Christiansen, John (SEA) wrote: >2. Technical contacts should be attempted as one of the first lines of >action. If they are responsive that ought to fix the problem. But experience >teaches they aren't always responsive, so what to do then? This is where >"rules of engagement" might specify, for example, that you cannot >legitimately escalate to self-help without trying this route first, and >having it fail. > I submit that these problems can *always* be solved by technical means without having to "hack back". Regardless of where the attacking machine is, there is always a responsive ISP between the attacker and you. You ask that ISP to block the attacker's traffic. In the limit, that ISP is your own ISP. But it still works. One step beyond the limit is where the attacking machine is inside your own domain. At this point it is a management problem. Hacking back is never appropriate, unless we're talking nation states at war. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/
This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 12:02:49 PDT