against.
> Note that I have plenty of potential test targets in my Samba 
> logs :-( but no legal authority to connect to those machines.
> 
> ----- Original Message ----- 
> From: "Dan Hollis" <goemon@sasami.anime.net>
> To: <nanog@merit.edu>
> Sent: Friday, September 29, 2000 4:42 PM
> Subject: Re: Disabling QAZ (was Re: Port 139 scans)
> 
> 
> > 
> > On Fri, 29 Sep 2000, John Fraizer wrote:
> > > On Fri, 29 Sep 2000, Dan Hollis wrote:
> > > > It would be cool if someone would make a tool that 
> would auto-disinfect
> > > > users...
> > > Yep.  The problem with that is that current laws on the 
> books (in the US
> > > at least) make this an illegal solution.  If memory 
> serves me correctly,
> > > the one I'm thinking about is worded something like:
> > > "...any person who without authorization, accesses, 
> modifies, deletes or
> > > destroys..."
> > 
> > A web page that users themselves must click "OK, disinfect 
> me"? Seems
> > authorization enough to me...
> > 
> > > The penalties are pretty stiff too.  The best of 
> intentions don't negate
> > > the fact that it's illegal.
> > 
> > When the user initiates the disinfection themselves?
> > 
> > -Dan
> > 
> 
>