Re: Handling of Abuse Complaints

[William Herrin <bill () herrin us>]

On Mon, Aug 29, 2016 at 12:47 PM, Steve Atkins <steve () blighty com> wrote:
> Unless your abuse / security desk is staffed by
> lawyers it's probably better to avoid words like
> "criminal" and "unlawfully" altogether

Not really an ambiguous situation IMHO, but whatever floats your boat.

Bear in mind, though, that if you reasonably suspect your company is
caught up in a specific violation of the law and you fail to validate
and/or end the violation, your inaction brings liability on the
company. Even though you're not a lawyer.

That's true from the highest executive to the lowest janitor.


> and stick to "in violation of our ToS".

This I would avoid. A ToS is a contract. Contracts are open to
negotiation. The law is not. If you don't want to say "unlawfully
attack," then stop at "attack."


On Mon, Aug 29, 2016 at 1:04 PM, Laszlo Hanyecz <laszlo () heliacal net> wrote:
> I know this is against the popular religion here but how is this abuse on
> the part of your customer?  Google, Level3 and many others also run open
> resolvers, because they're useful services. This is why we can't have nice
> things.

Google mitigates the attack vector with rate limiting through custom
software. I would venture a guess that Jason's customer is not that
sophisticated.

Regards,
Bill Herrin





-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>