WebApp Sec mailing list archives
Re: Hack the hackers :)
From: Walter Wart <ribbit () speakeasy net>
Date: Thu, 15 Apr 2004 09:57:45 -0700
On 4/15/04 8:45 AM, "stevenr () mastek com" <stevenr () mastek com> wrote:
A very good question, the exact one that is making this paper so controversial. This is what those guys have to say for this "...In regards to spoofed attacks, when there is no positive identification of the attacker (that is, we cannot positively attribute an attack back to its source), deploying defensive countermeasures and reporting intelligence would be most appropriate. However, this decision (and the power to initiate an offensive countermeasure) ultimately resides in the hands of our customer...." May not be the perfect solution for all security problems, but this would make script-kiddies and saboteurs think twice before hitting a competitors network if they are going to have their own network washed out in retaliation.
It won't "make the script kiddies think twice". It will mean that you are committing a crime and know that you're doing it. And like the last correspondent said most attacks come from someone else's machines, not the attacker's. It's the innocent third parties who will suffer. The attackers will be completely unaffected.
Current thread:
- FW: Hack the hackers :) stevenr (Apr 15)
- Re: Hack the hackers :) A.D. Douma (Apr 15)
- <Possible follow-ups>
- RE: Hack the hackers :) Kevin Hammond (Apr 15)
- RE: Hack the hackers :) stevenr (Apr 15)
- Re: Hack the hackers :) Walter Wart (Apr 15)
- RE: Hack the hackers :) Tom Martin (Apr 15)