|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Disabling QAZ (was Re: Port 139 scans)
On Fri, 29 Sep 2000, Mike Lewinski wrote: > > > It might be a good idea to implement filtering on the borders for TCP SYN > > from 0/0 to 0/0 port 7597. That way, at least it can't be used once it's > > installed. > > > <snip> > > Anyone else have any thoughts on damage control here? > > Ok, guess it's time to get on nanog-post.... > > You can disable the clients, at least until next reboot. This won't work > with telnet, you have to use netcat: > > $ nc qaz_infected_ip 7597 > :qazwsx.hsq > >quit > Well, since I'm hardheaded, and I don't have netcat installed, I tried with telnet and it seems to have worked. $ telnet 216.30.78.100 7597 Trying 216.30.78.100... Connected to 216.30.78.100. Escape character is '^]'. :qazwsx.hsq >help >die >quit Connection closed by foreign host. $ telnet 216.30.78.100 7597 Trying 216.30.78.100... telnet: Unable to connect to remote host: Connection refused --- John Fraizer EnterZone, Inc
|