[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: counteracting an attack?

I agree, countermeasures can have bad effects, both karmically, and legally.
If script kiddies are running scripts to attack your machine, why not have your machine run scripts to attack attackers?

I believe there are legal ramifications against this.  Even if there are not, however, anyone would have a difficult case in court against an attacker.  He attacked me, so I'm pressing charges or suing.  Yet he(or she) is counter suing for computer losses when their system was compromised as a result of their actions.  It's a sad story, but I've heard of cases with robers suing robees for hurting themselves when they were breaking in to a home...

While data collection (whois/nslookup, etc..) certainly isn't an attack, nmap/port scanning is somewhere on the fence with some people.  I heard of a case where a guy scanned his ISP in order determine if his ISP was secure enough.  He did this as part of his job, when supervisors asked him to make sure their website would be secure.  The ISP contacted him while he was doing it, and he told them what he was doing.  Some time after that some authorities came to arrest him.  Anything more than portscanning would probably be crossing the legal line.

Isn't there an option in portsentry to forward packets, once an 'attack' is detected, instead of dropping them?  So once portsentry decides someone is being malicous, it then starts forwarding all packets off to disney.com or something?  I think that's rather funny, however this may be another 'attack'.  Only now you're indirectly directly involved!

All in my opion...

Cory


On Mon, Feb 19, 2001 at 12:10:49AM +0100, J?rn Engel wrote:
> Hi!
> 
> > That's what I do, too, but I'd like to be able to set up something
> > more "real time", in the sense that I won't get to read nightly logs
> > until the morning after, and by that time the scripy kiddies already
> > are gone.
> 
> Script kiddies will not break a firewall that was set up and is maintained
> properly. As long as there are thousands if not millions of unprotected red
> hat boxes in the net, they will go for the easy prey.
> But if you use an "intelligent" script - all gamers know that artificial
> intelligence is a contradiction in terms - you can only do damage to the
> poor fellow that ownes the forged ip. Secure your firewall and only use
> scripts to alert you, never to do actual countermeasures.
> 
> my two pence,
> Jörn
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: