[71297] in North American Network Operators' Group
Re: Even you can be hacked
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Fri Jun 11 23:27:36 2004
From: "Stephen Sprunk" <stephen@sprunk.org>
To: "Owen DeLong" <owen@delong.com>, "James Reid" <jreid@vapour.net>,
"Sean Donelan" <sean@donelan.com>
Cc: "North American Noise and Off-topic Gripes" <nanog@merit.edu>
Date: Fri, 11 Jun 2004 21:54:46 -0500
Errors-To: owner-nanog-outgoing@merit.edu
Disclaimer: I am not a lawyer; consult yours before relying on advice from
any layperson, including me.
Thus spake "Owen DeLong" <owen@delong.com>
> Should the ISP have shut the customer off? Probably. I certainly would
> have. Are there ISPs that don't? You bet... Some because they are afraid
> to. Have ISPs been sued for turning off abusive or abusing customers?
> You bet.
You can be sued for doing anything or nothing (or both). The real question
is whether the plaintiff has any chance of winning, or even of getting past
a pre-trial motion to dismiss.
Presumably every ISP has some sort of AUP that allows the ISP to, at its
discretion, shut off a customer based on suspicion of abuse. Hopefully by
now they've all been updated to include in the definition of abuse a failure
of the customer to secure their system(s). Even if not, I can't see a
customer winning a case against an ISP who cuts them off for being infected
with a worm (the activity of which would fall under abuse).
> Is it prudent for an ISP to turn someone off? Depends on how you evaluate
> the risks involved. Either decision you make carries some risk.
Opening your doors for business invites all sorts of risks, including being
sued for totally ridiculous and frivolous reasons. Acting as allowed under
your contract with a customer does not substantially increase those risks.
Fear of exercising your contractual rights means you don't have much faith
in your contracts or representation.
S
Stephen Sprunk "Those people who think they know everything
CCIE #3723 are a great annoyance to those of us who do."
K5SSS --Isaac Asimov
