The only MAJOR issue I had with this article was your statement very early on that many hackers are very curious. That is true, but only, for the most part, of script kids and non-objective-driven hackers. Real hackers that want to GET something from your system don't go randomly executing binary for yucks.

Now, I realize that from many admins' perspectives, an attack is an attack, but frankly, spend your time worrying about the attackers who WANT to hurt your system, at least when you're talking about retaliation or proactive defense.

Really, this all seems like the same old information security approach - try to build things to anticipate the attack; that's really what you're doing when you secure your system.

Security admin that I've met are generally pretty lazy, and the last thing they'd like to do is implement a CMMI-type system that MANDATES constant reasessment of their systems and testing.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1856/1204#1204