That's absolutely right.
Not only aren't you sure to get back to the attacker real address, but even
if
you do, nothing tells you this is HIS machine. I mean that it belongs to
him.
He may be using the machine of some honest company (he can even be working
for
this company).
so, you end up "destroying" the network of a honest company, just because
some
bad guy there has tried to destoy yours. This company certainly has
responsibilities
here, but this does not give you the right to attack them.
sure you'll get a hard time in a court...
a concrete example is someone trying to flood your disk with large email
messages.
you get the idea to send him back these messages. you'll thus fill the disks
of all
the SMTP gateways between you and him... Their guys get mad at you, and in
the best case,
just add you to a public black list (such as the RBL). at the end, you can
feel happy
that you can no more use SMTP! suppose now that this is exactlly what the
attacker was after.
also, many attackers are trying to find bugs in the software you are using.
suppose a guy is trying to exploit bugs in, say your getthered daemon. what
you
do is install a relay, say traphim-gw, to trap bad guys. now, a second guy
tries to
exploit a bug in traphimgw itself. then you decide to install that fancy and
lastly
shipped secure-defend to really trap him. and so on. This only works if
secure-defend is
provably secure, and in general, this mean its code is very simple, which
thus reduces
its functionalities.
you'll hardly convince me that someone has developped a program that is
intelligent enough
to punish attckers, that checks the content of net packets and reacts
accordingly, and that
in a secure manner and efficiently, and at the same time, no one has
succeded in developping
secure daemons and programs to do normal stuff.
mouss
Paul D. Robertson wrote
> And if they're spoofing source addresses, you'll be sending packets at an
> innocent victim, and if they're doing the same thing...
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
