My $0.02 addition:
"Paul D. Robertson" wrote:
>
> On Tue, 21 Dec 1999, Eric wrote:
>
> > How about just running a port scan against whoever is portscanning you.
> > If someone sees port scans coming from a system they are trying to break
> > into, it would hopefully scare them off.
>
> A lot of times scans are done from an already compromised host, *if*
> they're even watching (and most scanners are script kiddles) then all
> it'll do is prompt them to run nmap with a crapload of source addresses
> spoofed for 198 "cute" source addresses that portscanning will get *you* and
> *your hosts* on a watchlist. At that point, if they do find a vulnerability
> in your hosts at a later date, things are going to look more
> incriminating for you if they use a compromised host on your network for
> the follow-up attacks against the hosts they've spoofed.
>
> Personally, I think that the energy spent on trying to "strike back" is
> better spent on defense.
To summarize a number of points already made on this thread:
People too easily forget that even a marginally technically literate
script kiddy can have a strong sense of irony. If you put in
aggressively [over]reactive security countermeasures, someone will find
an imaginative way to turn this against you. And, recalling examples of
this, it seems that someone who isn't much less of a threat to your
system or network can easily set up a denial of service or otherwise get
you in trouble when you automate what you assume to be clever
counterattacks.
So: how bad do you want to get played?
-Bayard
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
