Slashdot Mirror
CNN Asks "Can You Hack Back?"
dboothe writes: "CNN.COM has a somewhat interesting article on whether or not it is okay to fight back when being hacked. In the scenario they bring up with the WTO website, it seems pretty clear that they likely should have steered clear, working on the probable assumption that the IP address used was just a dummy machine that had been cracked previously. But what about other situations where it's more of a grey area?"
This is a moot point. Any cracker worth their salt is going to be behind so many machines that attacking back will be impossible without some for-real research and tracking. Just my $0.02.
Have a Happy.
If you have an automated defense system, I don't see as how that is "taking the law into your own hands," you are just protecting your system against intuders and ensuring they won't come back. If you wait a while and then go after their server, that seems more like revenge IMHO.
Theoretically at least.
This would trigger the same shit as the 1st man/woman who applied violence did.
In reality..hmm one could at least make it impossible for him to continue his activities.
- --[... The secret of the hanged man, the smile on his lips... ]-- -
If you see someone logged in from an unknown IP (amusing you screwed both tcp wrappers, OpenSSHD and your firewall up), just start ping flooding that IP. Ping first ask questions latter. Don't bother loging the user out, just ping attack the hell out of him and his network (and pray the God it isn't Bob in the next office on the same ethernet segment as you)
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
So, therefore, while somebody may be attempting to get into your systems, you can't legally break into theirs. There's nothing physically stopping you, but if you were to attack the wrong machine, or their attempt on you was an accident and you (in retaliation) bring down mission-critical systems - you'll get into a nice big legal mess (UK users can face an unlimited fine and 5 years imprisionment - bringing down a system would come under part 3 of the aforementioned Act - IANAL)
Remember - two wrongs do not make a right...
Richy C.
--
Somebody who's running a DDOS attack - unlike the hapless electrohippies - is going to be IP spoofing and using a multitude of machines. If you bounce all the attacking packets back, all you're likely to hit is a large number of machines belonging to innocent people with bad security.
--
--
Wait a minute, this sounds like rock and/or roll. - Rev. Lovejoy
"Two wrongs don't make a right"
As tempting as it may be to give them "a taste of their own medicine", the chances are that you're just going to be attacking an innocent bystander whose machine has been cracked, and is being used to launch the attack on yours.
Even if you do hit back at the actual cracker, so what? So you trash his PC and some files; it's not like it's going to put him out of business, or cost him thousands of pounds to restore it.
IMHO, the best thing to do is just find out as much as you can, co-operate with the authorities, and let them deal out any punishment.
Cheers,
Tim
It's official. Most of you are morons.
Attacking back is just going to give the government and industries a reason to try and pass more controlling legislation. Its too close to them being able to create a "Wild West" analogy, where they would have to protect the "innocent women and children."
There have long been accepted channels for handling these situations, such as contacting the sysadmins for the ISPs, *cough* the FBI & local police (Okay, I know, they are often clueless, but they arent going to get MORE clueful if we keep going AROUND them!), etc.
Check out Magic Firesheep!
When I get my "always on" internet at home,
I want to watch for crackers and try to
link back to them. Seems like it would
be fun and educational.
Surely a program could watch for "attacks" and
just let them in. Try to hold thier attention
long enough to trace back to them.
Or am I just crazy?
I'd say that hacking back was justice if you could be sure that the system you were hacking back was the hacker's. But you can't. It would be really terrible if (a) somebody started attacking your web site, (b) you found and attacked the source of the attacks, to make that machine cease operations, (c) it turned out that the machine you just blasted belonged to your good friends at Thyme magazine, and had itself been hacked... oops.
Gotta watch out for that friendly fire.
Sunlit World Scheme. Weird and different.
I would think that fighting back harshly (ie, not just "returning mail" like the article implies) would make the victim now no better than the attacker. It is pretty obvious the the e-hippies weren't so bright in using one IP (and their home one at that), and that most real crackers would use boat-loads of other systems. The victim in this case was fortunate to be able to trace it back to just one IP. Of course, hopefully DoS attacks will occur less now that security IT professionals know what to look for.
There are four boxes used in defense of liberty: soap, ballot, jury, ammo. Use in that order.
That was actually first written in a tech journal that my office recieves, and then CNN stole it. I forget which one.
Eh...
If the webhost believes that they know where the assualt comes from, it can't hurt to try to fight back.
If they correctly identify the attackers and give them a dose of their own medicine, the attack will quickly stop.
If however the attacker is using computers that have been previously taken over, whats the damage? Those computers (more than likely only desktop's in some business or school) cant access the net for a small amount of time. No big deal. No one loses money and some college kid just can't check his email on that machine for a little bit. Big deal.
It looks to me like there is something to gain (the end of these attacks and such) and not very much to lose by striking back. It would be different if we were talkign about shooting at someone and hoping they were the real attacker, but we are talking about internet access.
On the other hand, businesses and the gov are really good at putting figures on damage that come out of nowhere. "Our connection was dos'd for a day and it cost us $10 billion."
-magicsloth
I should write a book... "20 things to look for in your next basement-extract hunchback computer geek 13-year-old security expert..." Lesson #1: DDOS
Spoofing is not a hard task to accomplish. If I was to attack a machine I knew was well hardened, I might have decided to attack an aggressive, less-protected sysadmin pretending to come from that machine. If I tricked him into attacking back, I would effectively trick him into helping me.
A good sysadmin must learn from the experience, harden his computer, report it to an Incident Response Team, and... Well, be prepared for the next time.
I use PortSentry as one line of defense, and if someone scans the box, they just get dropped into a black hole. (Actually, them and their subnet, in case it's a dynamic IP on a dialup.)
PortSentry allows you to run any arbitrary command when a scan is detected, but he warns against retaliatory action:
Sounds reasonable to me...
---
I live in an "outback" town In Western Australia. And I've been VERY heavily involved with the ISP's in this town for the past three years.. This stuff used to happen all the time, One service would DOS the other service, then the victim (a freind of mine at the time) Fought back by trshing his solaris annex server, onece a week. It was fun at the time.. but after a while.. money and buissnes got in the way.. you can't maintain a REVENGE IS SCHWEET type outlook if you want to stay in business. It just get too damned expensive.
