Pardon the top post, but, as has been pointed out, first, honeypots and
canaries are useful in keeping your security strategy current. Second,
active prevention such as tarpitting offending IPs can be very useful
if done well, deadly if done wrong. Third, aggression against zombies
is begging for legal problems and not buying much of anything in return.
Fourth, if you have the time to waste engaging in warfare against the
script kiddies, I wish I had your job. ;-) (Okay, just joking about the
fourth point. Sort of.)
If you are employed by the police, you might want to work on
counter-attacks, but you won't be breaking and entering, and you won't
be entering without a warrant. Informing the owners and admins of
zombied boxes is definitely something that might be a good use of tax
money, but it could also easily become an abusive activity.
Think about the consequences of what you're suggesting, think like it's
a game of chess and see if you aren't suggesting sacrificing your queen
for a pawn.
On 2006.3.22, at 12:10 AM, Steven J Lamb wrote:
I am by no means saying this is either a polished or necessarily fool
proof system. obviously there could even be a reverse-reverse attack
out there that the script kiddies cause trying to trick this script
into thinking it is the kernel instead of the malicious program.
[...]
