Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Hack the hackers :)
From: Walter Wart <ribbit () speakeasy net>
Date: Thu, 15 Apr 2004 09:57:45 -0700

On 4/15/04 8:45 AM, "stevenr () mastek com" <stevenr () mastek com> wrote:

A very good question, the exact one that is making this paper so
controversial. This is what those guys have to say for this

"...In regards to spoofed attacks, when there is no positive
identification of the attacker (that is, we cannot positively attribute
an attack back to its source), deploying defensive countermeasures and
reporting intelligence would be most appropriate. However, this decision
(and the power to initiate an offensive countermeasure) ultimately
resides in the hands of our customer...."

May not be the perfect solution for all security problems, but this
would make script-kiddies and saboteurs think twice before hitting a
competitors network if they are going to have their own network washed
out in retaliation.

It won't "make the script kiddies think twice". It will mean that you are
committing a crime and know that you're doing it.

And like the last correspondent said most attacks come from someone else's
machines, not the attacker's. It's the innocent third parties who will
suffer. The attackers will be completely unaffected.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]