> I like your use of the word punishment as something negative in this context.
Some people decide to launch a DDOS attack or something like that in retaliation. It doesn't always happen, but there have been instances of an attacker being thwarted and then trying to punish the victim (who successfully defended themself) in some other way.
Yeah, this is what I had in mind. Right now the economics there seem in favor of attackers since botnet resources for low level DDOS are plentiful. While major players have plenty of measures for mitigation, for a residential/SOHO/SMB/smaller NPO even a very cheap DDOS or actual more focused (but still automated) hunt for vulnerabilities and unpatched targets might cause real trouble. Economics works both ways unfortunately, efforts like tarpits in principle aim to make mass scans more expensive and troublesome reducing the incentives. But attackers in turn can work to make it more expensive and troublesome to run tarpits or the like, and certainly have incentive to see them not spread. So who has the best multipliers and resources?
If "we" (both the overall world community and subsections) were able significantly reduce the resources available to attackers for DDOS making vengeance/example setting more expensive that'd help. But it seems like it's going the other way if anything :(
Some people decide to launch a DDOS attack or something like that in retaliation. It doesn't always happen, but there have been instances of an attacker being thwarted and then trying to punish the victim (who successfully defended themself) in some other way.