when a "hack back" is appropriate?

[Sm0kinP0t]

IMMO, hack backs will always be a controversial question due to the fact that one may feel in the right no neutralize an attacking system, but what if that system is mearly a zombie, and Joe Average user doesn't even know what his only-4-checking-email-computer is doing...

Soulemans solution may be the right way to deal with it, block their IP or if you're really upset then tracert them and report them to the abuse@their isp. Even if they don't know they are compromised, an email/cut-down from their ISP will definitly ring some bells.

I've read here on AO that a good nmap scan back sometimes is what it takes. If he's really trying to hack you he will know YOU KNOW, and possibly stop being such a lammer.

[ghostofanonion]

Here here, I think it's all cool in some cases force is nescesary but were talking about sheer eye for an eye tactics. It's wrong, I'm no chrstian or cathoic whatever you call it. But your all asking for a world of pain, both in your jobs and in legal terms if this thing goes through, How many people are going to become half assed Hackers becuase theres a legal way to do it, how many of those under 18 script kiddies wll get a slap on the hand for doing it and told not to do it again. It won't be a big thing hacking will become a nominal thing and ... it'll muddy the whole issue. Isn't it simple enough that we can ... inform authorities, surely theres some way of doing this. Christ imagine what would have hapened if we were hacking back during the blaster worm thing.. I don't think I could have handled the work load... Eauch...

[cross]

just to clarify something, if some one hits you, and you feel they will harm you again and have no way to aviod it, you CAN hit them back, it's called self defense. Disabling the attacker is not illegal, least not in the usa... As for computers, there are other options, calling isp, firewalls, etc... this is why it will never be legal.

[gore]

Originally posted here by cross
just to clarify something, if some one hits you, and you feel they will harm you again and have no way to aviod it, you CAN hit them back, it's called self defense. Disabling the attacker is not illegal, least not in the usa... As for computers, there are other options, calling isp, firewalls, etc... this is why it will never be legal.

The Law says, that if someone ATTEMPTS to hit you, you are legally aloud to swing. They had this on TV one time. They brought in a lawyer because there was a myth that you had to be hit in the face 3 times before you could strike back.

The lawyer said "The law says if they attempt to hit you, or act like they may hit you, or if they do hit you, legally you can hit back and stop themf rom harming you. No one is going to wait for 3 hits to the face before hitting back thats stupid".

So, port scanning my network, is an attempt at hitting me, and attacking it is hitting, guess what's going to happen.

[jinxy]

The point about defending yourself from a physical attack is that you can only use what the law refers to as reasonable force, at least that is what is allowed in the uk. So if someone tries to punch me and i pull out a gun and shoot him, then i will be going to prison for quite some time as that amount of force will be deemed exessive.

So if someone is trying to hack me what would be classed as reasonable hack back? I think the whole issue would be a nightmare.

[MrLinus]

So, port scanning my network, is an attempt at hitting me, and attacking it is hitting, guess what's going to happen.

Prove it, beyond a reasonable doubt, that they scanned you -- keeping in mind that anything electronic can be altered whether on the screen, on magnetic media, written to media, etc.

This is the biggest problem with the attack back scenario and why, IMHO, it will never be justifiable. It is near impossible to prove without some doubt that someone specifically attacked you. It gets to be even more fun with places like Internet cafes and DHCP (that is actually functional).

I certainly would love to get back at the schmucks sending me all sorts of spam and/or viruses (I consider the propagation of viruses a direct attack given the volume they take up on networks) but reality is that I cannot prove for sure that a) the person at the machine presently is aware b) is in fact the "criminal" c) actually came from their machine.

Then again.. it does work both ways! (however, with my luck, I'll get the schmuck that spoofed the FBI)

[Tiger Shark]

Ms. M: I think in a case where a worm has been "on the market" for a month, it hit the mainstream media and the schmuck still hasn't recognized or cared that his machine is hammering away at every machine it can then a hack-back is justifiable when you are getting no joy from the ISP.

Outside that it's really hard to prove that the IP address "attacking" you is anything to do with the real attacker. Now, were you to do a little "engineering" and maybe place a little logging system to determine the address of the remote connection and then follow the trail to the source then a hack-back is a wonderful thing.... But I have a life and I'm a sucky "cracker" so it's not something I'd try.... But I wouldn't castigate the person that does.....

[fl34bit3]

Souleman>> I know exactly what you mean. Just wanted to say though that i forgot to put in part of what i was going to say. I meant to add in that "when all else fails" that you have to do whatever is neccessary. But that would be the last and absolute final step in a long list of things to fix the problem.

PeacE
-BoB