RE: Hack the hackers :)

["Tom Martin" <Tom () 118 com>]

The problem isn't just compromised networks - ie, hackers using the machines of "innocent" third-parties to launch 
attacks.

The problem with any kind of pro-active defense against internet attacks is the fact that source IP addresses can be 
spoofed - what this leads to is a situation where the pro-active defence system becomes a new form of attack for 
hackers to use:

If the hackers real target is company A, all he has to do is attack company B, knowing it has the latest pro-active 
defence system, using spoofed source addresses to make the attack appear to be coming from company A - result, company 
B's defence system retaliates against company A's attack in kind, and company B does the hackers job for him.


-----Original Message-----
From: Kevin Hammond [mailto:kghammond () nrscorp com]
Sent: 15 April 2004 16:37
To: stevenr () mastek com; webappsec () securityfocus com
Subject: RE: Hack the hackers :)


How do you attack the attackers, if the attackers are attacking from a
compromised network???

Kevin Hammond
Network Administrator
NRS Corporation
608-273-4665 x223
http://www.nrscorp.com/


-----Original Message-----
From: stevenr () mastek com [mailto:stevenr () mastek com] 
Sent: Thursday, April 15, 2004 6:08 AM
To: webappsec () securityfocus com
Subject: FW: Hack the hackers :)


Hi folks,

Came across this paper "On the Rules of Engagement" from Symbiot Inc
proposes that a strong network defense system is not deterrent enough.
They suggest countermeasures by "returning fire" against the attackers
network, basically attack the attackers networks. If I am not mistaken,
this is the first time such an approach has been formalised. Its gonna
be worth seeing how this is taken forward. 

http://symbiot.com/media/iwROE.pdf

Heres an interesting interview by onlamp.com with the writer of this
paper

http://www.onlamp.com/pub/a/security/2004/03/10/symbiot.html

Regards
Steven Rebello




MASTEK
"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
In the US, we're called MAJESCO

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the individual and not
that of Mastek Limited, unless specifically indicated to that effect.
Mastek Limited does not accept any responsibility or liability for it.
This e-mail and attachments (if any) transmitted with it are
confidential and/or privileged and solely for the use of the intended
person or entity to which it is addressed. Any review, re-transmission,
dissemination or other use of or taking of any action in reliance upon
this information by persons or entities other than the intended
recipient is prohibited. This e-mail and its attachments have been
scanned for the presence of computer viruses. It is the responsibility
of the recipient to run the virus check on e-mails and attachments
before opening them. If you have received this e-mail in error, kindly
delete this e-mail from all computers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2004 NRS Award and NRS Conference Sept 8-9 Applications are available.  Go to www.nrscorp.com.



***********************************************************************************
This e-mail may constitute privileged information. If you are not
the intended recipient, you have received this confidential email
and any attachments transmitted with it in error and you must
not disclose, copy, circulate or in any other way use or rely on its
information.
The contents of this email are those of the individual and do not
necessarily represent the views of the company.
The company does not conclude contracts by email and all negotiations
are subject to contract.
************************************************************************************