[Dshield] Firewall that bites back??? Addendum
ed.truitt at etee2k.net
Wed Nov 20 13:10:10 GMT 2002
What you are proposing is more in the line of "First, we have a bit of sport
with it - THEN we kill it". IMNSHO, it is good, clean fun to mess with
3133t hAx0r worms and the like through these methods. In fact, that is
(sort of) why I like LaBrea - not only can I do my civic duty by slowing
down these things, but I can also put the current activity live, on a web
site, for others to look at. (Never underestimate the power of humiliation
and ridicule.) However, if you were to respond to a portscan by launching a
DDoS attack against the scanner, now that would produce bad karma - and
possibly an email / call from your ISP's abuse desk.
Hmmm, that gives me an idea - maybe I will try and set up a "Don't let the
b*****ds get you down" BoF at SANS SF, where some of us can discuss this.
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
----- Original Message -----
From: "Richard Porter" <rwporter at kragoriantowers.com>
To: <list at dshield.org>
Sent: Wednesday, November 20, 2002 1:11 AM
Subject: RE: [Dshield] Firewall that bites back??? Addendum
> But where do you draw the line at active defense and deception? I would
> prefer to make the enemy think that my webserver is an IIS 5.0 when it
> is actually apache or vice versa. This drives them crazy and allows you
> to have a little fun in the defense process!
More information about the list