h a l f b a k e r yCrust or bust.
add, search, annotate, link, view, overview, recent, by name, best, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Please log in.
Before you can vote, you need to register.
Please log in or create an account.
|
The problem I see with current internet security is that its all
about
defense. People buy software to protect from hackers but there is
nothing to deter a hacker from trying to break in again and again
and when they do attempt entry they arent
likely to be caught or prosecuted.
My idea
is that in order to reduce the amount of hackers, is that
we
need to have methods in place for deterring their behavior. With
that in mind, my idea is for a software program called Nunchucks,
it would operate similar to a firewall/antivirus but would
remember IP address was trying to
break into your computer repeatedly, and eventually open a port
that would direct them to partition on your hard drive filled with
malware and dummy data. Whats more all
of the users of the protection software could become a part of a
botnet, so that if a hacker became a problem to more than one
user, they could all band together and use brute force attacks to
either slow down the hacker or damage his system.
[link]
|
| |
What a cunning idea. Basically the firewall could allow tunnelling through to a virtual sandbox created specifically for each remote IP. |
|
| |
Simply deliver sandbox results to offender's ISP. (Beats my initial expectation of raised shields and firing photon IP packets back.) [+] |
|
| |
I'd be all for this, except that it would be just as illegal as the first-order hacking. Also, your computer might be getting hacked by someone appearing to be using your grandmother's computer, and this would then go after her; the poor old thing. [neutral] |
|
| |
First of all good idea, but you are about 25 years too late in proposing it. Generally speaking it isn't uncommon to launch counteractive measures against the perceived source of a hacking attempt although it is generally illegal. Common techniques include DOS attacks to stop the hacker from communicating with zombies and co-ordinating further attempts, using junk requests to shut down the hackers internet connection by offending his ISP, and "Trojaning" malware in place of files the hacker is trying to download. In addition to obvious techniques some servers have Potemkin villages that are easily breached by brute force techniques but contain easily traced or worthless data. Hackers are wise to this and are very careful to protect their root location. Government and big name security firms will not hesitate to throw the entire book at you if you even poke at them but 99.9 percent of users should leave countermeasures strictly alone. |
|
| |
I had a nearly identical idea for dealing with spammers, but it
wan't very well received. [+] |
|
| |
My preferred solution is similar, but includes a trebuchet. |
|
| |
I agree with WcW. Countermeasures are best left to people who know what they are doing. The rest of us should be content to just bounce the access attempt. |
|
| |
hmm i suppose my idea of getting back at hackers int original
but i think the idea of giving them a taste of their own
medicine with botnets and viruses is fresh. Also I am thinking
this could be best done if it were integrated into store
bought software so that even novice users could have this
protection automatically rather than it being something
done manually by computer experts. |
|
| |
I understand the impulse but 'store bought' software isn't really up to the job of defending your computer, so how good or reliable do you think it would be at launching a counter-attack? |
|
| |
Just out of curiosity - a question for those who know these
things. Who sends these emails? Are they hardened
professionals, or just schmoes who have learned the bare
minimum and given it a go? When I get an email from a
woman in Jamaica who wants to give me lots of money, how
easy (in reality) would it be for me to find out exactly who
sent that email? |
|
| |
Well it's easy enough to find out who sent you an e-mail, the sender's address is part of the e-mail content after all, but the problem is that they may well not know that they sent it because they're using a compromised computer. |
|
| |
Yes, I know that, but I was wondering how easy it would be
to find the spammer. I'm assuming that most spammers are
not actually that sophisticated, and don't cover their trails
that well (though obviously true professional spammers do). |
|
| |
That email was probably sent from a zombie, that is, a computer that has been compromised by hackers to relay spam. It will physically be in the possesion of an innocent third party, who has no idea that the computer sends spam and doesn't really deserve to have his/her computer nuked. |
|
| |
Finding the real offender is more difficult. Most likely it is the company that sent the spam. But this is hard to prove. A policy of prosecuting the advertised company will have companies sending spam advertising their rivals. |
|
| |
There is probably nothing on the zombie that can trace the real hacker, unless the hacker is actually interacting with it. In this case you could get an ip address for a machine which you would need to hack and is probably an intermediate zombie. |
|
| |
actually, figuring out who originated an e-mail is not as simple as looking at the contents of the header. Since the header is a string produced at the origin the spammer can make the header whatever they wish. A fake "from" string can be any e-mail address, even to a server that does not exist. Due to this it can be anyone's address; your teacher, boss, the sheriff, an innocent stranger. The server name maybe a Red Herring as well such as spam from X@Yahoo.com not actually from a Yahoo server. Modern e-mail services try to validate your mail, but if you receive an e-mail with suspicious content the best thing to do is contact your mail server admin and see if the message seems valid. Second checking that "YOU'RE FIRED, DON'T BOTHER SHOWING UP" message with an actual human being is always a good idea. No, the hacker will not see your reply unless he/she has actually cracked the account which is a whole different can of beans. |
|
| |
I have to admit when I saw the title I thought the thing just called you names, but I gave it a +. |
|
| |