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
Cracking in retaliation is just a vigilante excercise and shouldnt be encouraged. For one thing, the target may be a machine that has in itself been cracked (and is thus just as much of a victim) or it may be one user at a site that is otherwise harmless. Take down their machine and you remove the resource fro the people using it legitimately. There are laws out there for this kind of thing. If you are SO sure you know who it is, beyond doubt, then take your proof to the police and let them deal with it. Apply the same laws online as you do offline.
Tux Games. Your complete source for native Linux games.
but I submitted this back in April. It's looks like CNN just rehashed the April 17th article about the same thing.
:)
That point aside though, I think the view of no couter-attacks just stinks. While I don't like the bandwidth that it takes up, how else are we supposed to defend ourselves? What ConXion did was pretty cool.
Hey, just had a thought, the Internet is where WW III will be held! Just imagine, country after country attacking each other through DDoS. 'A' defends by sending all those packets at 'B's ally 'C'. Pretty groovy war games if you ask me.
If you are hit you either run or fight (self defense)
I say we develop a protocol for fighting back (self defense and self policing). Part of this protocol should include the education of people to harden their systems. If you system is compromised and used in an attack, because your sysadm did not lock it down then you should not complain when you get "hit back".
If the systems are locked down then at least the wanna be's won't be trashing systems. I know we cannot stop all the crackers but at least let's make it harder for the idiots.
-- Tim
TKrabec Pahh
...will leave us all blind and toothless.
Most folks here are probably familiar with the "Prisoner's Dilemma" puzzle, and how the simple tit-for-tat strategy is one of the most successful. However, there is a variant of the puzzle that assumes that communication is "imperfect", and that there is some probability that a Prisoner's response will be misread. In that situation, tit-for-tat games degenerate into an endless cycle of retaliation. Of course, I don't see it happening today, but imagine if retaliation is ever automated (Black ICE?).
first of all, simply bouncing back any recieved packets can in no way be interpreted as an "attack." it is no different than marking your junk mail as "return to sender;" if someone spams you with so much junk mail that when you send it back they become clogged with it, it is their own damn fault.
second of all, i don't want to hear about how this has the potential to hurt innocent bystanders. i'm sorry, but if your system is so insecure as to allow a hacker to use it as a staging point, then you deserve what you get. perhaps if everyone fought back against DoS's and such, and enough "innocent bystanders" were injured, they would take the time to secure their system the way they should have in the first place.
the only problem is in the case of spoofed IP addresses. in this situation, the person being hurt will have had nothing to do with the problem, and the one at fault (the attacker's ISP) will not be harmed in any way. the only possible fix for this is if enough people bitch and complain, the ISP in question might get its act in gear simply due to user/peer feedback.
Power Corrupts
If someone comes into your home and trashes the place, is it okay to go to his/her home to trash the place? If they steal your car, is it acceptable to steal their car? Of course not! that's what we have laws for. This is how turf/gang wars start and continue - people take the law into their own hands. Someone hacks your site, you hack theirs, they hack yours, you hack theirs. When does it stop? Don't let the internet become a big turf war - we're better than that.
The difference here is that in cracking attempts, one can easily find oneself enmired in a situation where attempts escalate as the cracker and defender each try to outdo the other. This isn't the case with breaking and entering, as it usually only happens once, and if someone is killed, they cannot continue the escalation.
What recourse do system administrators have? They can build the best defenses possible, but any system built to connect to another can be compromised. The law may or may not be on their side should they decide to retaliate, but law enforecment is notoriously slow to respond in cases of electronic intrusion.
Perhaps the only viable alternative at this time is to strike back. Who can say?
www.alarmist.org
--- Hot Shot City is particularly good.
If the site that is getting hacked wants to have any opportunity to sue the attacker for damages or attempt to use the extent of the financial loss suffered to prosecute, then it should not retaliate. If a commercial site retaliates, it opens itself up to a counterclaim from the hackers themselves. It is as if a burgler runs down your electric fence. In many jurisdictions, the burgler has as much right to sue for the injuries he suffered as you do to reclaim the cost of the fence (note: there are exceptions). Even though the fence is merely applying a shock to the burgler in a direct response to his putting pressure against the fence, you are still responsible for his injuries.
For a governmental or non-profit organization that cannot claim damages against the hackers, this is a creative way to get even.
ByteMyCode.com: A Web 2.0 code sharing community.
NetworkWorld Fusion (idg.net subsidiary) has a pretty good feature on this this week, and from what i gathered from it most netadmins/sysengineers *wanted* to go back after people in the process of penetrating their systems, but the overwhelming majority *wouldn't* ... they opted for setting up 'honeypots' and the like to lure the criminals in and monitor them (presumably) long enough to confirm identity/ensure enuf info is gathered for conviction... check it out ... good article.
Obviously, when you know the attacker, there is nothing wrong, morally or legally, about bouncing traffic back to the source.
But what about DDOS with hijacked servers? The choice is between allowing your own server to be disrupted or disrupting the group of servers who, however unwittingly, participated in the attack. An added bonus, knocking out those servers will stop the attack, as the crackers will lose their launch points.
I am clearly not an expert on the technical side of this issue. I trust the majority of comments I have seen regarding DDOS which state that allowing yourself to become a platform for such attacks is the result of bad server set-up or security. If hosting DDOS attacks doesn't substanially affect a company, they will not invest in improving their systems (unless you want to propose new legislation making them liable - never the best solution). However, if a company is faced with losing their server, they will have the necessary economic incentive to invest in better security and IT personnel. A nice, market based solution that doesn't require gov't intervention. In fact, the gov't should make certain that it doesn't prohibit this course of action by sysadmins.
Now, I'm not endorsing active efforts to disrupt an attacking server (two wrongs don't make a right), but I can't see any problem with bouncing DOS traffic from whence it came - Am I missing something here?
Take responsibility for your own packets.
THE YEAR WAS 2081, and everybody was finally equal...
A random netstat showed a ton of packets going to a domain named after the Soviet Union's tourist agency, and as soon as I went to the page for Ethereal so I could scan the packets, it stopped.
That was too weird for me, so I notified the FBI. Two months later, a computer crimes guy got back to me and asked if Linux was anything like RedHat... =)
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
Seems a perfect use for this wonderful mechanism.
Lew
"The Constitution, the WHOLE Constitution, and nothing but the CONSTITUTION."
