Forwarded from: Bill Scherr IV <bschnzl (at) cotse.net> Cc: jericho (at) attrition.org Is it really that simple? There is much that can be done on your own systems to collect data, and alter appearances. Analyzing that data, while keeping the upper hand, takes skill and luck. It will never happen if active technical countermeasures are lumped into the "hacking back" pile. Any engagement with the attacker will travel thru many other people's machines. Of course, it takes a lot of experience (after a lot of training), practice, and a rock solid tool kit, all of which are rare. Then there is the time ($$$) involved. The line that must not be crossed, by any but government, is ownership. The tool kit would contain HoneyPots ('nets, LaBrea, THP), packet manglers, transparent proxies, solid protection and assurance, et cetera. The data to grok would be voluminous. Success and failure could hinge on a single bit. Sourcing, summarizing, and communicating that data takes much expertise. That means law enforcement must a) have the expertise and b) establish the environment to encourage such action. But we have to start somewhere! Otherwise, we will not civilize the wild west. All that is required for evil to prevail is that good folk do nothing! B. Circa 0:22, 25 Jan 2011, a note, claiming source InfoSec News <alerts (at) infosecnews.org>, was sent to me: Date sent: Tue, 25 Jan 2011 00:22:34 -0600 (CST) From: InfoSec News <alerts (at) infosecnews.org> To: isn (at) infosecnews.org Subject: Re: [ISN] Is retaliation the answer to cyber attacks? Organization: InfoSec News - http://www.infosecnews.org/ > Forwarded from: security curmudgeon <jericho (at) attrition.org> > > Oh jeez.. didn't this silly notion out ten years ago? > > : http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html > > : "We want to strike back. We want to exploit his network," said > : Oudot. You want statistics and logs related to the attacker, and it > : might be the idea of attacking ZeuS or SpyEye or even a > : state-sponsored attacker. It's not so complex to find zero-day > : vulnerabilities that would allow subversion of attack tools, noted > : Oudot, whose firm has experience in identifying vulnerabilities, > : including several related to mobile devices. He suggested it would > : be fairly simple to strike back against exploit packs such as > : Eleonore, or feed fake information into attacker's hands. "You can > : strike back," Oudot said. "Your enemies are not ethical hackers." > > The people who own the systems they exploit and use for their attacks, > likely are ethical. Breaking into the system they broke into puts you > in the same legal territory as the 'unethical hacker'. It doesn't > matter that your intentions are noble, you are breaking the law just > as much as those attacking you. > > Any founder and CEO of an *ethical* hacking company should know this. > > > ___________________________________________________________ > Tegatai Managed Colocation: Four Provider Blended > Tier-1 Bandwidth, Fortinet Universal Threat Management, > Natural Disaster Avoidance, Always-On Power Delivery > Network, Cisco Switches, SAS 70 Type II Datacenter. > Find peace of mind, Defend your Critical Infrastructure. > http://www.tegataiphoenix.com/ STOP SPAM - use whitelists pub 1024D/6382216F 2008-06-20 [expires: 2013-06-19] Key fingerprint = 5F6A F5AD 1FE0 73CA 2393 A62E 2469 0F95 6382 216F uid Bill Scherr IV (Ownership is Vital) <bschnzl (at) cotse.net> ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Thu Jan 27 2011 - 03:16:32 PST
This archive was generated by hypermail 2.2.0 : Thu Jan 27 2011 - 03:21:16 PST