| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3F2A236A.4070304@nolog.org> From: lists at nolog.org (Martin Peikert) Subject: CounterAttack Hello, Dolbow, Phil wrote: > If your network is PROBED by another system, where do you draw your > line? the same where s/PROBED/ATTACKED - in my opinion a probe is a prelude to further attacks and therefore I can see no difference. (Sometimes the difficulty is to decide: Is this a probe or not?) > A) Log the data and otherwise do nothing. > B) Probe the other system. > C) Infiltrate the other system, but do no damage. > D) Shut the other system down. > E) Destroy the other system. > F) Destroy the other system and all others around it. *none* of the above. There are more possibilities between "shut up" and "fire back as hard as I can" and I really miss one thing: Try to find out who's probing/attacking you and *contact* the admins of the attacker's IP to prevent further probes/attacks. It's possible that the administrator of the host that attacked your network didn't know about that - I've contacted admins that didn't know what their users did or even that their network was compromised - the reaction was almost positive. If it's not a fixed IP, contact the ISP. I would never fight back before I tried to contact the other side - in almost every case a fight would not be necessary at all. Other possibilities: You could log the probe/attack and sue the attacker. You could drop all from IPs that probed/attacked you. I think there are more. Anyway, if an attack was successful - do you really think a counterstrike would prevent the attacker from further attacks? GTi
Powered by blists - more mailing lists