Hi! > I agree, countermeasures can have bad effects, both karmically, and legally. > If script kiddies are running scripts to attack your machine, why not have > your machine run scripts to attack attackers?
Define attackers. And define it well enough for a script to distinguish attackers from ordinary people without errors. If you can perform this miracle - yes, why not. > [portscanning] As in every program, a good algorithm has to perform in the expected way and it has to terminate. So apart from legal and ethical questions, you cannot simply answer a portscan on your machine with a protscan on their machine, this would never end. So now we have a script that remembers the machines it did a portscan on within a reasonable amount of time. This is already complicated enough for plenty of bugs plus it opens your machine to DoS-attacks. Is all this trouble worth the gain and what gain do we get anyway? > Isn't there an option in portsentry to forward packets, once an 'attack' is > detected, instead of dropping them? So once portsentry decides someone is > being malicous, it then starts forwarding all packets off to disney.com or > something? I think that's rather funny, however this may be another > 'attack'. Only now you're indirectly directly involved! So now disney, presumably a big company with good techs and even better lawyers, receives the attack. But they are not on the same ethernet as you and the attacker. The attacking packets have found their way from the attacker to you through and then to disney. Alright. Two cases: Case one: Disney's techs cannot figure out, what path the packets took. The have to deal with the attacks and spend money on it. Good job! Better use M$ if you want to hear cheers but don't consider ethical questions. Case two: Disney's techs can figure out what path the packets took. After a bunch of attacks from different sources, all of them were untraceable when taken alone, the techs were able to trace it back to you. So now the lawyers will talk to you, find out that you were not the attacker and hand the job back to the techs to find the original attackers? Unlikely. Ergo: Unless you are the NASA, secure your machine, log the attacks and smile. It always hits those with bad firewalls and that is someone elses problem. J�rn
