I l @ ve RuBoard |
Automated responses to an incident can be extremely useful and aid in the rapid response to an incident. Automatically enabling information-gathering systems and disabling vulnerable services can reduce the impact of the attack. However, one may be tempted to take counter measures and strike back at the attacker with a denial-of-service attack or other means to disable the attacker's ability to continue the attack.
CounterstrikeThe concept of retaliation is not new. It is a basic military strategy to eliminate the opponent 's ability to wage war. This appears to be the stance of a growing number of large companies that have been victimized by hacker attacks. Countermeasures include tools that disable an attacker's browser, block TCP/IP connections, or launch debilitating countermeasures such as denial of services or flooding attacks.
However, it is difficult to be assured that the attack is coming from the location it appears to be. Even though the concept of counterstriking is intriguing, one problem with getting involved in a cyberspace shoot-out is being certain that you are targeting your attacker. It is common for an attacker to route the attack through other sites on the way. Hackers can also forge packet headers to make it appear that an attack is coming from a completely different location. If a company is shooting first and asking questions later, innocent people could be hurt. And the organization that returns fire may open itself up to civil, criminal, or physical risk. The net-based counterattack described above, although minor in scope, raises important legal and political issues. Do organizations have the right to counter any of the hundreds of hacker attacks they receive everyday with counterattacks of their own? Will this depend on whether the organization is a government or military organization or a private company? Will the source of the attack, being either foreign or domestic, affect this question? All of these questions will have to be answered in the coming digital years. |
I l @ ve RuBoard |