.

Ethics question

<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Jan 16, 2007 1:04 pm

Ethics question

I've not seen anything about this posted or written anywhere, so maybe some of you can answer this question. I noticed there was a book advertised somewhere (maybe even in a post by someone here, can't remember where I saw it; if I find it I'll post the title) about aggressive network defense. This has always been something I've been a little curious about and it brings me to my question: Is it ethical to attack your attacker?

Thanks,
V
<<

CadillacGolfer

Newbie
Newbie

Posts: 36

Joined: Thu Dec 14, 2006 1:58 pm

Post Tue Jan 16, 2007 1:13 pm

Re: Ethics question

No, it is not ethical.  Not to mention you can run into problems like Blue Security did and have to close your doors

http://www.computerworld.com/action/art ... Id=9000578
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Jan 16, 2007 2:27 pm

Re: Ethics question

Aggressive Network Self-Defense by Neil R. Wyler, Bruce Potter, Chris Hurley.

Book Description
I'm Mad As Hell, and I'm Not Gonna Take it Anymore!


- Analyze the technical, legal, and financial ramifications of revolutionary and controversial network strike-back and active defense techniques.
- Follow the travails of eight system administrators who take cyber law into their own hands.
- See chillingly realistic examples of everything from a PDA to the MD5 hash being used as weapons in cyber dog fights.

There is a certain satisfaction for me in seeing this book published. When I presented my "strike-back" concept to the security community years ago, I was surprised by the ensuing criticism from my peers. I thought they would support our right to defend ourselves, and that the real challenge would be educating the general public. It was the other way around, however. This is why I'm happy to see Aggressive Network Self-Defense published. It shows that people are beginning to consider the reality of today's internet. Many issues are not black and white, right or wrong, legal or illegal. Some of the strike-back approaches in this book I support. Others, I outright disagree with. But that's good--it gives us the chance to truly think about each situation--and thinking is the most important part of the security business. Now is the time to analyze the technologies and consider the stories presented in this book before fiction becomes reality.--Timothy M. Mullen, CIO and Chief Software Architect for AnchorIS.Com

- When the Worm Turns... Analyze the technical and legal implications of "neutralizing" machines that propagate malicious worms across the Internet.
- Are You the Hunter or the Hunted? Discover for yourself how easy it is to cross the line from defender to aggressor, and understand the potential consequences.
- Reverse Engineer Working Trojans, Viruses, and Keyloggers Perform forensic analysis of malicious code attacking a Pocket PC to track down, identify, and strike back against the attacker.
- To Catch a Thief... Track stolen software as it propagates through peer-to-peer networks and learn to bypass MD5 checksum verification to allow multiple generations of attackers to be traced.
- Learn the Definition of "Hostile Corporate Takeover" in Cyberspace Find out who will own the fictional Primulus Corporation as attacker and defender wage war.
- Understand the Active Defense Algorithm Model (ADAM) Analyze the primary considerations of implementing an active defense strategy in your organization: ethical, legal, unintended consequences, and risk validation.
- See What Can Happen when the Virtual World Meets the Real World Use keyloggers, Bluetooth device exploitation, and Windows forensics to discover if your cubicle mate has been stealing more than post-it notes.
- Where the Wild Things Are... Follow along as a real-life "in-the-wild" format string bug is morphed into strike-back code that launches a listening shell on the attacker's own machine.
- Implement Passive Strike-Back Technologies Learn the strategy and implement the tools for responding to footprinting, network reconnaissance, vulnerability scanning, and exploit code.

Your Solutions Membership Gives You Access to: A comprehensive FAQ page that consolidates all of the key points of this book into an easy-to-search Web page "From the Author" forum where the authors post timely updates and links to related sites The complete code listings from the book Downloadable chapters from these best-selling books: Black Hat Physical Device Security Google Hacking for Penetration Testers Buffer Overflow Attacks: Detect, Exploit, Prevent Hacking a Terror Network: The Silent Threat of Covert Channels

TABLE OF CONTENTS Part I Fictionalized Cases of Network Strike-Back, Self-Defense, and Revenge Chapter 1 PDA Perils: Revenge from the Palm of Your Hand Chapter 2 The Case of a WLAN Attacker: In the Booth Chapter 3 MD5: Exploiting the Generous Chapter 4 A VPN Victim's Story: Jack's Smirking Revenge Chapter 5 Network Protection: Cyber-Attacks Meet Physical Response Chapter 6 Network Insecurity: Taking Patch Management to the Masses Chapter 7 The Fight for the Primulus Network: Yaseen vs Nathan Chapter 8 Undermining the Network: A Breach of Trust Part II The Technologies and Concepts Behind Network Strike Back Chapter 9 ADAM: Active Defense Algorithm and Model Chapter 10 Defending Your Right to Defend Chapter 11 MD5 to Be Considered Harmful Someday Chapter 12 When the Tables Turn: Passive Strike-Back 339


Was it this book by Syngress?

Don
Last edited by don on Tue Jan 16, 2007 2:32 pm, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Tue Jan 16, 2007 3:39 pm

Re: Ethics question

If you decide to fight back make sure your ISP is onboard or you might get a very big surprise. If you knowingly send bulk traffic like SPAM or a DDOS you might be responsible for the bandwidth used and the cost of the SLA's that where broken from your activity. I know a lot of people feel like fighting fire with fire but as "Ethical hackers" you should take the high road and work with the systems to stop illegal activities.

Just my 2 cents

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Jan 16, 2007 3:58 pm

Re: Ethics question

CadillacGolfer and slimjim100, thanks for the info.

Don, yes that was the book. Still can't remember where I saw it advertised, but that is the one.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software