Intrusion Detection Systems mailing list archives

Re: mouse trap + fight back!

From: jburkett () cleveland dynacs com (John D. Burkett)
Date: Tue, 16 May 2000 13:41:28 -0400


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Fight back how?
If you mean actively such like .... "they" port scaned me, so I'm gonna 
port scan them back....or...they defaced my web site, so I'm gonna deface 
theirs.....Then I have ethical difficulty with that.  Your mileage may vary.

By knowingly becoming offensive, one would be affecting all innocent "hops" 
in between, adding traffic that otherwise wouldn't be necessary.
And...
Could this escalate?
Isn't this what some "gangs" do to prove superiority?
Could your business or clients become effected by this game?
Not to mention, perhaps said initial attack was accidental - this happens.

Having an offensive Policy response may have some "eye-for-an-eye" 
justifications, but then you could be called upon to explain your self.

What would you say to explain your actions?
You could only hope that the person to whom you must explain your offensive 
actions to, also happens to share your ethics.
Why put yourself in that position?

Does your ISP have an AUP that would be violated by offensive actions on 
your part?
I suspect they may, which makes you the bad guy.

Where do you stop, where do you draw the line?  If someone cuts your T-1 
line with a hedge clipper out side your building, can you go to their 
building and cut theirs in the same manor?

Perhaps these things are ethical questions that can very.
These are my 2cents.  I would have an ethical problem using "zombie zapper" 
type technology against hosts which are not under my authoritative 
administration.

Often, if problems are ignored, generally they goes away without any extra 
effort.
It seems simpler to block the site and move onto your next assignment.

There are other ways to fight, such as down the food chain (notify the up 
stream provider).

-John

At 10:54 PM 5/15/00 , ajim de' great wrote:

Dear all,

I just wondering, is there any way we can fight back
any intruders? Or is there any device can be used to
fight back??? Is it ethical or not??? Need some help.
Thanks!

Just me,

Nazim Jambli

Current thread:

Re: Insiders and IDS, (continued)
- - Re: Insiders and IDS Soeren Brandbyge (May 03)
- Re: Insiders and IDS Carric Dooley (May 03)
- Sorry... Johann van Duyn (May 04)
- VBS.LoveLetter.A.html Johann van Duyn (May 04)
- Secure time sync and IDS Lawrence Teo (May 11)
  - Re: Secure time sync and IDS Stuart Staniford (May 11)
  - Introduction... balcra (May 12)
  - Network Intrusion Detection System (NIDS) ajim de' great (May 14)
  - mouse trap + fight back! ajim de' great (May 15)
    - Re: mouse trap + fight back! Inno Eroraha (May 16)
    - Re: mouse trap + fight back! John D. Burkett (May 16)
    - RE: mouse trap + fight back! Glenn Williamson (May 17)
    - Bounced Messages [Mod FWD] Lister, Justin (May 17)
    - Re: Bounced Messages [Mod FWD] Talisker (May 17)
    - IDS & SNMP Nuno Miguel Neves (May 17)
    - Re: IDS & SNMP Greg Shipley (May 18)
    - Re: IDS & SNMP Allen Leibowitz (May 19)
  - Bounced Message (Mod FWD) Lister, Justin (May 16)
    - Re: Bounced Message (Mod FWD) Jackie Chan (May 16)
    - Re: Bounced Message (Mod FWD) Jonas Eriksson (May 17)
    - RE: mouse trap + fight back! Klaus, Chris (ISSAtlanta) (May 17)

(Thread continues...)