RE: Hack the hackers :)

[<stevenr () mastek com>]

A very good question, the exact one that is making this paper so
controversial. This is what those guys have to say for this

"...In regards to spoofed attacks, when there is no positive
identification of the attacker (that is, we cannot positively attribute
an attack back to its source), deploying defensive countermeasures and
reporting intelligence would be most appropriate. However, this decision
(and the power to initiate an offensive countermeasure) ultimately
resides in the hands of our customer...." 


May not be the perfect solution for all security problems, but this
would make script-kiddies and saboteurs think twice before hitting a
competitors network if they are going to have their own network washed
out in retaliation.


Regards, 
Steven Rebello 




-----Original Message-----
From: Kevin Hammond [mailto:kghammond () nrscorp com] 
Sent: Thursday, April 15, 2004 9:07 PM
To: Steven Rebello; webappsec () securityfocus com
Subject: RE: Hack the hackers :)

How do you attack the attackers, if the attackers are attacking from a
compromised network???

Kevin Hammond
Network Administrator
NRS Corporation
608-273-4665 x223
http://www.nrscorp.com/


-----Original Message-----
From: stevenr () mastek com [mailto:stevenr () mastek com]
Sent: Thursday, April 15, 2004 6:08 AM
To: webappsec () securityfocus com
Subject: FW: Hack the hackers :)


Hi folks,

Came across this paper "On the Rules of Engagement" from Symbiot Inc
proposes that a strong network defense system is not deterrent enough.
They suggest countermeasures by "returning fire" against the attackers
network, basically attack the attackers networks. If I am not mistaken,
this is the first time such an approach has been formalised. Its gonna
be worth seeing how this is taken forward. 

http://symbiot.com/media/iwROE.pdf

Heres an interesting interview by onlamp.com with the writer of this
paper

http://www.onlamp.com/pub/a/security/2004/03/10/symbiot.html

Regards
Steven Rebello




MASTEK
"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
In the US, we're called MAJESCO

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the individual and not
that of Mastek Limited, unless specifically indicated to that effect.
Mastek Limited does not accept any responsibility or liability for it.
This e-mail and attachments (if any) transmitted with it are
confidential and/or privileged and solely for the use of the intended
person or entity to which it is addressed. Any review, re-transmission,
dissemination or other use of or taking of any action in reliance upon
this information by persons or entities other than the intended
recipient is prohibited. This e-mail and its attachments have been
scanned for the presence of computer viruses. It is the responsibility
of the recipient to run the virus check on e-mails and attachments
before opening them. If you have received this e-mail in error, kindly
delete this e-mail from all computers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2004 NRS Award and NRS Conference Sept 8-9 Applications are available.
Go to www.nrscorp.com.