>> I wonder if there is a way that a firewall rule could be written, that >> would let a trickle of the connection from Joe through, so as his >> dictionary attack gets backed up with a huge number of connections which >> are trickling through at such a slow rate, with maybe just enough delay >> built in to make it keep trying.... Basically making Joe's compromised >> computer useless.. and maybe he'd at least turn it off if it didn't lock >> up all by itself.... i knew someone once that wrote a countermeasures script that basically kept a look out for script kiddie type attacks. It was pretty good and he showed me once where he pointed a win2k box at his firewall and launched an 'attack' at which point the firewall did its thing and the win2k workstation bluescreened - was pretty funny to watch but not entirely sure about the legality of counterattacks.