Originally posted by GypsK
"a computer security system that tries to trace the intruder or hacker, next sends a warning and finally fries the attackers computer.... I mean
totally destroy it."
[edit on 5/6/2009 by GypsK]
I have no experience with a security system/software that does exactly that, but here are some details:
Tracing an intruder or hacker is easy unless he removed his traces, in which it can be a lot tougher - but since attacks are usually logged on
multiple places, it's really hard to remove all the steps. Normally a firewall will immediately log and/or display the attacker's IP-address, and
that's usually all you need (its 'the' internet address type). There is the possibility the attacker is hiding behind a proxy - meaning that the
IP-address belongs to a service the attacker is using to hide its own IP. In that case the proxies need to be probed for the real IP-addresses, and
that's quite a feature for a piece of software - if a proxy has no online accessible database of hidden IP's, the software would need to write an
email to the proxies' owner, methinks.. So probably it won't attempt to figure out the real IP-address, instead assume there is no proxy, and the
logged IP is the real attacker.
Sending a warning to an IP-address is quite possible, but there are several problems with it - to receive the warning, the computer/router/whatever at
that IP-address needs to have just the right message-protocol enabled. Old Microsoft OSes like 98 and 2000 used to have Microsoft's very own message
protocol enabled by default, which lead to spam without having your browser open.. really bizarre. Nowadays, this message protocol seems to be out of
use, so it probably wouldn't work. The system could try to find an email-address belonging to the IP-address, but it would be a big guess. If the
system had access to massive databases like MSN uses, it could easily find an email matching to the IP-address .. but the biggest problem is that an
ISP normally provides only 1 IP address per household. To the outside world, there is only one receiver - yet many of us have multiple computers
connected to the internet. This is mediated with a router, which responds to the designated IP-address, and forwards it to the right computer. But if
someone were to send a warning from the outside, how would the router know which computer to speak to? Same goes for MSN; if there is only 1
IP-address but 4 people on MSN, that means you would get 4 email-addresses. Any way you choose to go, it's "fuzzy logic" and you might end up
sending warnings to an innocent bystander (for example, when someone's computer is unknowingly being used as a proxy).
Then there is the last stone in the shoe - fry and/or totally destroy someones computer. As you hopefully see now (depends on my explanation-skills
:]) it's neigh impossible to be sure if you're targeting the right computer - you have to make a lot of assumptions, and if any are wrong, it's
someone else computer you're attacking. But the real crux is: what if that guy runs the same security system? Can the system crack itself? If a
security system can penetrate itself, it's not safe yet - which is the goal of a security system. So, no, it won't crack itself. It is by definition
impossible that a security system can destroy someone else's computer, because it might have to face itself. Other than being theoretically
impossible, if someone would not have the proper defenses (say, a basic firewall), there might be some damage to be done, but destroying a computer is
one of the most unlikely damages. Lots of people have a router or a firewall or linux (ok not lots of people
) - maybe the security system annoys
them by calling in all his security system buddies, and send a hell of a lot TCP/IP requests (ehh.. internet computer requests ;D) to the IP-address
so the computer can't handle the flood anymore, and finally halts (called a denial-of-service (DoS) attack). But most firewalls have protection
against that as well. It's likely that the security system has a list of common exploits through which it iterates, just trying every single
programmed option to see if the vulnerability is in place, and if it succeeds, it repeats the step, until it is lodged firmly into the other's
computer, at which point it could destroy it. But although the chances of finding a vulnerability expands with the size of the list of exploits, the
time it takes to find it expands as well - and the further in time we get, the more exploits out there have been fixed already. So even with such a
list, chances of getting in are slim.
The chances of all these things 'working out' for the security system are in my opinion not large at all. If your "someone" keeps his story up,
I'd willingly let him attack me!