Just my two cents on this topic ... Although I agree that counter attack _can_ be effective, I don't think it's very feasible. Take SQLSlammer for example. It's whole payload is one UDP packet 376 bytes big. Did you see that? UDP? Spoofing packets? Hell yes. Now, how do you know who is the real source of that packet. There is no way to know it. Now, of course, you can say that SQLSlammer doesn't spoof source packet IP address, but who says that won't happen in the future. So we have 2 grey areas of counter attacks: first is the legality of it and second is actual feasibility. I don't think this can hold water ... Best regards, Bojan Zdrnja ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon May 26 2003 - 09:32:32 PDT