The problem with even having this discussion is that it assumes that the victim of the initial attack, and the attacker, are operating in a vacuum -- or at least that they both have direct connections to internet backbones. Most times this is not the case; both parties have upstream ISPs that carry their outbound and inbound traffic to the rest of the world. In the unlikely event that the victim can locate the true source of the attack, and not just an owned machine, retaliating against the attacker will constitute an even greater load on the victim's ISP and probably create a DOS condition at the attacker's ISP.
Let's do the math: we retaliate, and twice as many people (or more) are subjected to a DOS. Hmm, doesn't sound like a good strategy.
I have ads.doubleclick.net pointing at 127.0.0.1 so I don't get the banner BS. The link doesn't work for me, as CNN seems for redirect the page to an ads.doubleclick.net page, which results in a 404 and I can't see the original CNN page. Anyone else that blocks doubleclick in this manner getting the same thing?
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)
Someone starts attacking you. You start attacking back, and then they see they are being attacked, have the same idea, and step up their attack on you. You then see that their attack has escalated, so you too escalate your attack. Wash, rinse, repeat, until you're both throwing GB's back and fourth. Not a good plan.
Syllable : It's an Operating System
Say you wanted to attack 'System X.com', someone who has large pipes and is difficult to flood, etc.
You could initiate an attack against other machines who are known to "hack back", spoofing your packets to look like they are coming from 'System X.com'.
'System X.com' then suffers from a distributed denial of service attack originating from those systems where the syadmins think they are "hacking back".
---
Interested in the Colorado Lottery?
Interested in the Colorado Lottery or Powerball games?
check out http://colotto.com
to just start ping flooding that IP without any other info about the situation. Let's be realistic about what we want when we define security. What we should really be doing is to create a system which could be called "the perfect firewall" because it is impregnable to outside attack; ignoring all those zombie packets and such that DoS-type attacks create would be a great first step. A long term solution (maybe rewriting TCP/IP?)which makes it unappetizing to even bother with this crap would be far more usefull to the computer world than taking a retaliatory stance. I think it's fair to say that if we Ping first ask questions latter then we're no better than *whatever* jerk started the whole thing..
Of course you need to make sure you aren't attacking an innocent bystander who's been compromised. I think that's kinda obvious.
There's a 95% chance that you're attacking the messenger, and 99% of the time that messenger is innocent and just doesn't know what the hell is going on.
*******************************
This is where I should write something
intelligent or funny but since I'm
I do not like crack backs or spam
I would not try it from my box,
I would not try it in my sox,
I wouldn't use your subnet,
I despise the cracks and spam and yet,
you ask would I do it if I thought I could,
you ask would I do it whether I thought I should,
The 'puter in the middle is just a little pawn,
They don't like it either, the damage that is spawned.
they are witless, a helpless little lamb,
and so I do not like crack backs and spam!
An interesting concept.
An eye for an eye concept is always fun. Kind of like being the Terminator.
But this is the real world, with real implications for actions. If you were to walk into a meeting at work, discussing coding issues and a fellow programmer had stolen a bit of your code, taken the last cup of coffee, parked in your space, would you wack him then and there?
I think not.
So, beyond the hype, the kiddie posters on slashdot and the trolling story-tellers, there is very little reson to justify a counter-strike.
I also believe that the best way to frustrate a hacker is to deny their attack, route them. And then watch them wet their pants when they get caught.
Let's consider a situation where you're being attacked and you can identify where it's coming from and that they are indeed the cause.
Yes, you could attack back. However you probably don't want to continue your attack forever, just for practical reasons. Once you stop, the attacker is probably going to like you even less than when you started. You might stop some dumb script kiddies, but you could have stopped them by blocking their IP. Real hackers will just be egged on more.
Personally, I'm for getting people to leave me alone more than I'm for "justice". The only reason I'd consider retaliating is if they do some attack that I can't stop any other way.
Reactive Measures are not always the same as attacking back. Several intrusion detection systems have the capability to automattically update access lists on routers to stem the flow of traffic in case of an attack. This could be useful for some types of attacks.
However, for DoS attacks this might not be useful because my spoofing many address you could cause the routers to become overloaded handling access lists.
The Economics of Website Security
We just need some good Intrusion Countermeasueres Engines like in Neuromancer. Something to bake the central nerveous system of script kiddies. Oh wait, they are already mostly baked anyhow. Oh wait, Where am i? Where are my pants?
---
Play Six Pack Man. I
...so why not at least stop the attack short?
That is, the argument that goes "Any DDOS attacker worth his beans would be using innocent people's machines to attack, anyway", although I generally agree with it, has this one hole: Those machines are ALREADY cracked, their network pipe is ALREADY saturated with the attack they're unknowingly doing to you, so they're ALREADY down! You attacking back just ensures that they FIND OUT that they were having problems, no? Personally, if my system was cracked and being used to attack someone, I'd want my system downed right away, even if it had to be done by a counterattack directed at me!
That said, I'm guessing that innocent third-parties getting attacked from both sides won't care who's right and who's wrong, they'll sue whoever they can trace easier - and that will be the retaliating sysadmin.
Procrastination -- because good things come to those who wait.
I use Junkbuster and don't have that problem, I also don't have to look at the banner ads. The problem you're having is that attempting the connection to doubleclick returns an error (due to your box reseting the HTTP connection to localhost), which causes the page to stop loading. A filtering proxy will instead return a 1x1 pixel GIF or some other content, so that your browser is fooled into thinking everything is OK and the ad loaded.
I'm sorry, but if something is wrong, it is wrong. Period. End of statement. It would be similar to saying that if I catch somebody shoplifting in my store, I'm allowed to break into that person's house and steal his television. As was pointed out in a previous thread here, two wrongs do not make a right.
However, I do not see anything wrong with using such tools as exist to try to determine the identity of any person that attempts to hijack my machine. This isn't illegal, by any definition of the word. And it gives me something more to tell the authorities (when applicable); rather than a "somebody cracked my system," I can tell them "so-and-so cracked into my system, and here's my proof."
My system has been targeted by a couple of brain-dead individuals over the past few years. I've used whatever tools I could find to try to track those people down.
