I am willing to scrap together a script to shutdown the virus on an infected machine and put it in a CGI web page. I'm not sure about volume but initially I think I can host it. In the event my 1Mbit connection is overwhelmed I'll need another place.... What stops me at the moment is that I have no authorization to test against any infected machine. I need a target. I'm willing to also try for making the connection to the share and removing the infection but I'm not sure I can get it in time. At least a shutdown page would do something. I will start writing my code and await direct e-mail with authorization and a target IP address to test against. Note that I have plenty of potential test targets in my Samba logs :-( but no legal authority to connect to those machines. ----- Original Message ----- From: "Dan Hollis" <goemon@sasami.anime.net> To: <nanog@merit.edu> Sent: Friday, September 29, 2000 4:42 PM Subject: Re: Disabling QAZ (was Re: Port 139 scans)
On Fri, 29 Sep 2000, John Fraizer wrote:
It would be cool if someone would make a tool that would auto-disinfect users... Yep. The problem with that is that current laws on the books (in the US at least) make this an illegal solution. If memory serves me correctly,
On Fri, 29 Sep 2000, Dan Hollis wrote: the one I'm thinking about is worded something like: "...any person who without authorization, accesses, modifies, deletes or destroys..."
A web page that users themselves must click "OK, disinfect me"? Seems authorization enough to me...
The penalties are pretty stiff too. The best of intentions don't negate the fact that it's illegal.
When the user initiates the disinfection themselves?
-Dan