Jonathan Hutchins wrote:
On Friday 25 February 2005 05:22 pm, Geoffrion, Ron P [ITS] wrote:
One plan I think is rather valuable is to simply run the server and watch it very carefully.
That would make it a honey pot in production. I would advise more active measures (if you have access/control/contact over the network/firewalls).
I'm open to suggestions; I certainly didn't imply that was the _only_ thing I'd be doing. I do need to maintain the server in production; I do not control the firewalls but they are well managed.
A degree of "active measures" I'd love to see someday would be trace methods. Sadly most of the miscreants playing these games have some degree of spoof or relay insulating them from their just rewards. But were some truly gruesome and public examples made of those who cause us such effort ? I do NOT advocate mere crude violence. Despite how good it would feel.
Yet surely after we identify a culprit beyond reasonable doubt some creative fate could intervene in their lives no? Example being a return to Ban listing or Meidung. Literally put- do these exploits- get caught- and hell will freeze before any honorable person will acknowledge your existence . Game over. Full Stop . A complete shunning where the less polite will literally spit on such a wretch Perhaps a social hierarchy placing such keyboard vandals as less desirable neighbors than child molesters?
The only true ends to these Zeno races of exploit and counter exploit either will be software evolution or social evolution .
Or we revert to violence and mangle the keyboard fingers of any malware authors before telling them that no pain medication is in the future either . SIGH- we can dream eh ? Because it's no longer "Cute" or "Funny" . These exploits are making our lives harder so returning the favor seems more than fair to me.
DO note my acknowledgment that there IS a difference between public notification of an exploit weakness and someone actually using an exploit for malice. Open Source is stronger for our legitimate testing of weakness. Being told of a security hole is a good thing. Provided it's not abused. Nothing excuses abusing innocent people's data for any reason.
Oren
"Think of it as Evolution in Action"