I'm happy that the US FBI takes such things very seriously, and have developed (or otherwise obtained) tools and techniques far beyond what I can do as an individual. I am currently satisified with this, although I had once been the subject of an attack that originated in India. I don't know if a super-jurisdictional legal authority would help here; it might be worth looking into.
I see no need to set up an internet vigilante force to "string 'em up" -- lynch mentality is never something that I think a polite society should strive for.
--
"May I have ten thousand marbles, please?"
[simplistic, but worthwhile...]
1. Gather your information.
2. Backup your logs.
3. When satisified with logs, and initial investigation, blackhole them at your perimeter.
4. Call your upstream, request blackhole at ingress point.
5. Begin tracking from logs and if your site is high profile enough tracking from all points up the line.
Invest in an opensource honeypot machine. Invest manpower in your choice of NID software.
Choose to take the high road. Customers will understand a downtime due to something like this. Customers won't understand that you decided to attack back at some ISP that didn't have a clue how to manage their machines.
Sure it may seem satisfying at the time to root an attackers server, but guess what... with almost 100% probability the hacker in question does not own that machine. And the person who does probably won't be thrilled that you just rooted his box. Same goes for a DoS retaliation. In these days of misconfigured proxies, IPv4 vulnerabilites, and weak TCP/IP stacks - the chances that you are actually hitting back at the right network are next to nil.
And to sum it all up... Even if you knew with 100% accuracy where the attack was coming from - what kind of moron would you have to be to decide to reverse attack instead of taking legal action against that network?
(Now if you work for some military or federal government agency and this is some suspected foreign power you are being attacked by... well... - disregard I guess.)
http://windows.scares.us
I totaly believe that its ones inate right to slef-defense if being attacked. This right though should be limited to self-defense in a physical manner if that is how you are being attacked. Being attacked on the net and fighting back in this manner just doesn't seem like the correct thing to do. As an ISP/IT company Conxion has a responsibility to handle the attack through the appropriate channels. If a US citizen cannot legally do this type of thing then why should the fact that Conxion is a major corporation shouldn't make it acceptable. Especially troubling is this little blurb: "Conxion was so proud of having given the attackers a dose of their own medicine that it issued a press release about the incident." My first thought after reading the press release was DUH! you just comitted a crime and then made a public announcement regarding your actions. This alone should be enough evidence to take some form af action against Conxion based on thier own admission. One should not stoop to an act of terrorism as a form of retaliation. You would think that a company with such strong Microsoft affiliations ought to be weary (after all the DOJ/monopoly actions) of doing such a thing. Two wrongs don't make a right...no matter how good it feels.
Prospecting Stinks. Stop Wasting Time on Cold Calling.
Like my parents told me when I was growing up "never start a fight, but if you find yourself in a fight, you finish it."
If a person is attacked in their home by an intruder most people would be inclined to fight back. If an intruder breaks into a business, many big companies have armed guards and off duty cops as security. It is not wrong to repel an attacker. An attacker may be hurt in the process of being repelled. Most people, and even our system of law, will usually find the attacker asked for it.
So why should computer intruders be different? Why is it OK for a person to fight back bodily but it's hands-off if it's over a computer network? Do computers have more rights in our society than humans? No. Not the last time I checked.
So why not have aggressive firewall software? If some script-kiddie tries to hit your machine and your software turns around and toasts his, you'll be doing him/her a favor in life.
For at least 5 years I've heard of computers automagically counterattacking a mailicious person. Personally, I think that this is not the idea to go about things. As stated in a post above, chances are, the computer that is attacking you is one of someone innocent that has had their computer compromised as well.
But that still isn't the thing that irritates me. This method is completely childish. It is equivalent to a youngster kicking down someone's sand castle and then the victim runs and kicks the little punk's sand castle down. Okay, I'm rambling. But seriously, there are other solutions.
This morning my boss sent me this url in an email and told me to 'investigate.' I'm really hoping that he doesn't think that this is a decent security method, because it is completely unethical and illogical. I've got to figure out a way to talk him out of this -- soon.
--
Joshua Deere (dphase@locnet.net)
UNIX Systems Administrator, LOCNET Internet Services
jd
script kid hacks machine
anger, rage come over you.
hot grits give relief.
As a security professional (ie, do it for a job), the last thing you want to do is counterattack...as good as that may feel, at best, it will muddy the waters, and at worst, it will hurt innocent, (probably) insecure, bystanders. The most annoying thing you should be doing is contacting the Tech/Admin contact of the domain(s) that are attacking you, and letting them know what is happeneing. And if that is in the middle of the night for the contact person...
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Well, maybe not everyone. Some might want to monopolize the whole thing for themselves (like spammers, the RIAA, etc.)
and of course, we also have the whole Freedom of the Internet crowd who want as few rules as possible. The freedom of the early internet was made possible by the fact that it was smaller, the technology was not as developed (and so not as liable to abuse) and that there was a something of an educated culture where individual ownership and responsibility was at least recognized. You didn't trash your servers because that screwed up your link to the world.
Now the masses and the democracy of the mob makes the internet what it is, until we can stage our own revolution of the mind to either ensure people grow up or are somehow restrained into behaving somewhat more responsibly.
This of course opens up another can of worms, since no one agrees of what it all should look like in the first place.
Unfortunately this is what is needed to make progress in this area, because otherwise this is just going to get worse.
"It is a greater offense to steal men's labor, than their clothes"
What happens when you slam a corporate or university computer system the attacker used to lauch his attack? No computer criminal worth his salt would use his own machines to do this.
If reactive software gets popular, I expect a whole new twist to the DoS attacks: get access to the company you want to hurt's computers and launch a mild attack from there (or spoof it to make it look like they are attacking). Direct the attack at a company who is know to have massive counter measures. Wait for their server to crush the one you "attacked" from. Laugh evilly.
I can imagine a scenario where net traffic grinds to a halt over this, with smart computer criminals triggering everyone's defenses at once, much like the cold war fears of WW3 being kicked off by computers. Hopefully it won't get to the point where these things are "pre-aimed" at enemies, but you never know.
josh sisk
I'm sorry, but I don't see any reason if you are being hacked that you don't have every right to just give it back to them. This is cut and dry. There should be no discussion on the matter. If someone hacks me, be prepared to get some back. Case closed.
Of course, that's just my opinion, I could be wrong.
