what would you do....

[wgillam]

If you're protecting (or trying to protect) a network that really doesn't have any sensitive information on it and you kept receiving hack/dos attacks, would you turn the matter over to the feds or would you intervene and get rid of the hacker yourself ? (i.e. use an IDS to monitor the intruder and then counter-hack.)

[lostit44]

The best is to turn over all the info that you have collected on the attacks. Mind you theres times where I would like to take the law into my own hands and zap these @$$holes but unfortunatly that is frowned upon by the law and you could get charged even though you were just returning the favors by DOSing their systems. I dont have a lot of faith in the law but at times it is the best way to go also send the info to the server that the hacker is using they maynot be able to do much but you never know.

[Alcatraz]

Well, the government probably won't do anything. And counter-hacking COULD maybe get you in trouble. It's not exactly a win-win situation...

[wgillam]

I see. As far as collecting information on your intruder, what would be the best IDS to use?

[KorpDeath]

snort.

BTW - Just contact your local FBI office and they should handle the situation. They may interview you or take a look at logs. My experience with them has been fairly good.

[Maverick811]

Originally posted here by wgillam
If you're protecting (or trying to protect) a network that really doesn't have any sensitive information on it and you kept receiving hack/dos attacks, would you turn the matter over to the feds or would you intervene and get rid of the hacker yourself ? (i.e. use an IDS to monitor the intruder and then counter-hack.)

I would definitely gather as much information as possible and contact the proper authorities. You could wind up in more trouble if you try to counter attack the attacker, only making things worse. Although it sucks, the best way to go in cases like these is to inform the proper authorities and see what they can do - you'll have to hope for the best.

I know that it would make me feel good to go after some of these attackers, but I also know that I could wind up in deep water myself.

And KorpDeath beat me to it, Snort is pretty good.

[wgillam]

And all the lights on the router go red... It's very tempting to counter as I watch all those packets flow in and nothing flow out. Thanks for the info though. I'll keep you all informed if anything "goes down."

[Maverick811]

Are you running any kind of firewall hardware/software? I'm assuming so because you say that you are watching the packets flow in. What are you running? And have you been able to determine the source for these attacks?

[binary0boy]

If the Gov is looking at your intruder, it will give them a little more info on the prep. When it comes down to the line and there going after the guy the more info they have the better. It will also put his lawer in a vice and make the perps life in the slammer a little longer. ( Depending on what trouble he has caused) .

[Mr.Dos]

If you're protecting (or trying to protect) a network that really doesn't have any sensitive information on it and you kept receiving hack/dos attacks, would you turn the matter over to the feds or would you intervene and get rid of the hacker yourself ? (i.e. use an IDS to monitor the intruder and then counter-hack.)

Personally I would get rid of the hacker myself I would phuck his computer up were he could never use it again but hey thats me not you. or I would plant logic bomb's in his system and many others (contact each bomb with a command or phone it in it's up to you) and have one hell of a DOS ATTACK would I worry about getting caught, no because any attempt to track you would be very difficult because the innocent hacker(that hacked you) is actually transmitting the attack....so it is his ass not your's! but you don't sound black-hat So I am going to give you the info! F.B.I phone number 202-325-9164 or e-mail them at nccs@fbi.gov) This is Mick Palmer once again!

This is once again I AM A CRACKER