Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
When Striking Back is The Best Defense
Tim Mullen, 2003-12-15

It shouldn't be a crime to reach out and hack an infected machine that's attacking your network.

Comments Mode:
When Striking Back is The Best Defense 2003-12-15
Dmitriy (1 replies)
This article proposes some very good ideas. I do think we have the right to strike back.

This will, however, bring up a whole new array of problems, just like the "self defense" principle does in case of people attacking eachother. At which point is it OK to use self defense? What is reasonable f...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-20
x_dimitri
Well, I think that any admin who knows enough to 'strike back' effectively knows enough to not put a destined-to-be-owned box out there. So the issue of the same incompetent admins striking back shouldn't be a problem....

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-15
SavageForce
I'm based in New Zealand so I know what better than most what bandwidth costs me, and what effect the constant stream of Welchia worm packets, Nimbda and the rest have on my bottom line.

In general I agree with your sentiments, but never the less I think its impractical and prone to serious abuse...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-15
Tommy Ward
As an alternative, I believe that civil or criminal liability on the part of the "victim" who allows their box to be used for attack propagation is something that should be considered.

Consider an automobile analogy: If someone hotwires my car while it is parked in my driveway, and then they go ...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-15
nevada smitth
The wild Wild west theory works for me. Everyone in the computer business knows the internet is not safe, and really has no law.
So hangem high.



...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-15
pgroce
Honestly, do you do this solely to make people mad at you?

There are two major problems with this type of approach, as I see it. The first is determining that an attack on another machine is, in fact, retaliatory. This may be "obvious" in some cases; not so much in others.

More importantly, co...

[ more ]  [ reply ]
The Alternate Methodology 2003-12-15
Matthew Murphy
As usual, Tim's article takes the most extreme solution to every potential problem. The real solution is a controlled loss prevention mechanism. If a user runs an infected box, they are criminally negligent -- it is about time that administrators take responsibility for basic maintainance.

If m...

[ more ]  [ reply ]
Ouch... err, no. How about this instead? 2003-12-15
Penguinisto
(BTW - tell Neil I said "Hi!" :) )

There are much less intrusive ways of cutting down on the nimda bandwidth, ne? Why not just call up the ISP, explain the problem, and have them deny those particular packet types from that particular address at their own border routers? If someone from that addr...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-16
TCSEC
Meh- This sounds fishy. How do you define "Attacking"? It doesn't seem like too much of a stretch before an onslaught of spam is twisted into an attack and suddenly you've got anarchy.
Striking back isn't really an option. Block traffic w/ network devices wherever possible....

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-16
LoomChild
Wish I could go to BlackHat and hear what you have to say, but as a poor Swede I guess I'd have to swim there. ;) Anyways, what you are thinking is something I have wanted to be able to do many times. I know it to be effective at times, when you have a directed attack and manages to outsmart and loc...

[ more ]  [ reply ]
Great idea...all I have to do is spoof an attack on you from my enemy, and you'll take him out for me! 2003-12-16
Anonymous
This is, like, one-stop shopping for lazy hackers. All I have to do is take my "enemies list", spoof attacks from their IPs to your systems, and you'll take care of them for me. Lovely service you're offering.
...

[ more ]  [ reply ]
Why attack when you don't have to listen? 2003-12-16
Anonymous (2 replies)
This is completely unnecessary. No one is forcing you to listen to any machine on the Internet. Why attack the machine when blackholing its IP would be just as effective?
...

[ more ]  [ reply ]
Why attack when you don't have to listen? 2003-12-17
Anonymous
black holeing an ip is only going to work for a static ip. More and more isps are using CIDR, multiple netblocks, dynamic dns. Take AOL for example, If I disconnect and reconnect I can show up anywhere in a class A. Verizon dsl and bell* typically show up anywhere in a class B. There is no easy sol...

[ more ]  [ reply ]
Why attack when you don't have to listen? 2003-12-22
Anonymous
Did you not read the article? Bandwidth costs money. Every bit that crosses the line adds to the bill. Even if you blacklist an IP, that just keeps its traffic off your internal network. You still have to pay for its bandwidth....

[ more ]  [ reply ]
When Striking Back is The Best Defense, use SPIKE Proxy! 2003-12-16
Dave Aitel (1 replies)
Just letting you know SPIKE Proxy will solve all your problems! Go me!

- Dave


PS: Buy Canvas so I can pay the rent this month!...

[ more ]  [ reply ]
Alright, that was cute. [n/t] 2003-12-17
Anonymous (1 replies)
[ and what if this was really dave pretending not to be dave? Or maybe it's not dave pretending to be dave pretending not to be dave? hm. more beer. ]...

[ more ]  [ reply ]
Alright, that was cute. [n/t] 2003-12-21
Dave Aitel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That wasn't me, although I thought it was funny. :>
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/5dzrB8JNm+PA+iURAlL9AJ9JOcjavPUL6Ey+p5eTJXUS1VfcgQCf
dYWO
6HpkiU/B3046oiVuP7oDyb8=
=5iMp
-----END PGP SIGNATUR...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-16
Anonymous
Striking back is fraught with too many problems to be practical.
Simply forging the source of an attack can cause irreparable harm to an innocent 3rd party.
Attacking/hacking/cracking a system is illegal irregardless of intent.
?The road to hell is paved with good intentions.? ? Unknown author
...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-16
Nick Seidenman, CISSP
Self-defense isn't about recovering lost property, or preventy further loss. There are civil remedies for that kind of tort. Those who simply don't want to bother presenting their case before a trier of fact, who would instead rather just take matters into their own hands are vigilantes,

Your ...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-17
Anonymous
Well, as usual Tim talks before thinking..
Many here already pointed out how easy it is to spoof ip addresses and what a nice defence it gives to hackers.. I just wonder..

I can understand the sentiment, but the proposed solution not only doesn't work, it causes way more problems then it is tryi...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-17
Jerry Ozbun
First time Posting

A lot of good points have been brought up. I especially enjoyed Mr. Murphy?s response. He had a lot of great points. I think that Tim's solution is a tad overdramatic.

Looking at the Hack Back theory at first it might work well. We have a smallish audience here, since if you...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-17
Anonymous
"It singularity when it is clearly and definitively infected with a worm that
will continue to attack every box it
can find until stopped."

It's trespassing on someones property
no matter well intentioned you may be and it's a crime scene you have no idea what the Hacker did to the comput...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-18
Anonymous
I agree that we need to strike back.
But by hacking back, you are doing the same thing, and I can see no difference between the two hackings.
What we really need is to make the cost of having an unprotected or hacked machine to be significant. By achieving this we gave the right incentive to peop...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-19
Paul
I agree the ISP should be required to remove the offending system from its network untill the owner can prove that the system is no longer a threat to other people. This should only be done once the ISP has confirmed the complaint made.

You will always get people that will try to abuse any system...

[ more ]  [ reply ]
Another vote for ISP involvement 2003-12-19
Anonymous
I agree with the bulk of responses to the article. The ISPs are in the perfect position to discover and eliminate many types of network attacks. Customer profiling, scanning email for viruses, and other techniques could be best deployed at the ISP's backbone. It's long past time that ISPs checked th...

[ more ]  [ reply ]
When Striking Back is The Best Defense 2003-12-20
Anonymous
I had my ISP email me about me "portscanning" my own machine at my work. Calling it an 'agressive' attack.

Since this time, I both applaud the awareness of this ISP, yet am very careful whenever i do something questionable.

Automatic "isolation" would have been horrible for me at the time, co...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus