Vulnerability Development mailing list archives

Re: Automatic Retaliation contra DoS

From: mhw () WITTSEND COM (Michael H. Warfield)
Date: Thu, 18 May 2000 08:47:20 -0400


On Wed, May 17, 2000 at 11:04:13PM -0600, Weston Pawlowski wrote:

Whoa, calm down. I *never* said anything at all about doing anything to the
attacker other than blocking him. "Retaliation" doesn't always mean "attack", and
I didn't say anything that would even slightly imply that it did. And, if you
would have actually read my post or the post that I was replying to, you would
realize that what I'm speaking of is retaliating by cutting off the attacker's
access to your system. What I was talking about is strictly defensive, no "federal
crimes" are commited. Recommending the use of an attack is just as stupid as
flaming about a post that you haven't even completely read.


        Ok...  I guess the problem was the subject.  The terms
"Automatic Retaliation" and "DoS" do evoke immediate images of
couterattacks.  I jumped the gun and appologize.  Actually, seeing
the title and reading the article, I was confused about that point.
I seriously wondered if it had been suggested in a portion of an
earlier message that had been cut off in editing.  So that's
my excuse for jumping to conclusions.  :-)

        Regards,
        Mike

-Weston

"Michael H. Warfield" wrote:

On Wed, May 17, 2000 at 08:52:13PM -0000, Weston Pawlowski wrote:

Automatic retaliation is usually a bit dangerous, but it can
still be a good thing, you just have to be careful...


        Ok...  Rereading this paragraph, I can see that it might be
referring to the DoS danger to you if you triggered on UDP or stealth
scanning which can be easily spoofed.  Based on that interpretation,
I will agree with you but suggest we NOT use the term "retaliation".
I typically use the term "reactive" or "adaptive" (such as a reaction
system or an adaptive firewall) when describing things which react to
scans but which do not "retaliate", "counter attack", or "counter probe".
Was a misunderstanding in terminology.

        [...]

        Mike

--
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Current thread:

Re: DoS Local machines, (continued)
- - - Re: DoS Local machines Barclay Osborn (May 11)
  - Re: Networking theories Helmethead (May 07)
  - Re: Networking theories Dragos Ruiu (May 07)
  - Re: Networking theories Blue Boar (May 07)
- Re: Networking theories Matthew King (May 08)
  - Re: Networking theories Dug Song (May 08)
  - Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 09)
    - Re: Automatic Retaliation contra DoS Weston Pawlowski (May 17)
    - Re: Automatic Retaliation contra DoS Michael H. Warfield (May 17)
    - Re: Automatic Retaliation contra DoS Weston Pawlowski (May 17)
    - Re: Automatic Retaliation contra DoS Michael H. Warfield (May 18)
    - Re: Automatic Retaliation contra DoS Ryan Sweat (May 17)
    - Re: Automatic Retaliation contra DoS Max Vision (May 17)
  - Re: Networking theories Pavel Kankovsky (May 09)