Intrusion Detection Systems mailing list archives

RE: mouse trap + fight back!

From: CKlaus () iss net (Klaus, Chris (ISSAtlanta))
Date: Wed, 17 May 2000 14:24:04 -0400


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au

We had a birds of a feather (BoF) at ISS Connect 2000, and while initially
some people thought the right action might be to attack back, the conclusion
that most people made was that it was ok to probe back (via ping, whois,
traceroute, etc), but trying to attack back at someone was overall a
generally bad idea.  One recommended response (as alternative to
"attacking") is to alert and notify the administrators of the offending
network, and let them know that you believe there is suspicious activity
happening from their network that they should investigate.  Many times, a
quick response from the admin will come back.

BTW, We had a large customer who had some rogue internal admins setup
scripts to strike back with a DoS attack if they detected suspicious
activity.  Unfortunately, it began attacking the legitimate security team
doing a security audit. The security team quickly became aware of the
booby-trap. Doh!  Imagine if an intruder discovered this booby-trap and
spoofed some attacks to appear to come from a legitimate business partner.
Double-Doh!  

You need to think about not only if you are attacked, but what if you are
compromised. We are seeing more companies calling up about our Emergency
Response Services (ERS) as a response to security breaches.  Alan Fedeli and
David Curry (long time security veterans) joined ISS to lead up our ERS and
grow the team.  They're helping many companies in need.  What security
policy and procedures do you need in place to cover incidents.  When do you
call in law enforcement.  How do you contain the incident. As companies
begin to monitor their network infrastructure and see security breaches,
this area of emergency response is growing rapidly.  

ck

Dear all,

I just wondering, is there any way we can fight back
any intruders? Or is there any device can be used to
fight back??? Is it ethical or not??? Need some help.
Thanks!

Just me,

Nazim Jambli  

__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

Current thread:

Re: mouse trap + fight back!, (continued)
- - - Re: mouse trap + fight back! John D. Burkett (May 16)
    - RE: mouse trap + fight back! Glenn Williamson (May 17)
    - Bounced Messages [Mod FWD] Lister, Justin (May 17)
    - Re: Bounced Messages [Mod FWD] Talisker (May 17)
    - IDS & SNMP Nuno Miguel Neves (May 17)
    - Re: IDS & SNMP Greg Shipley (May 18)
    - Re: IDS & SNMP Allen Leibowitz (May 19)
  - Bounced Message (Mod FWD) Lister, Justin (May 16)
    - Re: Bounced Message (Mod FWD) Jackie Chan (May 16)
    - Re: Bounced Message (Mod FWD) Jonas Eriksson (May 17)
    - RE: mouse trap + fight back! Klaus, Chris (ISSAtlanta) (May 17)
    - RE: mouse trap + fight back! Schawacker, Peter (ISSCalifornia) (May 16)
    - Re: Bounced Message (Mod FWD) Dug Song (May 17)