Somebody in the thread at some point said: > Tod Merley wrote: > >> The thought of some agents knocking on the attacker's door as he >> continues an attack makes me smile. >> >> To a great future fellows! >> >> Tod > > How 'bout just some good 'ol vigilantism (i.e. we go knocking on his > door) ? > Now that may be fun !! Unfortunately the first system an attacker compromises becomes his platform for attacking other systems, so you are attacked by other victims in the style familiar from zombie and vampire films. The actual bad guys would never allow their own IP to be directly associated with their evil actions subsequently, instead proxying through one or more victims in a chain, or broadcasting commands through an IRC channel that the victim boxes have joined (again themselves via an owned proxy). That's why the "security community" will probably collectively shrug at such an initiative: they can already collect the addresses of the compromised boxes by the attack attempts they are spraying around. There are so many compromised boxes it is evidently an interesting exercise in managing them for the bad guys, I read an article a few months ago about an admin that found a sophisticated web-based app on a compromised box that allowed sending commands through IRC servers, queuing spam for broadcast and so on. -Andy
