>>> If I can detect and own a botnet that is attacking me, and reverse >>> it on its herders, I think that is a highly respectable thing to >>> do. >> [...] machines belonging to arm's-length third parties, and you have >> no more right to abuse them for your ends than those abusing them to >> attack you do. > You've got a point, if the botnet is truly third party, but if it is > my honeypots, or those of subscribers who are managed by my service > and give consent?
Then that objection goes away, yes, and it's just a question of to what extent your being attacked gives you a right to interfere with the operation of someone else's machines. Personally, I find this questionable, even if you do correctly target your attacker's machines (something you will sooner or later make a mistake at, if you do this more than a few times). I am not someone who believes two wrongs can make a right. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
