Re: Mutually Assured DDoS

[Rich Kulawiec <rsk () gsp org>]

On Sun, May 03, 2009 at 08:58:54PM -0400, der Mouse wrote:
> > You've got a point, if the botnet is truly third party, but if it is
> > my honeypots, or those of subscribers who are managed by my service
> > and give consent?
>
> Then that objection goes away, yes, and it's just a question of to what
> extent your being attacked gives you a right to interfere with the
> operation of someone else's machines.  Personally, I find this
> questionable, even if you do correctly target your attacker's machines
> (something you will sooner or later make a mistake at, if you do this
> more than a few times).

I recognize, and largely agree with the ethical argument being made here,
as well as the fallibility argument.

Let me add another one: hubris.  Presuming that a known-compromised
system will actually do what you tell it to, or worse, presuming that
a known-compromised system IS doing what you just told it to do, may
be an excellent way to inform the opponent of your intentions...but
not much else.

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.