Re: Mutually Assured DDoS

[der Mouse <mouse () rodents-montreal org>]

> > > If I can detect and own a botnet that is attacking me, and reverse
> > > it on its herders, I think that is a highly respectable thing to
> > > do.
> > [...] machines belonging to arm's-length third parties, and you have
> > no more right to abuse them for your ends than those abusing them to
> > attack you do.
> You've got a point, if the botnet is truly third party, but if it is
> my honeypots, or those of subscribers who are managed by my service
> and give consent?

Then that objection goes away, yes, and it's just a question of to what
extent your being attacked gives you a right to interfere with the
operation of someone else's machines.  Personally, I find this
questionable, even if you do correctly target your attacker's machines
(something you will sooner or later make a mistake at, if you do this
more than a few times).  I am not someone who believes two wrongs can
make a right.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.