On 4/15/04 8:45 AM, "stevenr_at_mastek.com" <stevenr_at_mastek.com> wrote:
> A very good question, the exact one that is making this paper so
> controversial. This is what those guys have to say for this
>
> "...In regards to spoofed attacks, when there is no positive
> identification of the attacker (that is, we cannot positively attribute
> an attack back to its source), deploying defensive countermeasures and
> reporting intelligence would be most appropriate. However, this decision
> (and the power to initiate an offensive countermeasure) ultimately
> resides in the hands of our customer...."
>
>
> May not be the perfect solution for all security problems, but this
> would make script-kiddies and saboteurs think twice before hitting a
> competitors network if they are going to have their own network washed
> out in retaliation.
>
It won't "make the script kiddies think twice". It will mean that you are
committing a crime and know that you're doing it.
And like the last correspondent said most attacks come from someone else's
machines, not the attacker's. It's the innocent third parties who will
suffer. The attackers will be completely unaffected.
Received on Apr 15 2004
Intro
