I had my ISP email me about me "portscanning" my own machine at my work. Calling it an 'agressive' attack.

Since this time, I both applaud the awareness of this ISP, yet am very careful whenever i do something questionable.

Automatic "isolation" would have been horrible for me at the time, considering that I was doing work from home.

A suitable alternative, may be a webform online, where those responsible for the IP range are informed, and maybe the account (yes, account) and IP's data should be logged for scrutiny at the admins discression.

This would negate the "striking back", theory although I do believe that an elegant "fix", and maybe even something canned from a third party ( downloadable from security focus ;) should be the only valid form of retaliation.

Hell, it would almost end up being like a space invaders game. The infected machines coming closer and closer, while your "weapon" takes them out..

One by one.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/203/24229#24229