Eric Johnson <[EMAIL PROTECTED]> said ...
>
> I'm getting kind of tired of sending reports of
> port scans and attempted break-ins ...
>
> So something else is needed.
>
> Suppose we ... spoof the source address and
> perform a port scan against the port scanner's ISP?
> ... the ISP would see a port scan coming
> from one of his own customers and would be more
> likely to take an active interest in putting a
> stop to it.
If you're outside of the attacker's network, his ISP will most likely
silently drop any packets which claim to come from their address range, but
originate outside their own network.
If the attacker and you are using the same ISP, your spoofed port-scan will
likely expose your MAC address and you may lose your ISP account, and could
possibly face prosecution, depending on your ISP's AUP and the laws in your
country/locality.
Retaliation is not the proper response to attacks, real or perceived.
Remember that you propose to spoof the attacker's address in your response.
The attack itself could well have been made using a spoofed address, and you
will in effect be further victimizing someone who is already themselves a
victim.
Scanning is a way of life on the Internet now, and is somewhat analogous to
static on the radio. The best reaction to this is to 'turn up the squelch'
on those scans that you know are aimed at things for which you have no
vulnerability, and protect those resources which you must expose to the best
of your ability, or at least to the level of 'acceptable risk'.
--
-GWP
"If you're not part of the solution, you're part of the precipitate."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
