I can see now that it's only a matter of time before some nut writes "The Art of War in the Internet". I read the whitepaper, it goes on a lot about how defensive policies are ineffective but doesn't really say why active response has never been tried: A. Most of the time dDOS traffic is from spoofed sources anyway so whichever machine you "return fire" on is probably not the one that attacked you. B. NAT translation means a hacker has a tailor-made defense against any active repsonse. C. Even if you can directly attack a machine being used against you it's almost certainly not the perpetrator's box, he/she is sitting half a world away. The box you intentionally destroy is likely some innocent family PC that was taken over using some unplugged windows security hole. D. Widely deployed active defense will give an attacker a new form of dDOS attack, spoof the source of the one you want to hit in attacking several "active defense" systems and watch them attack your target for you. Their proposition is a terrible idea and their "rules of engagement" would be funny instead of frightening if it wasn't serious GP -----Original Message----- From: Joshua Brady [mailto:jbrady@neoins.com] Sent: 11 March 2004 01:27 To: isp-chat@isp-chat.com Cc: nanog@merit.edu Subject: Counter DoS http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm Comments? Vodafone Global Content Services Limited Registered Office: Vodafone House, The Connection, Newbury, Berkshire RG14 2FN Registered in England No. 4064873 This e-mail is for the addressee(s) only. If you are not an addressee, you must not distribute, disclose, copy, use or rely on this e-mail or its contents, and you must immediately notify the sender and delete this e-mail and all copies from your system. Any unauthorised use may be unlawful. The information contained in this e-mail is confidential and may also be legally privileged.