When a denial-of-service (DOS) attack was launched against the World Trade Organization website during the WTO summit meeting in Seattle nearly four years ago, Conxion (the WTO's hosting service) retaliated. Conxion determined that the attack, consisting of a flood of page download requests, was coming from a single IP address belonging to a server run by a United Kingdom-based group called the E-Hippies Coalition. Conxion repelled the DOS attack by telling its filtering software to redirect network traffic coming from E-Hippies' server back to the offending machine. E-Hippies never publicly acknowledged the attack, but noted on its site that users were having a hard time getting through.
It's called hackback, and it's a still more extreme version of aggressive defense. Probably too extreme, in fact. Digex CSO Pamela Fusco, who generally advocates an aggressive defense strategy, says her company won't go as far as hackback because of the legal risks.
Jennifer Granick, executive director for the Stanford Law School Center for Internet and Society, runs through a litany of those risks: Placing unauthorized code on a person's machine without his consent
Granick further points out a simple logistical risk posed by hackback: Since hackers frequently disguise their attacks as coming from someone else, the counterstrike may wind up hitting an innocent party. In the WTO case, in press reports at the time, Conxion said it believed it had a clear trail back to the offending IP address at the E-Hippies server allowing it to reject the packets and return them to the sender. (NaviSite, the company which later acquired Conxion, did not return calls seeking comment for this story.)