I can see now that it's only a matter of time before some nut writes "The
Art of War in the Internet". I read the whitepaper, it goes on a lot about
how defensive policies are ineffective but doesn't really say why active
response has never been tried:
A. Most of the time dDOS traffic is from spoofed sources anyway so whichever
machine you "return fire" on is probably not the one that attacked you.
B. NAT translation means a hacker has a tailor-made defense against any
active repsonse.
C. Even if you can directly attack a machine being used against you it's
almost certainly not the perpetrator's box, he/she is sitting half a world
away. The box you intentionally destroy is likely some innocent family PC
that was taken over using some unplugged windows security hole.
D. Widely deployed active defense will give an attacker a new form of dDOS
attack, spoof the source of the one you want to hit in attacking several
"active defense" systems and watch them attack your target for you.
Their proposition is a terrible idea and their "rules of engagement" would
be funny instead of frightening if it wasn't serious
GP