Yup, On 23-Nov-01 jon wrote:
On Fri, Nov 23, 2001 at 05:09:50PM +0100, Praise wrote:
Il 16:55, venerd� 23 novembre 2001, spiekey ha scritto:
Hello All! What would be the advantage or disadvantage of this idea:
Why not forward the packets, which will be dropped usually, and forward it to the source address? Forward execpt of dropping. [...] What if he has got more bandwidth than you?
How about something like LaBrea, instead of directly 'hitting back'?
http://www.hackbusters.net/LaBrea/
-j
Basically, LaBrea is a white hat implementation of ARP spoofing, with some
interesting enhanced features.
But it's NOT RECOMMENDED to use LaBrea if you are not fully aware of the
problems around (D)DoS attacks, Syn floods, Smurf attacks, and bandwith
calculation. Out of the box, LaBrea fills up a 256K uplink very quickly if
triggered by a relatively broad network scan, thus even legit traffic is locked
out.
Oh, and I think Ralf Koch is quite right. Although it often helps to broaden
your understanding of anti-cracker skills by setting up honeypots or
active/passive retaliation systems (if your time allows), such techniques are of
minor use in reality, and may cause problems if configured incorrectly.
Don't attack the attacker. Don't descent to their level.
Boris Lorenz