Slashdot Mirror

← Back to Stories (view on slashdot.org)

O'Reilly Revisits Online Countermeasures

Posted by timothy on from the take-that-you-basement-dwelling-twit dept.

An anonymous reader writes "I just saw that late last night an editor at O'Reilly published a blog that takes a look at 'countermeasures' and 'striking back' technologies a year after a startup in Austin, TX published a white paper on the subject that caused a lot of controversy. It also links to a blog by Symbiot founder William Hurley's entitled: Self Defending Networks, Aggressive Network Self-Defense, and Vigilantes on the net. which IMHO is a damn interesting read (even though I'm personally at odds with people who want to 'strike back')."

4 of 199 comments (clear)

  1. what about the counter-counter measures by udderly · · Score: 3, Interesting

    I just wonder how aften these strikeback or countermeasures backfire. I remember reading a story awhile back where a gambling site repulsed a DDos attack. The really interesting thing was that it cost the company way more to fight the attack than it would have cost to pay off the extortionist.

    While I understand the desire to stick it to these creeps, from a purely cost/benefit analysis point-of-view, it doesn't seem to me to make a lot of sense

  2. Arms race example in the p2p world by stripmarkup · · Score: 3, Interesting

    Here's an interesting example of an escalation, going on right now. It seems that anti-p2p organizations are trying to pollute some torrents for TV shows such as six feet under (see discussion here).

    What they do is put out a file of the same size but with random data. Since the torrent file has segment hashes to verify integrity, any segments downloaded from the bogus file will fail the checksum and waste downloaders' bandwidth. The community of downloaders is fighting back by spreading black lists with the IP addresses of the bogus clients.

    --
    See charts for twitter trends on Trendistic
  3. Law enforcement can't do it all by ScentCone · · Score: 3, Interesting

    Considering the huge horsepower of things like the SETI screensavers and P2P networks, I don't think it's a question of whether or not a conflict between spare-CPU/BW Good Guys and zombie-army bad guys could be won by the good guys. Or at least, make things painful for the bad guys. The main issue is counter-counter-counter-craftiness that might stealthily turn such a network to the dark side.

    Several sys admins I know who have never had the time or inclination to put up a honeypot or opt for similar tactics absolutely light up at the prospect of actually making the attackers miserable. In fact, it's not even the attackers they complain about, it's the ISPs that (with copious documentation about the bad acts of specific customers) don't do anything about it. To the extent that foreign governments are those ISPs, well, same sentiment.

    So, the real issue is governance of such a system. It's sort of like sharing time on a big research telescope. What committee can be trusted to put the resource to use effectively? I know that a lot of people with network resources are so fed up with the probes, the phishing, the DoS extortion and all the rest that they'd have absolutely no problem deploying a box or two, and a couple of MB/sec to the cause. But the liability(ies) for having it used unwisely are pretty scary, so I'm all ears if someone comes up with an interesting approach. If the worst thing that happens is I get a block of my IPs null routed on their way to Moscow, well, goshky, I'll take that deal.

    Some things we have to take into our own hands. And just turning the other cheek with more and fancier firewalls and intrustion detection is too passive for my taste, at least in the face of concerted, bad-to-the-core coordinated efforts by professional, organized crackers. Have I wanted to burn up every inch of some basement-dwelling script kiddie's DSL before? Sometimes. But nothing like I've wanted to blot out entire pieces of some Asian and eastern-European networks. And not just for my sake - for all of my clients, and their clients, and everyone it impacts.

    Don't mean to rant, but I've just spent all morning explaining this stuff to a suffering dot-com. His much-repeated question was "Why can't we just do this back at him until he quits? I'll spend the money... this is pissing me off."

    --
    Don't disappoint your bird dog. Go to the range.
  4. Re:What can you do back that's legal? by Disoculated · · Score: 3, Interesting

    You're absolutely right that overall, from a moral and legal standpoint, striking back at people who try to hack you by hacking them back is wrong in just about the entire civilized world. But there's a part of the equation that's missing here. It's wrong because there's suppossed to enforcement of that due process on the side of the government, and we don't get it on teh intarweb.

    Have you ever tried to call your local police when your box gets hacked? Pointless. You're left feeling frustrated and powerless. The security experts just tell you to harden your defenses, but that's like telling you to put a moat and wall around your house (and builds a business for same said security experts). You're totally on your own out there when you should have the support of the authorities, despite having paid them your taxes and freedoms.

    So until governments actually start prosecuting the common internet criminal, you're left alone with your interfaces exposed to any idjit with nmap and some root kits, all you can rely on is yourself and other people you know who've been in the same boat. And hey, if the gov-mint aint prosecuting the people that attack you, they ain't gonna do shit about you attacking back either.

    The ultimate solution would be punishing all the assholes that are scripting exploits across the web with real, visceral penalties. Until then you'll have to get justice where you can. Be it street or fiber, it's all you can get.