On 30 Jun 2002, Paul Iadonisi wrote: > Harumph. I kinda knew that, but in a way, I was hoping there was a > way, from the attacker's perspective, of making it really look it was > coming from himself. Because, really, it is.
Eh, if you're really going to use this in a retaliatory fashion, there are better weapons. Derek's right in that it shouldn't be used as such, regardless of the legality. > clean of these scourges. Having rogue packets bounced back to you is > one more method of waking these people up. Just because someone doesn't know about a problem doesn't mean we have to impact everyone else that's on the same router/switch as that guy. We should be taking the higher ground here. We know what's right and what's wrong. To take your analogy to a more accurate, real world depiction: Imagine someone throwing a brick through your window. The brick has a note tied to it that says 'From Your neighbor at #126 Fifth St.'. Do you go and call the police on your neighbor? Do you pick it up and throw it back through his window? Without the analogy: Joe Dohn decides he wants to be a hacker after getting his news SANS certification and the 'Red Button Disk'. He sets it up to send a random DoS with a spoofed source out to some network somewhere. You get the packet, aren't affected (of course) and send it back with your MIRROR rule. You end up DoSing the SPOOFED source's network - some random person who had nothing to do with it other than random selection of an IP address. Spoofing a source is incredibly trivial... so trivial that it should be relied upon that an attacker's (specifically a DoS's) Source IP is spoofed. Ben -- A Jade stone is useless before it is processed; a man is good-for-nothing until he is educated. ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************