North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Disabling QAZ (was Re: Port 139 scans)
I never argued that. > -----Original Message----- > From: Dana Hudes [mailto:[email protected]] > Sent: Friday, September 29, 2000 2:43 PM > To: Roeland M.J. Meyer > Cc: Dan Hollis; [email protected] > Subject: RE: Disabling QAZ (was Re: Port 139 scans) > > > that does not give me authority to connect to stranger's PCs > > On Fri, 29 Sep 2000, Roeland M.J. Meyer wrote: > > > Just like they probably don't know that they're infected, > they probably > > won't know that they've been disinfected. At least the first time. > > > > > -----Original Message----- > > > From: Dana Hudes [mailto:[email protected]] > > > Sent: Friday, September 29, 2000 2:03 PM > > > To: Dan Hollis; [email protected] > > > Subject: Re: Disabling QAZ (was Re: Port 139 scans) > > > > > > > > > > > > I am willing to scrap together a script to shutdown the virus > > > on an infected machine and put it in a CGI web page. > > > I'm not sure about volume but initially I think I can host > > > it. In the event my 1Mbit connection is overwhelmed I'll need > > > another place.... > > > What stops me at the moment is that I have no authorization > > > to test against any infected machine. > > > I need a target. > > > I'm willing to also try for making the connection to the > > > share and removing the infection but I'm not sure I can get > > > it in time. > > > At least a shutdown page would do something. > > > I will start writing my code and await direct e-mail with > > > authorization and a target IP address to test against. > > > Note that I have plenty of potential test targets in my Samba > > > logs :-( but no legal authority to connect to those machines. > > > > > > ----- Original Message ----- > > > From: "Dan Hollis" <[email protected]> > > > To: <[email protected]> > > > Sent: Friday, September 29, 2000 4:42 PM > > > Subject: Re: Disabling QAZ (was Re: Port 139 scans) > > > > > > > > > > > > > > On Fri, 29 Sep 2000, John Fraizer wrote: > > > > > On Fri, 29 Sep 2000, Dan Hollis wrote: > > > > > > It would be cool if someone would make a tool that > > > would auto-disinfect > > > > > > users... > > > > > Yep. The problem with that is that current laws on the > > > books (in the US > > > > > at least) make this an illegal solution. If memory > > > serves me correctly, > > > > > the one I'm thinking about is worded something like: > > > > > "...any person who without authorization, accesses, > > > modifies, deletes or > > > > > destroys..." > > > > > > > > A web page that users themselves must click "OK, disinfect > > > me"? Seems > > > > authorization enough to me... > > > > > > > > > The penalties are pretty stiff too. The best of > > > intentions don't negate > > > > > the fact that it's illegal. > > > > > > > > When the user initiates the disinfection themselves? > > > > > > > > -Dan > > > > > > > > > > > > >
|