Gee, someone actually sees that active response from an administrator could cause more harm than good. Perhaps you should write this column and this M$ apologist should take his mispent agressions out on small rodents.

My favorite case is this:

Machine A receives traffic which looks malicious and looks like it comes from Machine B. Machine A admins do a lookup to determine the ownership of Machine B or Machine B's service provider and make a few phone calls. If owned by a legally responsible entity, Machine B is investigated and either fixed or cleared of charges. If Machine B is a cable-modem or DSL machine, Machine A's admins contact the ISP for Machine B and let them handle it. Machine A admins have acted responsibly and legally.

Why change what works? If it is worth your time to counter-hack, it is worth your time to get your ducks in a row and contact the correct law enforcement entity. This idea is worse than most laws being passed today. It violates Constitutionally protected rights to due process and promotes irresponsibility in a profession where irresponsibility seems to be the norm.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/98/15959#15959