Re: No one wants responsibility

[Paul Franson <pfranson () VIROLOGIC COM>]

Unless Mr. Clueless (the Canadian ISP) is a Tier 1 provider, he has an
upstream.  They have rules too, and those rules most certainly do apply to
their customers' customers.  A quick e-mail (copying Sr. Clueless' response
to you) to the NOC, Security, and legal addresses of that Tier 1 sometimes
gets a response.

The first paragraph of the RR AUP
http://help.rr.com/repository/620/e21_rr_acceptableuse_policy.html says:

'Unauthorized attempts to enter or bypass the security of the Road Runner
network or Road Runner infrastructure without prior authorization is
strictly prohibited. Likewise, attempting to "crack", bypass, or compromise
the security of any other Internet user or network is prohibited. This
includes, but is not limited to, port scans, "root" compromise attempts,
IRC-related incidents (k-lines), and tools such as Back Orifice or other
"exploits" designed for such purposes.'



-----Original Message-----
From: Harlan S. Barney, Jr. [mailto:hsbarney () NYCAP RR COM]
Sent: Tuesday, September 19, 2000 7:10 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: No one wants responsibility


A few days ago, I received a reply to an intrusion attempt report that I
sent to a Canadian ISP.  He did not want any more reports (I have sent
two) as he did not have time and did not care about what his clients
did.

In browsing through the RR web pages I found that their AUP no longer
contains any reference to hacking, cracking or other intrusions.

Another report to a Korean bounced back.  They post a contact e-mail
address, but then never read their mail.