Security Incidents mailing list archives
Re: No one wants responsibility
From: Paul Franson <pfranson () VIROLOGIC COM>
Date: Tue, 19 Sep 2000 16:58:51 -0700
Unless Mr. Clueless (the Canadian ISP) is a Tier 1 provider, he has an upstream. They have rules too, and those rules most certainly do apply to their customers' customers. A quick e-mail (copying Sr. Clueless' response to you) to the NOC, Security, and legal addresses of that Tier 1 sometimes gets a response. The first paragraph of the RR AUP http://help.rr.com/repository/620/e21_rr_acceptableuse_policy.html says: 'Unauthorized attempts to enter or bypass the security of the Road Runner network or Road Runner infrastructure without prior authorization is strictly prohibited. Likewise, attempting to "crack", bypass, or compromise the security of any other Internet user or network is prohibited. This includes, but is not limited to, port scans, "root" compromise attempts, IRC-related incidents (k-lines), and tools such as Back Orifice or other "exploits" designed for such purposes.' -----Original Message----- From: Harlan S. Barney, Jr. [mailto:hsbarney () NYCAP RR COM] Sent: Tuesday, September 19, 2000 7:10 AM To: INCIDENTS () SECURITYFOCUS COM Subject: No one wants responsibility A few days ago, I received a reply to an intrusion attempt report that I sent to a Canadian ISP. He did not want any more reports (I have sent two) as he did not have time and did not care about what his clients did. In browsing through the RR web pages I found that their AUP no longer contains any reference to hacking, cracking or other intrusions. Another report to a Korean bounced back. They post a contact e-mail address, but then never read their mail.
Current thread:
- No one wants responsibility Harlan S. Barney, Jr. (Sep 19)
- Re: No one wants responsibility UnixGeek (Sep 20)
- Re: No one wants responsibility Terje Bless (Sep 21)
- A port scan is not an Incident (was No one wants responsibility) Etaoin Shrdlu (Sep 20)
- Re: A port scan is not an Incident (was No one wants responsibility) Rob McCauley (Sep 21)
- Re: A port scan is not an Incident (was No one wants responsibility) David Brumley (Sep 21)
- <Possible follow-ups>
- Re: No one wants responsibility Guilherme Mesquita (Sep 20)
- Re: No one wants responsibility Paul Franson (Sep 20)
- Re: No one wants responsibility Craven, William (Sep 20)
- Re: No one wants responsibility Laumann, Dave (Sep 21)
- Re: No one wants responsibility UnixGeek (Sep 20)