there seems to be plenty of software to download to do malicious hacking but could you tell me if there is security software that can spot an attack and attack them back as it seems we are to passive in defence
apostle
Printable View
there seems to be plenty of software to download to do malicious hacking but could you tell me if there is security software that can spot an attack and attack them back as it seems we are to passive in defence
apostle
Theres a program called BLACKICE DEFENDER, that warns you of attacks im not sure if you can attack back, but i think you can dissconnect them from the server and some **** like that.
Yes, search the IDS & Scanner forums... there should be tons of info...
I'd personally suggest SNORT (www.snort.org)
[edit] an IDS is a defensive tool only, although you can always contact the authorities, that's the ultimate hacker-counter-measure ;) [/edit]
Attacking someone back for an attack isn't always a good idea. What if the attacker is spoofing their IP address? You end up attacking someone who is innocent. In addition, there is the ethical issue of attacking someone. You truly become no better than the attacker and you will be subjected to the same laws that he/she is.Quote:
Originally posted here by apostle
there seems to be plenty of software to download to do malicious hacking but could you tell me if there is security software that can spot an attack and attack them back as it seems we are to passive in defence
apostle
I've yet to see any firewall/IDS that deliberately goes after an attacker, largely due to -- I believe -- the issue of legality.
Besides, if you know what or how an attack works then your defense should be fairly good and you won't have to worry about an offense since they can't get in.
We don't need a war on the Internet, caused by script kiddies with their brand new tools... Imagine the following case: 2 companies have a reactive IDS which attacks back. Our script kiddie spoofs company #1's ip and attacks the second... What would happen? The two companies attacking each other... and for what reason? A stupid guy? :)Quote:
Attacking someone back for an attack isn't always a good idea. What if the attacker is spoofing their IP address? You end up attacking someone who is innocent.
So the best thing to do (and the only one!) is defence.
as a newbie i have a lot to learn ,and i will take your advice...thanks for not shooting me down in flames
apostle
Good point about contacting the authorities, the FBI or whoever deals with computer crime, are really big into busting people for hacking and stuff like that.
Have you ever heard "It happened to a friend of mine ?". Well (no BS) it did.
He was getting scanned by someone and decided to try and 'hack' back at them.
(I said NO NO NO !!! They may know more than you) And they did. His computer
wouldn't startup the next morning. (files deleted)
MsMittens is right, Spoofing would hide the atackers ip and thus the ip you are atacking is the inosent victim. Often a victims computer is comprimized by a worm or trojan which is then useing the victims computer to atack others. Two wrongs dont make a right, if you suspect malicious activity by somone conecting to your computer the best thing to do is contact their isp by sending an email to [email protected] whatever their abuse email is, and inform them of the incodents.
Being sure to provide them with the unmodified logs with valid time stamps. And note your timezone, they can then compare their logs with the logs you present and determine the best cource of action. Furthermore launching an atack back may raise flags on your acount and may result in your isp terminateing your acount without any notice.
Hacking related tools such as keyloggers, viruses, trojans.. have a corosponding set of software determined to defeat these, such as anti-keyloggers, anti-trojan, antivirus, IDS systems...
in the interest of info there is a tool at www.blackcode.com made by ewen g that monitors ports , windows and other nifty stuff (very comprehensive)and includes customizable messages to be sent to a person trying connect or you can boot them off , syn flood too i believe (don't do that its lame),its called killerwall l337
As already said before, these aggressive countermeasures may harm innocent people, and might also warn them that you are aware of the attack. There are cases (example, honeypots) where you want to retrieve the most information from the attacker. And even when this is not the case, remember that accurate logs will make it much easier to spot the attacker. Just bear in mind that in several incidents, you may need the cooperation of other administrators, isp and etc. There are several ways of hiding yourself when commiting computer crime, and more important, several ways of blaming someone else. Be careful.
IDS seems to be what you want. :)