I have the @Home cable modem service through Shaw (a cable carrier in western Canada,) and I almost lost my account for portscanning someone who was looking for trojan horse programs. (In the case that got in in trouble, I believe it was SubSeven.)
I had some personal firewall software, and I decided I'd portscan anyone who tried to get into my system since if they had even the most basic defenses, they'd know I saw them.
Either way, apparently, any use of portscanners on systems I don't own is explicitly prohibited in the TOS.
Ah well, it doesn't bother me that they were scanning me for vulnerabilities; it bothers me that one would scan me, then report me when I scan them back. -_-;
It's a bad idea to set up something that 'automatically hacks back' e.g. launches an attack back at the attacker. The reason is, that now the hacker doesn't even need to launch his own attack, he only needs to tickle a system in the right way to provoke a reaction, if that reaction acts against another host with the same system installed: wonderful, we have a loop.
... now all we need is the routers in between reacting to the enhanced network traffic for a nice chain reaction (did you ever see the video with the room full of tabletennisballs on moustraps).
It gets even better if the mail, seeing that one mailer is overburdened, gets redirected to an alternative host (or something similar for other services)
Just try to imagine that you are the sysadmin who later should sort out the mess, maybe it was even started by some accident or some rampant virus.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
It seems all I ever hear is eCommerce this or eBusiness that. In the article they point out that you may cripple an innocent business. I thought the whole point about the internet was freely distributed information, not a new mdeium for commerce.
If the NRA could somehow migrate the whole principle of gun laws to the internet and defending yourself and your information then we truly would be free. IMHO.
Juvenile weenie
Cracked your weak security
Install SSL
but it seems to me that if some legit business has their server cracked into, and used in a DoS attack, and the server being attacked reversed the packets, thereby crippling a legit business' server,
Just for the record, if my firewall machine were compromised and used in such a way, I'd want to know about it. I'd prefer to have it disabled in this manner so that I could set about the task of locking down whatever hole was used to get in.
In my mind, this is preferable to having it sit there in a compromised state indefinitely. If my machine is compromised, I WANT it to be disabled.
>So, if you owned a gun shop which was robbed
>because you bought cheap padlocks, and your guns
>were used in a drive-by shooting, would you
>consider it fair if the shooting victim's
>friends drove by your shop and blew it to
>Kingdom Come?
Yes. The ownership of large numbers of guns requires the responsibility to ensure that they do not fall under unauthorized use.
If you put a server out there that can be used to damage others, its your responsibility to ensure that you don't allow it to be used in that way. Even if machines used to launch an attack are desktop machines that became 0wn3d by some hax0r, I see no reason why the ISP couldn't cancel the machine owner's account until such time as they mend their stupid, stupid ways.
e to the i pi equals negative one
I was pleasantly surprised to see the term "cracking" used in place of "hacking" near the end of the article. It's hard to believe, I know, but it almost represents responsible reporting on behalf of CNN - something that comes as even more of a surprise.
main(){char I,l,O[]={'-',1-1,0,(1<<5)-1,0+'-',-10-1,-10,11-0,
Well, some of them. I'm sure that we've all either done some things (as newbies, by accident, or without thinking) that would qualify as hacking....
loop:ping slashdot.org
goto loop
(Never use this method to see if you've got your high-speed internet connection stable... although, this is more likely to make your ISP very angry for loading down their DNS servers.)
But the bigger issue, I'd suggest, isn't script-kiddies with boredom as a motivation. It's the "pros"; those who are out there deliberately trying to take you down but lacking the skill required to do it properly. Look at e-hippies vs. WTO.
Since these "e-hippies", like most other radical left-wingers, are so caught up with their agendas that they don't attempt to learn about technology before they use it, they're sitting ducks when they attack you.
In this case, while I'm sure it's technically illegal, it could take *so long* to get the proper authorities to do anything about it. I mean, you've got jurisdictional issues, contact issues, and then the time it takes to get a cop to put down the donut and get off his butt.
I'd argue that reflecting their DoS attack back at them is merely self-defense, not a separate attack. What you're doing is no worse than fighting off the guy who just punched you in the face.
3. You are know better and are breaking the law in exactally the same manner.Sure, I know better. I didn't, and I wouldn't, start an attack. But I have to be able to defend myself against attacks. If someone breaks a window on my business and runs off, I'll chase him down and hold him there while I wait for the cops. If someone punches me in the face, I'll take whatever steps are necessary to restrain that individual until the police arrive. And finally, if a DoS attack occurs, if I can perhaps shut down their computer by reflecting their malformed packets back at them, I'll do it, in order to maintain the services provided by my own computer.
I agree it's a gray area; it's definately one that needs careful attention from legislation.
Fire and Meat. Yummy.
The government wants to have its cake and eat it too. It has had a decades old policy of counting encryption technology as munitions so why doesn't the 2nd amendment come into play? Just because our arms are electronic doesn't mean that the penumbra of the 2nd amendment doesn't cover them. Self defense does apply with all the benefits and risks associated with it. It's just that human shield situations (zombie computers) exist much more frequently in electronic fights than in physical ones.
The laws exist, it's just laws that leftists are uncomfortable with so the available tools and precedents are not taken advantage of because too many of our defenders come from the left tradition. That's not to say that they need to change their voting patterns (or at least it's not germane to this discussion) but they have their own blind spots just like people coming from the right tradition do.
I know, I know, we've invested a lot of capital to have encryption code escape from the munitions designation. But we don't oppose the idea that encryption or other technology can be dangerous, we oppose the law because it's stupid, hindering the good guys while leaving the bad guys with all the technology they need. This also happens to be the argument that the NRA uses on most gun control measures they oppose. Could we have allies we didn't even know about?
DB
Some people really don't realize that their actions can lead to repercussions.
Another neat one is:
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
Connexion blocked it at their pipe entry. The hippies lost.
-- Improve Windows - Buy a Mac!
is when will one of the victims of a DDOS will file a negligence suit against one of the hacked middle-men. I mean, let's face it, there's no way a corporation is going to come close to recouping its losses by suing the stupid teenager(s) responsible for a DDOS. But if a lot of the problem was caused by another entity's poorly-secured computers... Just a thought.
if you can prove that the hacker is who you think she is, hacking back is only going to decrease your chances of winning a settlement to compensate for your damages. if you can't prove who it is, then you are risking hacking an innocent bystander (and possibly being sued/arrested, rightfully so).
