Handling of Abuse Complaints
Steve Atkins
steve at blighty.com
Mon Aug 29 16:47:04 UTC 2016
> On Aug 29, 2016, at 9:37 AM, Paul Ferguson <fergdawgster at mykolab.com> wrote:
>
> I would suggest that violation of the ISP’s ToS should also be consideration, since what may be illegal in one jurisdiction may not be illegal in some other jurisdictions.
Unless your abuse / security desk is staffed by lawyers it's probably better to avoid words like "criminal" and "unlawfully" altogether and stick to "in violation of our ToS".
> Repeated abuse and violations of an ISP’s ToS should also be a consideration to terminate a customer relationship, and ISPs are fully within their rights to take this type of action.
And don't need to lean on "it's probably illegal" to do so, nor imply that if it were legal they wouldn't necessarily enforce their ToS.
(All assuming that being abused as part of a dDoS reflector actually is against your ToS. If it's not things get more complex.)
Cheers,
Steve
>
> - ferg
>
>
>
>> On Aug 29, 2016, at 9:31 AM, Gareth Tupper <Gareth.Tupper at warnerpacific.com> wrote:
>>
>> "unlawfully" is probably redundant, unless these are otherwise law-abiding cyber criminals.
>>
>> /pedant
>>
>> -----Original Message-----
>> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of William Herrin
>> Sent: Monday, August 29, 2016 9:28 AM
>> To: Jason Lee <jason.m.lee at gmail.com>
>> Cc: nanog at nanog.org
>> Subject: Re: Handling of Abuse Complaints
>>
>> Dear Customer,
>>
>> Cyber criminals are using your network (and ours) to unlawfully attack other computers on the Internet.
>>
>> The specific security problem with your DNS server at 127.0.0.1 was first reported to you on Date1 (original message attached). Please be advised that we will interrupt network access to that server on Date2.
>> This will likely disrupt your service.
>>
>> To avoid disruption, please contact me at Email with a mitigation plan no later than close of business Date3.
>>
>> I stand ready to assist any way that I can.
>>
>> Regards,
>> Your Name
>>
>>
>>
>>
>>
>> On Mon, Aug 29, 2016 at 11:55 AM, Jason Lee <jason.m.lee at gmail.com> wrote:
>>> NANOG Community,
>>>
>>> I was curious how various players in this industry handle abuse complaints.
>>> I'm drafting a policy for the service provider I'm working for about
>>> handing of complaints registered against customer IP space. In this
>>> example I have a customer who is running an open resolver and have
>>> received a few complaints now regarding it being used as part of a DDoS attack.
>>>
>>> My initial response was to inform the customer and ask them to fix it.
>>> Now that its still ongoing over a month later, I'd like to take action
>>> to remediate the issue myself with ACLs but our customer facing team
>>> is pushing back and without an idea of what the industry best practice
>>> is, management isn't sure which way to go.
>>>
>>> I'm hoping to get an idea of how others handle these cases so I can
>>> develop our formal policy on this and have management sign off and be
>>> able to take quicker action in the future.
>>>
>>> Thanks,
>>>
>>> Jason
>>
>>
>>
>> --
>> William Herrin ................ herrin at dirtside.com bill at herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
>>
>>
>> This electronic mail transmission contains information from Warner Pacific Insurance Services that may be confidential or privileged. Such information is solely for the intended recipient, and use by any other party is not authorized. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of this message, its contents or any attachments is prohibited. Any wrongful interception of this message is punishable as a Federal Crime. If you have received this message in error, please notify the sender immediately by telephone (800) 801-2300 or by electronic mail at postmaster at warnerpacific.com.
>
> —
> Paul Ferguson
> ICEBRG.io
> Seattle, Washington, USA
>
>
>
More information about the NANOG
mailing list