SIP - perhaps botnet? anyone else seeing this?

• Previous message (by thread): SIP - perhaps botnet? anyone else seeing this?
• Next message (by thread): SIP - perhaps botnet? anyone else seeing this?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 10 Apr 2009 10:20:35 +0000 (GMT)
"Leland E. Vandervort" <leland at taranta.discpro.org> wrote:

> 
> 
> 
> On Fri, 10 Apr 2009, Roland Dobbins wrote:
> 
> >
> > IANAL, but I suggest you check again with your legal department - I
> > doubt this is actually the case (your jurisdiction may vary, but in
> > most Western nations, you can grab packets for diagnostic/
> > troubleshooting/forensics purposes).
> 
> Already did check... we can't grab packets except in response to
> judicial order or specific abuse case with a valid ID of the
> end-user, or of course for general technical diagnostics -- if for
> diagnostics, we cannot use such collected data in the context of only
> a suspicion of abuse at all as it would constitute an infringement on
> the individual's privacy.  So in short, we can do it REACTIVELY in
> response to a complaint.. but if we do it PROACTIVELY, then it cannot
> be used and is of "educational" value only (with caveats surrounding
> confidentiality, non-disclosure, and destruction,, etc.)
> 
You can if it the volume is interfering with your own service, I
believe (though IANAL, either) -- see this text from
http://www4.law.cornell.edu/uscode/18/2511.html

	It shall not be unlawful under this chapter for an operator of
	a switchboard, or an officer, employee, or agent of a provider
	of wire or electronic communication service, whose facilities
	are used in the transmission of a wire or electronic
	communication, to intercept, disclose, or use that
	communication in the normal course of his employment while
	engaged in any activity which is a necessary incident to the
	rendition of his service or to the protection of the rights or
	property of the provider of that service, except that a
	provider of wire communication service to the public shall not
	utilize service observing or random monitoring except for
	mechanical or service quality control checks. 

Note carefully that the second part applies to a "provider of wire
communication service", which is a phone company, not an ISP -- ISPs
are providers of "electronic communication service".  (Just to make
life fun -- if you're a VoIP *provider*, you probably fall under both
sections, but if you're just carrying VoIP traffic I don't think you
are).


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

• Previous message (by thread): SIP - perhaps botnet? anyone else seeing this?
• Next message (by thread): SIP - perhaps botnet? anyone else seeing this?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]