TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I am personally against these types of counterattacks, because often the IP
address is spoofed. Unless you know you are hitting the attacker, you could
bring down an innocent server which will cause headaches, or worse could
involve legal action.
It could also really tick off the hacker, which may make them seek
revenge...
Good luck.
Paul
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, April 23, 2001 1:17 PM
> To: [EMAIL PROTECTED]
> Subject: to RealSecure_Kill or Not
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
> --
>
> Is it a good thing to use RealSecure_Kill, or is it just letting the bad
> guys know the IDS I am running without any value.
>
> I would be interested in knowing the conditions under which compainies are
> triggering RealSecure_Kill. We have what I consider an aggressive stance.
> If the attack is ranked high and it is against a service or OS we run I
> kill it. After an extensive set of HTTP_HEAD alerts recording someone
> attempting various HTTP and cgi attacks I am considering
> RealSecure_Killing all HTTP_HEAD attempts. I am concerned it would be a
> "feel good" act that would tell more to the bad guy then I would deny
> them?
>
> ----------------------------------------------------------------
> Get your free email from AltaVista at http://altavista.iname.com
>
