Handling of Abuse Complaints
bill at herrin.us
Mon Aug 29 18:17:53 UTC 2016
On Mon, Aug 29, 2016 at 12:47 PM, Steve Atkins <steve at blighty.com> wrote:
> Unless your abuse / security desk is staffed by
> lawyers it's probably better to avoid words like
> "criminal" and "unlawfully" altogether
Not really an ambiguous situation IMHO, but whatever floats your boat.
Bear in mind, though, that if you reasonably suspect your company is
caught up in a specific violation of the law and you fail to validate
and/or end the violation, your inaction brings liability on the
company. Even though you're not a lawyer.
That's true from the highest executive to the lowest janitor.
> and stick to "in violation of our ToS".
This I would avoid. A ToS is a contract. Contracts are open to
negotiation. The law is not. If you don't want to say "unlawfully
attack," then stop at "attack."
On Mon, Aug 29, 2016 at 1:04 PM, Laszlo Hanyecz <laszlo at heliacal.net> wrote:
> I know this is against the popular religion here but how is this abuse on
> the part of your customer? Google, Level3 and many others also run open
> resolvers, because they're useful services. This is why we can't have nice
Google mitigates the attack vector with rate limiting through custom
software. I would venture a guess that Jason's customer is not that
William Herrin ................ herrin at dirtside.com bill at herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
More information about the NANOG