Vulnerability Development mailing list archives
Re: Automatic Retaliation contra DoS
From: mhw () WITTSEND COM (Michael H. Warfield)
Date: Thu, 18 May 2000 08:47:20 -0400
On Wed, May 17, 2000 at 11:04:13PM -0600, Weston Pawlowski wrote:
Whoa, calm down. I *never* said anything at all about doing anything to the attacker other than blocking him. "Retaliation" doesn't always mean "attack", and I didn't say anything that would even slightly imply that it did. And, if you would have actually read my post or the post that I was replying to, you would realize that what I'm speaking of is retaliating by cutting off the attacker's access to your system. What I was talking about is strictly defensive, no "federal crimes" are commited. Recommending the use of an attack is just as stupid as flaming about a post that you haven't even completely read.
Ok... I guess the problem was the subject. The terms "Automatic Retaliation" and "DoS" do evoke immediate images of couterattacks. I jumped the gun and appologize. Actually, seeing the title and reading the article, I was confused about that point. I seriously wondered if it had been suggested in a portion of an earlier message that had been cut off in editing. So that's my excuse for jumping to conclusions. :-) Regards, Mike
-Weston "Michael H. Warfield" wrote:On Wed, May 17, 2000 at 08:52:13PM -0000, Weston Pawlowski wrote:Automatic retaliation is usually a bit dangerous, but it can still be a good thing, you just have to be careful...
Ok... Rereading this paragraph, I can see that it might be referring to the DoS danger to you if you triggered on UDP or stealth scanning which can be easily spoofed. Based on that interpretation, I will agree with you but suggest we NOT use the term "retaliation". I typically use the term "reactive" or "adaptive" (such as a reaction system or an adaptive firewall) when describing things which react to scans but which do not "retaliate", "counter attack", or "counter probe". Was a misunderstanding in terminology. [...] Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Current thread:
- Re: DoS Local machines, (continued)
- Re: DoS Local machines Barclay Osborn (May 11)
- Re: Networking theories Helmethead (May 07)
- Re: Networking theories Dragos Ruiu (May 07)
- Re: Networking theories Blue Boar (May 07)
- Re: Networking theories Matthew King (May 08)
- Re: Networking theories Dug Song (May 08)
- Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 09)
- Re: Automatic Retaliation contra DoS Weston Pawlowski (May 17)
- Re: Automatic Retaliation contra DoS Michael H. Warfield (May 17)
- Re: Automatic Retaliation contra DoS Weston Pawlowski (May 17)
- Re: Automatic Retaliation contra DoS Michael H. Warfield (May 18)
- Re: Automatic Retaliation contra DoS Ryan Sweat (May 17)
- Re: Automatic Retaliation contra DoS Max Vision (May 17)