Matt, On 24-Jan-02 Matt Hubbard wrote:
List,
Assuming you can positively identify the origin of a successful crack (and that's a big assumption considering drones, spoofing, etc.) what does the community of sysadmins think about vigilante justice? Should we just counter-strike if there is no legal recourse? As a young sysadmin, I am looking for a moral principle. Responding in a legal manner is what distinguishes us from the cracker, right? Still, I get very angry just thinking about the possibility of a successful attack on one of my systems. Any thoughts? Apologies if this seems off topic - but I am studying many of the popular attacks and as a result I am in the difficult position of knowing how to use them (as well as defend against them).
this has been discussed before, and it all boiled down to the conclusion that active retaliation is not a very clever idea. For an admin, it's first and foremost a question of legality vs. illegality. If you whack a box or boxes of attackers, you basically descend to the same level as your opponent. This makes you sueable like the next 3l33t hAxx0r d00d, which may be a problem if you're the admin of a commercial organisation/company. Chances are good that you may disrupt your organisation's integrity, thus damaging your public standing, which is always a reason to get burned. What's more, you may be accused for the very same evil deeds than the guy you counterstriked against, and may loose your credibility, and finally your job. But this is a theoretical discussion only, since cases are rare where crackers can be fully identified. Going the legal way against crackers may be a dreadful, time consuming process, and often leads to nothing, except for loss of money and time. The hardest thing I had to learn was not to rate attacks against networks administered by me as attacks against myself. It's hard to keep cool, but it's essential, since rage and aggression only lead to actions which you may regret later on. Tightly securing your system, building up and keeping a good relationship between you and your upstream providers, and a constantly revised security plan is pretty much all you can do to prevent loss of data/fraud/cracks. It's also a good idea to talk with your legal department/company lawyer about this topic, in order to setup legal strategies. You may want to take a look at the book "Computer Crime - A Crimefighter's Handbook" (O'Reilly, ISBN 1-56592-086-4, about $25), which covers many topics discussed here, like security policies and plans, prosecuting computer crime, types of attacks, legal backgrounds, etc. Boris Lorenz <bolo@lupa.de> ---
Matt Hubbard