|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org From: Steve Atkins <steve@blighty.com> In-Reply-To: <44A68DD2-40FC-470E-9FB2-29D10585886D@mykolab.com> Date: Mon, 29 Aug 2016 09:47:04 -0700 To: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org > On Aug 29, 2016, at 9:37 AM, Paul Ferguson <fergdawgster@mykolab.com> = wrote: >=20 > I would suggest that violation of the ISP=E2=80=99s ToS should also be = consideration, since what may be illegal in one jurisdiction may not be = illegal in some other jurisdictions. Unless your abuse / security desk is staffed by lawyers it's probably = better to avoid words like "criminal" and "unlawfully" altogether and = stick to "in violation of our ToS". > Repeated abuse and violations of an ISP=E2=80=99s ToS should also be a = consideration to terminate a customer relationship, and ISPs are fully = within their rights to take this type of action. And don't need to lean on "it's probably illegal" to do so, nor imply = that if it were legal they wouldn't necessarily enforce their ToS. (All assuming that being abused as part of a dDoS reflector actually is = against your ToS. If it's not things get more complex.) Cheers, Steve >=20 > - ferg >=20 >=20 >=20 >> On Aug 29, 2016, at 9:31 AM, Gareth Tupper = <Gareth.Tupper@warnerpacific.com> wrote: >>=20 >> "unlawfully" is probably redundant, unless these are otherwise = law-abiding cyber criminals. >>=20 >> /pedant >>=20 >> -----Original Message----- >> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of William = Herrin >> Sent: Monday, August 29, 2016 9:28 AM >> To: Jason Lee <jason.m.lee@gmail.com> >> Cc: nanog@nanog.org >> Subject: Re: Handling of Abuse Complaints >>=20 >> Dear Customer, >>=20 >> Cyber criminals are using your network (and ours) to unlawfully = attack other computers on the Internet. >>=20 >> The specific security problem with your DNS server at 127.0.0.1 was = first reported to you on Date1 (original message attached). Please be = advised that we will interrupt network access to that server on Date2. >> This will likely disrupt your service. >>=20 >> To avoid disruption, please contact me at Email with a mitigation = plan no later than close of business Date3. >>=20 >> I stand ready to assist any way that I can. >>=20 >> Regards, >> Your Name >>=20 >>=20 >>=20 >>=20 >>=20 >> On Mon, Aug 29, 2016 at 11:55 AM, Jason Lee <jason.m.lee@gmail.com> = wrote: >>> NANOG Community, >>>=20 >>> I was curious how various players in this industry handle abuse = complaints. >>> I'm drafting a policy for the service provider I'm working for about >>> handing of complaints registered against customer IP space. In this >>> example I have a customer who is running an open resolver and have >>> received a few complaints now regarding it being used as part of a = DDoS attack. >>>=20 >>> My initial response was to inform the customer and ask them to fix = it. >>> Now that its still ongoing over a month later, I'd like to take = action >>> to remediate the issue myself with ACLs but our customer facing team >>> is pushing back and without an idea of what the industry best = practice >>> is, management isn't sure which way to go. >>>=20 >>> I'm hoping to get an idea of how others handle these cases so I can >>> develop our formal policy on this and have management sign off and = be >>> able to take quicker action in the future. >>>=20 >>> Thanks, >>>=20 >>> Jason >>=20 >>=20 >>=20 >> -- >> William Herrin ................ herrin@dirtside.com bill@herrin.us = Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> >>=20 >>=20 >> This electronic mail transmission contains information from Warner = Pacific Insurance Services that may be confidential or privileged. Such = information is solely for the intended recipient, and use by any other = party is not authorized. If you are not the intended recipient, be aware = that any disclosure, copying, distribution or use of this message, its = contents or any attachments is prohibited. Any wrongful interception of = this message is punishable as a Federal Crime. If you have received this = message in error, please notify the sender immediately by telephone = (800) 801-2300 or by electronic mail at postmaster@warnerpacific.com. >=20 > =E2=80=94 > Paul Ferguson > ICEBRG.io > Seattle, Washington, USA >=20 >=20 >=20
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |