North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Disabling QAZ (was Re: Port 139 scans)
Get me specs on how it's done and I will give it a shot. We already have automated sub7 cleaners on Dalnet that we use to clean infected hosts. I could likely whip a daemon up pretty eaisly to monitor port 139 and auto disinfect. Jason --- Jason Slagle - CCNA - CCDA Network Administrator - Toledo Internet Access - Toledo Ohio - [email protected] - [email protected] - WHOIS JS10172 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GE d-- s:+ a-- C++ UL+++ P--- L+++ E- W- N+ o-- K- w--- O M- V PS+ PE+++ Y+ PGP t+ 5 X+ R tv+ b+ DI+ D G e+ h! r++ y+ ------END GEEK CODE BLOCK------ On Fri, 29 Sep 2000, Dan Hollis wrote: > > On Fri, 29 Sep 2000, Mike Lewinski wrote: > > "exit" will close the connection but not the QAZ server, while "quit" does > > appear to shut it down. You can also "run x". Once QAZ has been shutdown, > > it's also possible to connect to the share and manually delete the infected > > notepad.exe, although I haven't yet figured out if there's a way to unshare > > someone's drives remotely via command line (if I did this, I wouldn't be > > able to get back in to clean the infection). > > It would be cool if someone would make a tool that would auto-disinfect > users... > > -Dan > >
|