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
> There's a reason that zombie is there in the first place: the computer was left wide open by the owner
What about those of us that leave the car locked with a shit-hot immobilizer/alarm system active? Someone determined and skilled enough will take the car for their own ends or maybe throw a brick through the window etc etc.
So maybe you're saying that I shouldn't have a car and that I bought it upon myself?
Perhaps we should all get rid of ours cars viz. our servers. Poof! Where's the Net gone?
It is never a good idea to "hack back" for many reasons:
* How can you be sure that a) the attacking site(s) are the real attackers and b) that the
attacking sites are _knowingly_ attacking? IP spoofing or using zombies to a ttack are generally
very easy.
* If it's illegal to be hacked, it is illegal to retaliate. You can't steal someone's lunch
because they steal yours.
* It could only exacerbate your problem if you piss off the attacker(s). You don't know who you
are dealing with.
* You are then legally and criminally liable if you, for example, DoS amazon.com because you
detected an attack from them and they sue you or the Fibbies come knocking on your door.
* What if you trace an "attack" to a single IP you assume is a desktop computer and turns out to
be an AOL proxy and you DoS 10,000+ lusers? AOL won't like that nor will their customers.
The people, like the one in the article, who gloat about "hacking back" make my skin crawl. 7h3y
ar3 such 31337 d00dz n 7h3y g07z such ski11z...NOT! *gag*
BTW, I've seen most often people getting IP addresses slightly wrong when they complain about a supposed hacker coming from my Company's network so what if you get the IP or hostname a bit wrong and attack the wrong site?
-core
I'd like to point out that the approximate number of uses of "hack" vs. "crack" (in about 165 messages) is around 2 to 1 in favor of "hack". (~75 vs. ~40). I thought we were all trying to change the usage of "hack"? How on earth are we going to do this if we don't use it correctly ourselves?
The article makes two good points against counter-attack:
:) ) is to log everything, look into it to try to identify the culprit conclusively, prove fiscal loss and/or denial of service - a.k.a resource theft; and then take the nice report to the authorities.
1. Hitting an innocent bystander - since attacks usually come from hijacked and spoofed locations/addresses.
2. Retaliation against an illegal attack by the same means is also illegal - vigilanteism doesn't solve the problem, it reduces it to a pissing contest.
The suggestion (mine as well as that of respected experts
If we retaliate against a script kiddie, we'll either hit Grandma Smith who gladly gave her AOL password to an 'AOL representative' online, or we DOS the punk - so what?
If we get the law involved, we get him effectively killed in the computer industry - and even have him pulled off the lecture circuit a'la Mitnik.
170th post!!
-- What you do today will cost you a day of your life.
Actually, I'm in the process of dealing with the FBI about a intrusion on a system of mine, and so far they have been fairly responsive and willing to go after this guy. I only suffered maybe $3k in damages, but since my log info on this guy is really clear-cut, they think it's an open-and-shut thing for them, and are going to persue it..
Or so they say.. (fingers crossed)..
BilldaCat
It would seem that by bouncing back web page requests, the zombie boxes would at least be alerted to their own unknown complicity in the attack. They could then respond earlier, hopefully lessening the impact of the original attack.
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
This is probably not as funny to read as it was to experience. The relevant fact may be that we might have hacked back at this guy, but only because he was so pathetic as to just be abusing his privs at a tiny ISP. The real hackers can't be traced back in three minutes and if they can... well that's probably not the real person. If you can trace them fast enough to attack them... start calling. Hack them with the real world, where they are disoriented... :) -pyrrho
-pyrrho
Since cracking is illegal, this is not a good plan no matter the justification. Besides, as was pointed out in the article, you would most likely be attacking an innocent victim. That victim might be trying to figure out how they got hacked, and the signs will end up pointing to you.
The self-defense argument is spurious at best. First, retaliation to an illegal act with another illegal act has AFAIK been considered by the courts a seperate punishable illegal act. The motive is irrelevant except that its existence would actually help you get convicted.
Retaliatory acts of self-defense are generally only allowed after other defensive methods have been exhausted (like running and hiding). Even then only such defense as is necessary to end the attack is allowed under the law. Hacking back when you could shut down and harden a router is not allowed I would think.
I am not a lawyer. The only legal advice I can give is that if you need any you had better get one.
Simple, two wrongs don't make a right. Granted I'd almost assuredly fight back "myself" but if I was at work I wouldn't due to the fact that breaking the law against someone breaking the law against you still means you're breaking the law, I don't see much way around that, IANAL but that seems pretty cut and dried.
If you are getting mugged and you slip the mugger's watch off in the tussle (and his wallet) you still broke the law! The judge is liable to laugh but he'd about have to find you guilty.
--- www.f-theocean.com
You are so funny, but why do you even try? most people know who you are.
In 1999 my company site was hacked. We tracked him down, and sued. If not for hacking his system back, and finding his connection info, we would of never found him.
ping slashdot.org &
goto loop Okay, I'll bite. What's the ampersand for?
:)
Fire and Meat. Yummy.
If someone was trying to D.O.S. you, or execute a rm -rf, etc, redirecting packet flow, or whatever, back at themwould simply be defending yourself.
"Reality is less than television."-Brian Oblivion
Another poster made the comment that the whole point of security is to make the cracker go away.
.. Needless to say, a) being sensitive to being port/IP scanned and b) making sure your hosts don't respond to any ports you don't run services for will help too ..
Tactically, one could say a retaliatory crack against the offender *might* serve as a deterrent. It might also invite further attacks that otherwise would not have happened if the attacker had not been provoked by an intrusion into *his* territory (and don't forget crackers are very territorial creatures..) and the whole episode can easily escalate out of control. Strategically, you have to take the larger situation into account and move into the psychological realm. Since you want to discourage people from playing games with your system, the best response is probably something that takes the fun out of it by denying them the satisfaction of a response. IP/subnet blocking is a good example of this -- they can poke at your host all night long and not have any noticeable effect. A strategy that ties in well with this approach is one I like to call the 'threshold effect' -- anyone below a certain nuisance threshold is ignored, and once they become disruptive enough to be worth going after, they have enough of an attack signature to be traceable. Track them down and identify them first, before they know they've triggered the alarms, then let them know you know exactly who they are and what they're up to and would they please cut it the fsck out?, then go to the cops (net, local, or federal as the case may be) if nothing else works. Depending on how much sense they have, one or the other of these measures is likely to encourage them to play nice
73 de N5VB (ex-KD5BIV) AR SK
I don't see anything wrong with attempting to crash a machine that is attempting to crash you. Think about it. If the opposing machine is owned by a good guy, then the good guy's security has already been breached. One, thier carelessness is placing your buisness in danger. Two, if you do take down thier machine - do they really *want* a breached machine up and running?
