Slashdot Mirror

← Back to Stories (view on slashdot.org)

CNN Asks "Can You Hack Back?"

Posted by ryuzaki0 on from the or-should-you dept.

dboothe writes: "CNN.COM has a somewhat interesting article on whether or not it is okay to fight back when being hacked. In the scenario they bring up with the WTO website, it seems pretty clear that they likely should have steered clear, working on the probable assumption that the IP address used was just a dummy machine that had been cracked previously. But what about other situations where it's more of a grey area?"

4 of 207 comments (clear)

  1. I am Reminded of a Proverb... by Tim+C · · Score: 5

    "Two wrongs don't make a right"

    As tempting as it may be to give them "a taste of their own medicine", the chances are that you're just going to be attacking an innocent bystander whose machine has been cracked, and is being used to launch the attack on yours.

    Even if you do hit back at the actual cracker, so what? So you trash his PC and some files; it's not like it's going to put him out of business, or cost him thousands of pounds to restore it.

    IMHO, the best thing to do is just find out as much as you can, co-operate with the authorities, and let them deal out any punishment.

    Cheers,

    Tim

    --
    It's official. Most of you are morons.
  2. I wouldn't. by Booker · · Score: 5
    There's generally no good reason to hack back, I think. (Unless identifying and reporting the hacker constitutes hacking back...)

    I use PortSentry as one line of defense, and if someone scans the box, they just get dropped into a black hole. (Actually, them and their subnet, in case it's a dynamic IP on a dialup.)

    PortSentry allows you to run any arbitrary command when a scan is detected, but he warns against retaliatory action:

    I NEVER RECOMMEND PUTTING IN RETALIATORY ACTION AGAINST AN ATTACKING HOST. Virtually every time you're are port scanned the host doing the scanning has been compromised itself. Therefore, if you retaliate you are probably attacking an innocent(?) party. Also the goal of security is to make the person GO AWAY. You don't want to irritate them into making a personal vendetta against you. Remember, even a 13 year old can run a [insert favorite D.O.S. program here] attack against you from their Windows box to make your life miserable.

    Sounds reasonable to me...

    ---
  3. Some informed opinion on the subject... by mav[LAG] · · Score: 5
    can be found at Attrition's page on the subject. In a nutshell, it's much harder than it looks, legally questionable and more often than not ends up screwing around with innocent third parties.

    --
    --- Hot Shot City is particularly good.
  4. Crack Backs and Spam by Gorbie · · Score: 5

    I do not like crack backs or spam

    I would not try it from my box,
    I would not try it in my sox,

    I wouldn't use your subnet,
    I despise the cracks and spam and yet,

    you ask would I do it if I thought I could,
    you ask would I do it whether I thought I should,

    The 'puter in the middle is just a little pawn,
    They don't like it either, the damage that is spawned.

    they are witless, a helpless little lamb,
    and so I do not like crack backs and spam!