when a "hack back" is appropriate?
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: when a "hack back" is appropriate?

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002

    when a "hack back" is appropriate?

    Tim Mullen @ securtity focus has written a paper on why he thinks "hack backs" should not be illegal.

    When Striking Back is The Best Defense

    It makes for an interesting read... let the controversary begin... or continue...

    oh... looks like

    Columnist Tim Mullen is on vacation. This article originally appeared July 29th, 2002.
    still an interesting read for those who have not already read this...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Very nice read I must say, and I agree.
    The command completed successfully.

    \"They drew first blood not me.\"

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    I still get those requests from machines infected with nimda. It's about three ip's that I get many of these requests from. Maybe I should do something. Mwahahahaha. But I think that now they have something for iptables, that you can put in a string and it will drop requests containing that string. I haven't used it yet because I don't have the .so file. I think it requires a newer version of iptables and is not as simple as just putting the .so file where it belongs. I need to secure my box better though, I still haven't figured out how to get my iptables to block requests from a certain ip. Can anyone show me step by step. Because it is always the same ip's that issue these requests. I would like to setup a rule for each that blocks all requests from that ip. Help. Sorry I just started typing and it ended up turning into me asking for help.

  4. #4
    Join Date
    Dec 2003
    I have to agree BUT were talking about the Amendment which is really an american thing.

    Just becuase someone hit me dosn't mean I am entitled to hit them back, if someone thieves from me I am not allowed to hit them back.

    If someone inadvertantly smashes my car I am not allowed to trash their car in return... There are a lot of things that this issue will refer to. I'd be carefull what you all wish for

  5. #5
    Senior Member
    Join Date
    Jul 2003

    iptables nutshell

    iptables -s x.x.x.x

    this would do something to packets from the respective IP. what? we use -j [jump] to decide...

    iptables -s x.x.x.x -j DROP

    this would drop the packages, which is a stealth measure for the most part. other options are ACCEPT and DENY. In the case of the latter the other machine receives a "request denied" so it is preferable to use DROP.. nothing gets sent back, so in the case of pings nobody would know you are there

    iptables -A CHAIN -s x.x.x.x -p tcp --destination-port ftp -j DROP

    This is used in order to add rules to those already existent. For how to create a new chain and stuff, iptables --help or man iptables should help you out... that's really not a big deal

    so, the -A stands for append, CHAIN is which chain you want to use, -s x.x.x.x is source IP, -p is the protocol [tcp in this case, also could be udp or icmp], and --destination-port specifies only certain ports to use this rule. Port's can be assigned by name or number. FTP in this case could be 21... Also, the -j DROP means "jump to DROP"... DROP being a specific mode of iptables.

    You could also have something like...

    iptables -A CHAIN -d x.x.x.x -p tcp --source-port ftp -j DENY

    Here you see we have -d x.x.x.x and --source-port... it means destination IP and the port on your machine from where communications starts. It's use to restrict certain users from certain stuff. I'm sure you can think of some uses...

    iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 80 -j DROP

    This command stops all communications on interface ppp0 [or you could have eth0 here]. -i stands for input and -o for output... Then we have the rule, which says that on protocol tcp, all syn packages _except_ [the '!'] those to port 80 will be dropped.

    Again, iptables --help or man iptables should teach you quickly how to save these new chains [so that upon reboot your new rules are still in place] and... further info [where I learnt iptables, pretty much, except for the man ] here!

    I just thought I should give you a nutshell of what's there anyway. Hope it helps!

    issue with URL

  6. #6
    Senior Member
    Join Date
    Mar 2003
    If someone inadvertantly smashes my car I am not allowed to trash their car in return...
    Hmmm i dunno if someone smashes your car its a good chance theirs is going to be a bit smashed as well. Oh well back on subject

    I agree that yes hack backs could be legitimate depending on the situation. I mean if a system is attacking you non stop and its costing you then you have to do what is necessary to stop the attack. Even if that means neutralizing the system. Im not talking about just attacking because of a ping that would be rediculous. I think you will understand what im talking about.

    #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
    ($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
    Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
    ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)

  7. #7
    Senior Member
    Join Date
    Nov 2001
    if someone has to wonder if a hack back is ethical or not they shouldn't even attempt it. some un-ethical son of gun is just going to kick the crap out of them
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    Originally posted here by fl34bit3 I mean if a system is attacking you non stop and its costing you then you have to do what is necessary to stop the attack. Even if that means neutralizing the system. Im not talking about just attacking because of a ping that would be rediculous. I think you will understand what im talking about.
    Or you could block them at the firewall. And if your firewall doesn't work, then contact your ISP and ask them to block it at the router. And also contact the ISP of the offencing machine and show them logs proving what is going on. Better results then a "hack back" and completely legal.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  9. #9
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    When dealing with law it is much simpler to keep it as black and white as possible. Either something IS or it ISN'T legal. If you start trying to spell out scenarios where it is legal or isn't legal you open it up to interpretation and you never know who is going to be the one drawing the line.

    Its like our freedoms here in the U.S. We have the freedom of expression, religion, etc. I think the KKK is abhorant and should be illegal, but if I decide that their beliefs are illegal, what is to stop the next congress from deciding MY beliefs are illegal. Once you start drawing lines its a slippery slope and you don't know if you'll like the next line that is drawn- you may be on the wrong side of it.

    I wrote an article a while back in which I think I may have even referenced Tim Mulle's presentation: Counter-Hacking: Savior or Vigilante?

  10. #10
    Senior Member
    Join Date
    Oct 2002
    Ig he thinks he can "hack back" without forensically contaminating the evidence stored on a machine, he is an idiot. The machine is infected with a virus. You know and I know whether or not tht virus changes timestamps. But try exlaining that to a jury and you'll begin to understand the problem.

    He would find it incredibly difficult, if not impossible, to convince either judge or jury that the timestamps can be proven to be accurate and that therefore his attack was not the one which got the machine infected in the first place.

    But beyond that, this practice is just unethical. This type of eye-for-an-eye justice is what our legal system is designed to avoid. I don't know where he comes from, but in the civilized world we base our justice system on rehabilitation, not revenge.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts