Friday, March 13, 2009

You don't win a war by defending yourself

Chris Hoff recently made this observations in a post about offensive computing and he's right. This is akin to carrying a gun in the real world to defend yourself, however this doesn't translate well into the wild west we call the internet. Fighting back can have significant unintended not to mention legal consequences.

The Metasploit site recently became the victim of a petty DDOS attack. Now the last person you want to DDOS is HD Moore and co. An amusing side effect though was that the victim could redirect the attack and basically flood anyone they wanted to by changing their own DNS entries. In theory they could have redirected the attack at individual attackers in the botnet systematically knocking them off the net, but they wouldn't know who was on the receiving end. Fighting back would be risky.

You may also find yourself on the wrong side conscripted into a fight you never knew or cared about. With aging and overloaded plumbing (dns, bgp, etc) it's hard enough to play fair. Guess it's time to layout the tar pits.

No comments:

Post a Comment