WebApp Sec mailing list archives
RE: Hack the hackers :)
From: "Tom Martin" <Tom () 118 com>
Date: Thu, 15 Apr 2004 17:12:28 +0100
The problem isn't just compromised networks - ie, hackers using the machines of "innocent" third-parties to launch attacks. The problem with any kind of pro-active defense against internet attacks is the fact that source IP addresses can be spoofed - what this leads to is a situation where the pro-active defence system becomes a new form of attack for hackers to use: If the hackers real target is company A, all he has to do is attack company B, knowing it has the latest pro-active defence system, using spoofed source addresses to make the attack appear to be coming from company A - result, company B's defence system retaliates against company A's attack in kind, and company B does the hackers job for him. -----Original Message----- From: Kevin Hammond [mailto:kghammond () nrscorp com] Sent: 15 April 2004 16:37 To: stevenr () mastek com; webappsec () securityfocus com Subject: RE: Hack the hackers :) How do you attack the attackers, if the attackers are attacking from a compromised network??? Kevin Hammond Network Administrator NRS Corporation 608-273-4665 x223 http://www.nrscorp.com/ -----Original Message----- From: stevenr () mastek com [mailto:stevenr () mastek com] Sent: Thursday, April 15, 2004 6:08 AM To: webappsec () securityfocus com Subject: FW: Hack the hackers :) Hi folks, Came across this paper "On the Rules of Engagement" from Symbiot Inc proposes that a strong network defense system is not deterrent enough. They suggest countermeasures by "returning fire" against the attackers network, basically attack the attackers networks. If I am not mistaken, this is the first time such an approach has been formalised. Its gonna be worth seeing how this is taken forward. http://symbiot.com/media/iwROE.pdf Heres an interesting interview by onlamp.com with the writer of this paper http://www.onlamp.com/pub/a/security/2004/03/10/symbiot.html Regards Steven Rebello MASTEK "Making a valuable difference" Mastek in NASSCOM's 'India Top 20' Software Service Exporters List. In the US, we're called MAJESCO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Opinions expressed in this e-mail are those of the individual and not that of Mastek Limited, unless specifically indicated to that effect. Mastek Limited does not accept any responsibility or liability for it. This e-mail and attachments (if any) transmitted with it are confidential and/or privileged and solely for the use of the intended person or entity to which it is addressed. Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. This e-mail and its attachments have been scanned for the presence of computer viruses. It is the responsibility of the recipient to run the virus check on e-mails and attachments before opening them. If you have received this e-mail in error, kindly delete this e-mail from all computers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2004 NRS Award and NRS Conference Sept 8-9 Applications are available. Go to www.nrscorp.com. *********************************************************************************** This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on its information. The contents of this email are those of the individual and do not necessarily represent the views of the company. The company does not conclude contracts by email and all negotiations are subject to contract. ************************************************************************************
Current thread:
- FW: Hack the hackers :) stevenr (Apr 15)
- Re: Hack the hackers :) A.D. Douma (Apr 15)
- <Possible follow-ups>
- RE: Hack the hackers :) Kevin Hammond (Apr 15)
- RE: Hack the hackers :) stevenr (Apr 15)
- Re: Hack the hackers :) Walter Wart (Apr 15)
- RE: Hack the hackers :) Tom Martin (Apr 15)