I think it's simple. Thier machine lost it's right to be up once it started attacking mine. I think it was the only way to effectively defend against a well-prepared DDoS attack, and were I the guy making the calls over there, I'd do it. Remember, any machine participating in a DDoS has been breached, so there's already a case of negligence on the other end should the case end up in court.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
umm... putting it into the background (so you can ping almost instantaneously again). since your
average ping takes 5 seconds, a loop that pings
every 5 seconds isn't exactly very useful.
or heck, do this:
loop:
ping -f slashdot.org &
goto loop.
this'll screw everything up. heh.
Personally I consider returning the attack to be justified only once two criteria are met:
- I have traced back the source of the attack, contacted the admins and/or owners of the source and either gotten no response at all or had them refuse to do anything about the attacks.
- The attacks are sufficiently serious that even the best filtering will still leave my systems impacted to an unacceptable degree.
Anywhere short of this point, returning the attack isn't justified.Basically both of them, But just clogging the net with a ton of additional bandwith is just plain dumb. Oh, and the activists where just plain dumb to have all packages originate from the same IP address. After MP3s, videos, stoopid porn and DoSA clogging the net, please give me back good ol' ascii text...
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
I'm on a big campus-wide LAN here, with 2000 students' computers connected to it, and out here I've seen in action, and participated in multiple "counter-hacks". When the whole network was still tied together with 10Mbit hubs instead of the 100Mbit switches we have now, it was quite standard practice to monitor the packets flying across your hub for stuff that didn't belong there, and retalliate if necessary. Winnuke, bonk, boing, nestea and other such exploits were used by vigilantes to police the network.
For example, it was not allowed to use the IPX protocol tied to Windows Networking because that caused much traffic. People trying to download files from eachother using IPX were often nuked. Once when I was monitoring, I found three people ping-flooding a third, who tried simultaniously to retalliate together with somebody else, also by pingflooding, usurping the entire bandwidth of the entire network. A few faulty packets spread between them quickly knocked that war out of existence, and returned the network load back to normal.
Playing vigilante on the internet is not bad as such, as long as you really know what you're doing, and aren't causing any damage beyond taking away an attacker's ability to attack you, possibly by crashing his system, but preferably by yanking his connection away.
)O(
the Gods have a sense of humour,
Never underestimate the power of stupidity
To err is human, to moo bovine
If I spill hot coffee on myself at McDonalds and burn my lap
/.er seems to be, they sure buy the corporate propaganda, hook, line, and sinker.
Two facts:
1. The coffee was around 200 degrees.
2. The lady was in the drive-through
Two questions:
1. Why would you serve coffee that is hot enough to cause third-degree burns?
2. Where do you put your drink when you go through the drive through?
I don't believe McDonald's was found guilty of any wrongdoing; rathre, they were found guilty of negligence - a legal term that means "They should have known better." McDonald's should have known that many (if not most) of their customers put their drinks in their laps, and that their coffee would cause third degree burns. Given those two undisputed facts, it is a statistical certainty that someone's crotch would get burned badly.
Keep in mind also that all the woman wanted initially was for McDonald's to pay part of her medical bills. If they has said "We're so sorry" and written a small (to them) check, it would have been over on done with. Instead they said "You STUPID woman! You should have known better!" and promptly launched a propaganda campaign that has clearly had its intended effect, as evidenced by that note in your post. So the woman sued for millions and won.
It's funny, as anti-corporate as the typical
Cmon, If you set your system up to "Attack" any hostile clients you are doing nothing more than creating a public DDOS server ! Lets say I spoof your IP and attack your system.. Whats gonna happen ??? Your gonna "Attack" your own system. Lets say I spoof Yahoo.. Who are you gonna attack ?? Me ? You have no CLUE what my real IP addy is.. Your gonna "Attack" Yahoo ! IMO - It's not a good idea to do automated reverse-attacks, but then again WTF do I know !
If your system was compromised, your security is at fault. If, as a result of your system being compromised, you are subjected to a deflected denial of service attack, and your system buckles under the load, it's still ultimately your own poor security at fault. Now, when you take an ISP who is foolish enough to back their sysadmin to court, you could lose, because of your poor security. That said, no ISP should be likely to back the sysadmin opening up the ISP to a lawsuit.
Ed Craig "Who cares what you think?" George W. Bush, 4th of July 2001
I seem to remember an article awhile back, that detailed sysadmins who track down attackers and crackers of their boxes, obtain their identities and locations if possible, and (If determined not to be minors) then commence to stopping by late at night with baseball bats. Sure, it's *really* illegal, but I bet it's even more effective ; ).
"We obviously need a new moderation category: (-1, Woo-fucking-hoo)" --Mr. AC
Let's assume J. Random Crax0r is trying to get into my system, or DoS it, or jab at it with cyber-doggie-doo-on-a-stick, or whatever. What's my objetctive? The same thing if someone were attacking me IRL: neutralize the threat.
I don't believe that "hacking back" is per se illegal... it all depends on the situation. For instance, if this particular er33t d00d is launching an attack on my computer, I should be perfectly justified in taking whatever actions are necessary to eliminate the threat. If this means simply blocking him out at the firewall, that's nifty-cool by me. On the other hand, if I can disable his computer remotely and stop the attack, that is acceptable as well, in my opinion. Disabling his computer and playing hopscotch with a magnet on his hard disk would not be acceptable, however.
Let's say the attacker had hijacked another machine, and was using it to do his evil deeds. Well, my condolences to the user whose machine was hijacked, but that doesn't eliminate the threat to me now, does it? I still think I would be justified in disabling the attacking machine, if it were necessary to stop the attack. Say someone steals a car, and is trying to run down my car with it. Wouldn't be justified in disabling the other car, even though the attackers don't own it? Of course I would be, because it still poses a threat.
