Re: Automatic Retaliation contra DoS

[d14z1n0n () HOTMAIL COM (Kang Fu)]

IMHO...
ANY sort of a retaliatory attack can be used against the person implementing
it...  While the case of attacking only completed sessions helps some I do
know that if I personally was doing such scans and I noticed your response,
I couldn't help but to have a little fun ;)

If I as the attacker used a strong firewall, then your reverse attack would
do nothing but draw my attention to your IP.  For myself, that would make
you a much more inviting target.  I would have to wonder what you were
protecting.  Definitely it would spark my curiosity to try to find ways I
could to take advantage of, or hack into, your setup.  Obviously if you were
responding with attacks I could assume your not using Windows right off...
And as well, your breaking the law by retaliating so I have little fear of
consequence at that point.

And if you were well enough secured that I couldn't hack you, then maybe I'd
just DoS you until I got bored.

Which one is more fun?  The dead fish or the live one?

----- Original Message -----
From: "Weston Pawlowski" <bug () WESTON CX>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Wednesday, May 17, 2000 3:52 PM
Subject: Re: Automatic Retaliation contra DoS

> Automatic retaliation is usually a bit dangerous, but it can
> still be a good thing, you just have to be careful...
>
> It can be used as a DoS against you... Let's say that you
> have portsentry setup to detect stealth TCP and UDP
> scans/floods, and it filters out all packets from the
> "attacker" via ipchains.
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com