On Fri, 21 Sep 2001, Kurt Seifried wrote:
This Labrea thing is basically a pile of poop. So the system crashes. The admin reboots it, and life goes on (sans patch, with infection). Plus there is the legal issue, you are intentionally trying to mess up a remote systems ability to work, and while yes the "attacker" is liable you are now taking actions that also make you potentially liable (not a good thing if it can be avoided). Attacking back is often a very bad idea.
Actually, I think the idea is to keep the infected system busy for as long as possible, so that it wastes time dealing with one box that it would otherwise spend messing with thousands and thousands of other systems. And it does zero configuration changes to the machine that hits it. If the infected machine does happen to crash, one can always hope that the admin will take it as a prompt to scan for virii and worms. For the admin of the infected machine, he can come in in the morning and thank god his box hit somebody running LaBrea, because that means his machine only hit a hundred other systems instead of ten thousand. Bear