Of course, as in real life, the less force that is used, the better. The important thing is to draw the distinction between neutralizing the threat, and seeking retaliation.
Just my $0.03 CDN.
- Adam Schumacher
I agree with the proverb. I think most legal (proverbially blind) systems (judges, advocates, and prosecutors), being technological illiterates at this level, would have significant problem at determining who was the cracker (Defendant) and/or the crackie (Victim). The original victim may (good chance) end up in jail, paying for court/damages, loss of business/lively-hood, .... I would say we should all be responsible to ourselves.
... are very knowledgeable and qualified to advise on legally admissible/acceptable evidence in a court of law. Event logs, trip-wire reports, ... (all that other documentation/proof stuff that identifies a cracker) that are not properly handled, by system/network administrators, are a waste of time and (I believe) will not be allowed as evidence in most courts or a good cracker (maybe a white person from Mississippi maybe NOT) lawyer will successfully dispute the veracity of the evidence to the jury. Finally when the cracker goes free ... you should expect a liable case to be filed against you as the prosecutor apologizes for losing the case and explains how next time ....
Also, the technological illiterate legal system police, lawyers,
MORAL: The police, a lawyer, or judge may be your friend, but a legal system is an institution and has no friends; Therefor, keep your friend and avoid Institutional Problems.
Reality is a self-induced hallucination.
-----------------------
Nicotine free Amish .sig.
There was a Slashdot article about a year and a half ago linking an IDG article about sysadmins going to crackers' homes and destroying their equipment or beating them up. Personally, I thought the article was either a fabrication or a joke being played on a gullible reporter.
/. discussion?
Can anyone find a link to the
What I'm listening to now on Pandora...
As I recall, you loaded their URL and it opened a page with a million little frames loading the WTO website.. I can see no way the WTOs admin could have no anything to stop this at the packet level. If he set it up to redirect anyone coming with the ehippies in their refer header, that would do it.. If the ehippes had been bigger nerds, they could have probably defeated that easilly.
"So we told our filtering software to redirect any packets coming from these machines back at the e-hippies Web server," says Brian Koref, senior security analyst at Conxion.
What's up Brian?
All you need is to install some Black Ice ;-)
Or any other color of ice for that matter(i.g. gray.)
--
$ whoami
nobody
Let say someone launched a series of attacks against CNN. The attacker uses the IP address of Yahoo servers. CNN knowing the source IP will attack Yahoo. Yahoo on the other hand traced the IP address from CNN and launched a counteroffensive against CNN. Now, both Yahoo and CNN will be attacking one another. Of course, by that time, their own systems will be unavailable to regular net users. They will be losing much more than just filtering out the attacks and reporting it to the Feds.
Ha! Let's see about that!
** Take note, assume that both of them "identifies" the source.
Live your life each day as if it was your last.
Oops. Yeah. Don't flame me, I've been playing with Linux in a concerted way for only a couple of weeks now (and the entire last week has been spent trying to get DHCPCD to work).
When you explained it to me, I remembered reading about the ampersand, but since I haven't used it yet, it's still not firmly in my mind. :)
Now, a question, entirely for academic reasons, because I don't plan on doing this. Won't pinging using the ampersand eventually crash the computer?
My thought process is this: You ping, and put the process into the background. You then loop back and ping again, putting that into the background. Since you're going to be looping faster than the ping completes, the number of processes will grow very quickly.
I assume memory will be the limiting factor in the number of allowable processes, or CPU cycles will become so scarce that timing-dependant hardware support will start to fail? And how will the computer stop as it approaches that limit?
(I'd fire it up and try it out against a Windows box on my home LAN, but my Linux box is at the office at the moment.)
or heck, do this:loop:
ping -f slashdot.org &
goto loop.
this'll screw everything up. heh.
For the same reason that I can't try the above on my home LAN, I'm also unable to see the man page for ping... what's the f switch for?
Jeez. Learning Linux is being great for reminding me why I shouldn't take my computer skills for granted.
Fire and Meat. Yummy.
I'm sure that any one with 1/2 a clue that has posted here reasises this. The media in general (yes, CNN, this includes you) has replaced the term 'cracker' with 'hacker'.
In the true sense, a hacker is some one who 'hacks' software to make improvments or make it do extra stuff.
Apart from that, 'hacking (cracking) back' is plain stupid. As has already been said, it can start a chain reaction and cause havoc.
If you use Port Sentry or something with the ability to perform an action apon detection, the best thing you can do is log the time, date and IP address where it originated, and contact the ISP and the authorities. You could go one step further, and write a script for port sentry to execute, that would, based ont the IP address, find the ISP, and automatically send off an e-mail to webmaster( or root or whatever)@${ISP}
which would say something like "One of your users has started a portscan against" me etc etc etc...
Use your imagination. There are far better things to do than to launch an attack back at them. Isn't the potential of getting the little 'script kiddie' arrested far more satisfying? I know i would rather have the little bastard in jail than still out there, cracking other people's machines.
"-f Flood ping. Outputs packets as fast as they come back or one hundred times per second, whichever is more. For every ECHO_REQUEST sent a period ``.'' is printed, while for every ECHO_REPLY received a backspace is printed. This provides a rapid display of how many packets are being dropped. Only the super-user may use this option. This can be very hard on a network and should be used with caution."
This is cool to run on a local LAN. It's interesting to see how many packets can be dropped! Just kindly refrain from running it outside your local net!
Wow. That's lovely! I can't wait to try it across my home LAN.
This is cool to run on a local LAN. It's interesting to see how many packets can be dropped! Just kindly refrain from running it outside your local net!Yeah, I value my freedom and the lack of court orders telling me not to use computers. It'll be tempting to try it on the Internet, just like it's tempting to drive as fast as my vehicle will go (6.6L (400CID) V8-powered 1976 Dodge Ram). But for the simpler joys of being able to pursue life and liberty, I'll avoid doing it except under controlled and legal conditions.
[BigBlockMopar is sitting beside his Linux box at the moment and starts reading the MAN pages with a renewed interest.]
Thanks!
Fire and Meat. Yummy.
Do we really need this?
--weenie NT4 user: bite me!
--weenie NT4 user: bite me!
"Computers are nothing but a perfect illusion of order" -- Iggy Pop