[unisog] When is traffic 'abuse'?
flynngn at jmu.edu
Fri Jul 27 16:44:19 GMT 2001
"Harris, Michael C." wrote:
> A host sent a message to our abuse line including FTP logs that we were
> intruding upon his host. in reading the logs he sent, it seems it was an
> anonymous ftp site, and he was complaining because one of out users tried to
> write a file to pub incoming.
1. We had someone complain because someone was posting off-topic messages
to an unauthenticated, non-access controlled web based discussion group.
2. We had another complaint from a site that pays for web hits after
someone scripted the process.
3. Inappropriate use of an email mailbox normally open to the public
is referred to as SPAM.
Except for gross denial of service attacks, SPAM, and system compromises,
connected services. Or at least none I'm aware of. Publishers are at
the mercy of the appropriate use policies and enforcement procedures
of the ISP or country of origin.
If a person proclaims on a network accessible web server that it
is only for a select group of users without including any access
controls to enforce it, are there any legal grounds to pursue
complaints? (Related question 1: How does this change if access
controls are implemented but: (a) not suitable for the task
(b) poorly implemented or (c) buggy. We start getting into
statement that says automated tools may not be used to access it?
Or that the files available for download on the site are only to
be accessed from the site's navigation features and not directly
to the URLs? Or via links to those URL's from other sites?
Can I connect a computer to a network and say that I don't want it
to be subject to non-ARP broadcast traffic, netbios name requests,
ident(auth) requests, or pings? What about server locators for
audio file servers, JetDirect printer SNMP requests, or PCAnywhere
broadcasts? Network discovery tools? Many types of packets will go
up the stack of an individual's computer. What packets constitute
harassment? What intentions are allowed? Solicitation? Discovery?
Is freedom to send packets protected under the first amendment? :)
As to the original complaint of a periodic ping there are no
policies to address this and it is a policy issue. Maybe its like
a motion detector in your yard going off because somebody
occasionally purposely or carelessly steps into the grass.
Or maybe its like someone you don't know or like walking by
occasionally and sticking out their tongue. How hard is the
recipient willing to pursue the case? What's it worth?
The network, to a large degree, mirrors society.
Security Engineer - Technical Services
James Madison University
More information about the unisog