RE: Disabling QAZ (was Re: Port 139 scans)
Just like they probably don't know that they're infected, they probably won't know that they've been disinfected. At least the first time.
-----Original Message----- From: Dana Hudes [mailto:dhudes@hudes.org] Sent: Friday, September 29, 2000 2:03 PM To: Dan Hollis; nanog@merit.edu Subject: Re: Disabling QAZ (was Re: Port 139 scans)
I am willing to scrap together a script to shutdown the virus on an infected machine and put it in a CGI web page. I'm not sure about volume but initially I think I can host it. In the event my 1Mbit connection is overwhelmed I'll need another place.... What stops me at the moment is that I have no authorization to test against any infected machine. I need a target. I'm willing to also try for making the connection to the share and removing the infection but I'm not sure I can get it in time. At least a shutdown page would do something. I will start writing my code and await direct e-mail with authorization and a target IP address to test against. Note that I have plenty of potential test targets in my Samba logs :-( but no legal authority to connect to those machines.
----- Original Message ----- From: "Dan Hollis" <goemon@sasami.anime.net> To: <nanog@merit.edu> Sent: Friday, September 29, 2000 4:42 PM Subject: Re: Disabling QAZ (was Re: Port 139 scans)
On Fri, 29 Sep 2000, John Fraizer wrote:
On Fri, 29 Sep 2000, Dan Hollis wrote:
It would be cool if someone would make a tool that
would auto-disinfect
users... Yep. The problem with that is that current laws on the books (in the US at least) make this an illegal solution. If memory serves me correctly, the one I'm thinking about is worded something like: "...any person who without authorization, accesses, modifies, deletes or destroys..."
A web page that users themselves must click "OK, disinfect me"? Seems authorization enough to me...
The penalties are pretty stiff too. The best of intentions don't negate the fact that it's illegal.
When the user initiates the disinfection themselves?
-Dan
that does not give me authority to connect to stranger's PCs On Fri, 29 Sep 2000, Roeland M.J. Meyer wrote:
Just like they probably don't know that they're infected, they probably won't know that they've been disinfected. At least the first time.
-----Original Message----- From: Dana Hudes [mailto:dhudes@hudes.org] Sent: Friday, September 29, 2000 2:03 PM To: Dan Hollis; nanog@merit.edu Subject: Re: Disabling QAZ (was Re: Port 139 scans)
I am willing to scrap together a script to shutdown the virus on an infected machine and put it in a CGI web page. I'm not sure about volume but initially I think I can host it. In the event my 1Mbit connection is overwhelmed I'll need another place.... What stops me at the moment is that I have no authorization to test against any infected machine. I need a target. I'm willing to also try for making the connection to the share and removing the infection but I'm not sure I can get it in time. At least a shutdown page would do something. I will start writing my code and await direct e-mail with authorization and a target IP address to test against. Note that I have plenty of potential test targets in my Samba logs :-( but no legal authority to connect to those machines.
----- Original Message ----- From: "Dan Hollis" <goemon@sasami.anime.net> To: <nanog@merit.edu> Sent: Friday, September 29, 2000 4:42 PM Subject: Re: Disabling QAZ (was Re: Port 139 scans)
On Fri, 29 Sep 2000, John Fraizer wrote:
On Fri, 29 Sep 2000, Dan Hollis wrote:
It would be cool if someone would make a tool that
would auto-disinfect
users... Yep. The problem with that is that current laws on the books (in the US at least) make this an illegal solution. If memory serves me correctly, the one I'm thinking about is worded something like: "...any person who without authorization, accesses, modifies, deletes or destroys..."
A web page that users themselves must click "OK, disinfect me"? Seems authorization enough to me...
The penalties are pretty stiff too. The best of intentions don't negate the fact that it's illegal.
When the user initiates the disinfection themselves?
-Dan
participants (3)
-
Dan Hollis
-
Dana Hudes
-
Roeland M.J. Meyer