RSS
Twitter
Security Protection That Fights Back
from the and-this-is-how-the-computers-take-over... dept
While there's been plenty of talk about setting up security technology that would "fight back" when computers are attacked, most have stayed away from the idea, admitting that it could cause a lot more damage than it prevents. However, one company is now promoting that very idea and using a bunch of war metaphors to support their position on "information warfare." The idea is that they have a standard network security product, but if things get bad enough, it will somehow go on the offensive against the source of the problem. That "somehow" is a big question mark however. The company won't describe (at all) how they fight back, so there's no way to know what they're really doing. This could be a big problem - especially now that many attacks seem to come from compromised computers. What happens when these sorts of offensive systems then start attacking each other?
Reader Comments
(Flattened / Threaded)
Styles of Fighting Back
Seeing how actively fighting back would be sheer stupidity the angle they attack back might be more locally based. I havn't read anything but this blog so this is probably pissing into the wind but if the system were to determine it was being actively attacked it could learn what the flaw is, block the traffic being caused by it and track as much information about the attacker as it can. Anyway. Creating the kind of software that 'attacks back' and selling it would be such a high liability risk it'd be stupid to attempt imho.
(reply to this comment) (link to this comment)
No Subject Given
In theory I'm ALL for slamming down a lousy script-kiddie who thinks its funny to trash my network....IN THEORY. I've rarely indulged and the few times I have, it was when I was ABSOLUTELY certain of the moron's identity...usually because this person WAS a moron using automated tools off of the net without any knowledge whatsoever.
However, installing software that automatically retaliates against threats is problematic because even moderately skilled idiots out there can and DO cover their trail, which would lead to a whole new industry of DDOS tools which would require no zombies at all (machines previously infected with a trojan a script kiddie could manipulate for a DOS attack)...instead machines with this kind of software installed would be pre-installed zombies who could be spoofed to respond from an "attack" by any number of targets.
Want to bring down Yahoo again? Spoof a few of these machines into thinking yahoo.com is hacking them...I'm sure its easily done.
(reply to this comment) (link to this comment)
Re: No Subject Given
Oh well, guess the idiots with compromised zombie machines will have to wake up and actually fix their machines.
Let the war begin !
(reply to this comment) (link to this comment)
Add Your Comment