What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Should You Fight Back when Computer Criminals Strike?

By Greggory Peck
Network Security Analyst
Editor Happy Hacker Windows Digest

Many people feel that if they are under cyber attack, they should fight back. Regardless of who you are, and how good an "Uberhacker" you may be, you can't be sure who is sitting behind a particular terminal or who is using a given users account on a given ISP. It is rare that somebody who has circumvented your firewall and is attacking your network is doing this from their own machine. Usually the cracker has compromised one or several Internet Service Providers telneting from one to the next. This creates a nearly untraceable trail through the Internet before launching his attack.

Some say, "It's not as if the cracker is going to go to the FBI and complain. After all, he was attacking my network." This is probably true. However, the owner of the server that you counter-attacked may well contact the authorities.

Fighting back also can be bad for your career. As a Network Security Analyst for a Fortune 500 company, if I were to strike back against an attacker, my employer would certainly consider me a security liability, not an asset, and promptly fire me. And then there may be questioning from the men in black as to why I destroyed a server at "Generic ISP."

Ok, so you get lucky. The cracker is attacking your network from home from his new *nix box. You trace back to the attacker and penetrate his machine. You execute clever counter attacks, gaining root and erasing his OS. That stops the attack in progress.

So you're sitting back with a grin knowing you just shut down the attack... or did you? Oftentimes crackers run in groups. This is especially true when dealing with high school or college students. Now instead of one attacker, a dozen crackers are all dead centered on doing your network harm. They won't rest until they have won one back for their victimized buddy.

Now you find yourself in a "Cracker War." Are you prepared to take on a dozen wily crackers who have nothing better to do with their time than figure out ways to penetrate your personal or company's network?

I would have a very difficult time ever testifying against somebody who did successfully strike back against an attacker and was being charged in a court of law. I would not have encouraged their course of action, but certainly would not condemn them for it.

Let's say you don't counter attack. Yet a group of crackers are relentlessly attacking your network, day after day, week after week, month after month, year after year. Sites such as Antionline.com and Happy Hacker must cope with this kind of concentrated, nonstop assault. What are we to do???

Although the FBI and US Secret Service are funded to fight computer crime, they simply won't help most victims of even massive, long lasting attacks. Even if they could add 600 highly trained security specialists, this is not going to solve the problem.

I am sad to say is that unless you are a very large organization (read: Multi-Billion Dollar Company) that is publicly traded and frequently in the media, whatever help is forthcoming from the FBI will certainly take a substantial amount of time to come to be. Once a federal agency becomes involved, they are limited by a number of statues and laws that prohibit exactly what they can and can not do in pursuit of your intruder or attacker.

You, acting on behalf of your company as the Security Analyst, can accomplish a great deal more than the FBI. Although ultimately the FBI is essential if you want to prosecute criminals, your "due diligence" in documenting everything, preserving all evidence, and management of the crisis is going to be more important than playing Rambo. As always, your best offense against a would-be attacker is a solid defensive posture.

Configuring your routers with Access Control Lists, the professional installation of an Intrusion Detection System, deployment of host/network based threat assessment and auditing tools, and a solid proxy based firewall will certainly be of great assistance. Couple the security technologies available for companies today with an efficient security awareness employee training program, strong password management and guidelines, and enforce a competent security policy. Then the odds of your attacker being successful are drastically decreased. Unless you irritate computer criminals by making fun of them (as Happy Hacker and Antionline do), chances are that your attackers will soon move on to an easier target.

It is true that their are a number of products that can run a user definable sequence of commands in response to a particular attack signatur. These include Sidewinder, Axent's Net Prowler, and ISS Real Secure. I imagine that ability was put into place to dump log files to a more secure location or perhaps even FTP the session information to another separate storage area so that it can be recovered in the event your network is left in shambles and data integrity is questionable. You can also configure all of the above devices to simply drop route on the attacker or to dynamically reconfigure your firewall with new rule sets specifically denying access to all resources from the source IP address. I don't believe that these programs were designed to "fight-back." However, I have had on occasion had sales representatives market that feature to me as a "counter-strike" feature.

Striking back because your network was attacked is still illegal. People may try to relate it to more physical types of actions such as defending yourself and shooting your intruder. That comparison isn't realistic. I'm not sure how comparing a network intrusion to a murder or immediate threat of life and limb is very applicable.

Ok, well, wonderful. All these security products are wonderful for companies with large budgets who can afford such tools. What am I to do if the attack is against my personal website I host on my home network??? See Carolyn Meinel's article How to fight back legally when computer criminals strike.

Of course, it's natural to take such an attack on your home network personally. But before you go off half cocked fighting back perhaps you should read an article by Adam L. Penenberg for Forbes Magazine entitled "A Private Little Cyberwar" which can be found at http://www.forbes.com/forbes/00/0221/6504068a.htm . It's much easier to swallow your pride and just shut off your PC or spend the appropriate time researching security and patching the known vulnerabilities in your system than it is to start a Private Cyberwar.

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group

© 2001 Happy Hacker All rights reserved.