[21684] in North American Network Operators' Group
Re: Exodus Customer Security
daemon@ATHENA.MIT.EDU (Bret McDanel)
Wed Nov 18 12:49:26 1998
Date: Wed, 18 Nov 1998 10:30:23 -0500
From: Bret McDanel <bret@rehost.com>
To: asr@millburn.net
Cc: nanog@merit.edu
Reply-To: bret@rehost.com
In-Reply-To: <Pine.BSF.4.02A.9811180846500.11580-100000@thuule.pair.com>
---Reply on mail from Adam Rothschild about Exodus Customer Security
> On Wed, 18 Nov 1998, Richard Irving wrote:
>
>> Ask yourself this:
>> Can you (as an NSP) guarantee me
>> that *none* of your boxes,
>> or *customer* boxes, have been infected ?
>
> That's a bit extreme, and should not be expected of any NSP.
>
> All I want is, when such obvious and widespread abuse is coming from their
> (Exodus's) customers, they step in and do *something* (that something
> being contacting the customer, and severing connectivity if the problems
> do not cease in a reasonable amount of time), rather than just ignoring
> this entirely. Am I being too idealistic here?
>
Does anyone know what they actually did? For all you know they contacted
either the secret service or the fbi high tech crime squad and were told
to keep the link up so that monitoring could take place (it would require
a court order to sniff and make the logs admissable as per federal
evidence guidelines (computers logs are concidered hearsay unless they can
be shown to be business records, and as such you have to collect them and
use them in the normal course of business, and then you have to verify
reliability blah blah blah (18 USC 2511 (title 18 section 2511) talks about
wiretapping, http://law.house.gov has all this online)..
This is certainly a violation of 18 USC 1030 which deals with fraud
relating to computers. Possibly 18 USC 1029 (access device fraud).. Logs
that would be admissible may be what was sought, and for that, they had to
keep the customer online, and actually for that they wouldnt want anyone
spooking the customer and making them stop before they could monitor..
Without knowing what Exodus really is doing behind closed doors I would
have a problem with saying that they should have done something.. For all
I know they did do something, or are in the process of doing something,
but then again, they could be doing nothing at all (it is after all
cheaper, and would sit better on the budget :)
--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144
These opinions are mine, and may not be the same as my employer
