An Anti-DoS Tool That Returns Fire
An anonymous reader submits "Security company Symbiot is about to launch a product that can help companies fight back during a DDoS or hacker attack by launching their own counter offensive. A ZDNet UK story quotes security "experts" questioning the legality of such a product and asking how it will will avoid being fooled by hijacked PCs and spoofed IP addresses..."
Can you see the tech guy trying to explain that their company was knocked off, not by the attack, but by the counter attack?
"It's okay, sir. It was friendly fire.
===== Murphy's Law is recursive. =====
This has already been discussed on the NANOG mailing list, the general consensus is that _this_ will be the next
source of attacks against systems as people spoof attacks at it. (Much like smurf attacks)
Some day people will realize the answer is to remove the vulnerable hosts that are being used as attack sources.
Just because you disagree doesn't make it offtopic or flamebait.
What happens when someone gets smart and creates one that looks for other Symbiot boxes and basicly has them fighting each other?
Great. So DDoS victims, in addition to having all of their incoming bandwidth wasted, can now spend all their outgoing bandwidth to strike back at their cunning, ruthless assailants -- you know, like all those clever "Dear friends" who "use this Internet Explorer patch now!".
"More than 500.000 already infected!"
-fren
"Where are we going, and why am I in this handbasket?"
Yes, let's protect ourselves from attacks by attacking the offenders and wreaking even more havoc. That'll go over well. I don't even want to go into how stupid a proposal this is. Let's start with the first detail: it's probably illegal.
I imagine it'll have some sort of military function, though.
Hrmmm, they go live on March 31 and this sounds too silly to be serious. I vote April Fools Joke.
Get a life, not a lifestyle. - Hikem Bey
...when stupid people get venture captial money.
To me, what's really scary about this isn't that the idea is counterproductive, bone-headed, and probably illegal. It's that any company would propose something like this... which leads me to think that this is the type of story that is promoted just to get a rise out of people and we've taken the bait.
The company is obviously trying to jump on the media-whore bandwagon by proposing such an idea, but look who they are and where they're from. Texans' historical idea of security hasn't been impressive.
Shame on ZDNet for creating this troll in the first place. Shame on Slashdot for referencing this troll. Shame on us for being so outraged by it and taking the bait.
We know this idea will never fly. But now we've given this loser company 15 minutes of fame. This story belongs on a Darwin Business Awards list or Fark.com, not here.
"In these cases, the operations center may call for a variety of efforts, including (1) escalated multilateral profiling and blacklisting of upstream providers; (2) distributed denial of service counterstrikes; (3) special operations experts applying invasive techniques; and (4) combined operations which apply financial derivatives, publicity disinformation, and other techniques of psychological operations."
Now how exactly this will help when you have a few hundred to a few thousand virused zombie machines running a DDoS against you and you have no clue who's behind it... is beyond me.
The World Wide Web is dying. Soon, we shall have only the Internet.