Active countermeasures fall into two main categories. The first category includes the countermeasures taken by the security analyst as a reaction to an alarm of an Intrusion Detection System (IDS), or the countermeasures an Intrusion Prevention System (IPS) takes to block an Active Attack and to prevent the attacker from doing further harm.
The second category is more controversial. Here, the defender attempts to identify the attacker and then tries to stop the attack by actively exploiting vulnerabilities in the attacker’s computer. The legality of such an extreme countermeasure is currently being discussed in legal circles, and to date, no cases have been tried to indicate how the courts would rule in these cases.