[Dshield] Firewall that bites back??? Addendum

Ed Truitt ed.truitt at etee2k.net
Wed Nov 20 13:10:10 GMT 2002


What you are proposing is more in the line of "First, we have a bit of sport
with it - THEN we kill it".  IMNSHO, it is good, clean fun to mess with
3133t hAx0r worms and the like through these methods.  In fact, that is
(sort of) why I like LaBrea - not only can I do my civic duty by slowing
down these things, but I can also put the current activity live, on a web
site, for others to look at.  (Never underestimate the power of humiliation
and ridicule.)  However, if you were to respond to a portscan by launching a
DDoS attack against the scanner, now that would produce bad karma - and
possibly an email / call from your ISP's abuse desk.

Hmmm, that gives me an idea - maybe I will try and set up a "Don't let the
b*****ds get you down" BoF at SANS SF, where some of us can discuss this.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "Richard Porter" <rwporter at kragoriantowers.com>
To: <list at dshield.org>
Sent: Wednesday, November 20, 2002 1:11 AM
Subject: RE: [Dshield] Firewall that bites back??? Addendum


> All,
>
> But where do you draw the line at active defense and deception? I would
> prefer to make the enemy think that my webserver is an IIS 5.0 when it
> is actually apache or vice versa. This drives them crazy and allows you
> to have a little fun in the defense process!
>
>
> Richard




More information about the list mailing list