[191219] in North American Network Operators' Group
Re: Handling of Abuse Complaints
daemon@ATHENA.MIT.EDU (William Herrin)
Mon Aug 29 14:18:24 2016
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
In-Reply-To: <E210BF89-9983-44F7-B53F-6594456FB8C4@blighty.com>
From: William Herrin <bill@herrin.us>
Date: Mon, 29 Aug 2016 14:17:53 -0400
To: Steve Atkins <steve@blighty.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Mon, Aug 29, 2016 at 12:47 PM, Steve Atkins <steve@blighty.com> wrote:
> Unless your abuse / security desk is staffed by
> lawyers it's probably better to avoid words like
> "criminal" and "unlawfully" altogether
Not really an ambiguous situation IMHO, but whatever floats your boat.
Bear in mind, though, that if you reasonably suspect your company is
caught up in a specific violation of the law and you fail to validate
and/or end the violation, your inaction brings liability on the
company. Even though you're not a lawyer.
That's true from the highest executive to the lowest janitor.
> and stick to "in violation of our ToS".
This I would avoid. A ToS is a contract. Contracts are open to
negotiation. The law is not. If you don't want to say "unlawfully
attack," then stop at "attack."
On Mon, Aug 29, 2016 at 1:04 PM, Laszlo Hanyecz <laszlo@heliacal.net> wrote:
> I know this is against the popular religion here but how is this abuse on
> the part of your customer? Google, Level3 and many others also run open
> resolvers, because they're useful services. This is why we can't have nice
> things.
Google mitigates the attack vector with rate limiting through custom
software. I would venture a guess that Jason's customer is not that
sophisticated.
Regards,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
