On Tue, 20 Jul 1999, Brian Steele wrote:
> Just to side-track this thread a little - I just received a call from
> someone in California, who said that one of our local dialup Internet
> customers was hacking his system! We determined who the customer was, but
> the problem is, what should our next step be? There are no local laws
> regarding hacking. Simply disabling the dialup account might open ourselves
> up to a lawsuit from the customer, particularly as we are the only providers
> of Internet service on the island (Grenada, West Indies).
I can see that this can be a problem -- but it can also be an opportunity.
The downside is that you're in the middle, between an unhappy third party and
a customer, and some of your possible choices will make nobody happy.
The upside, though, is that you have a relationship with the customer and
probably more technical knowledge than they do; this is as much an
*opportunity* as a problem.
Consider three basic scenarios:
1. Your customer is using your network to scan/probe/attack others. Now
that you've been notified, he may be incurring liability on behalf of your
business. The sooner you can eliminate that risk, the better for the long-
term viability of your business.
2. Your customer may be scrupulous, but an employee or family member may be
abusing their account. This is similar to #1 above, except that you may be
able to reduce/eliminate the risk WITHOUT terminating the account.
3. Your customer's machine may have been compromised from elsewhere. Here's
an oportunity for you to notify the customer of a problem with their sysem,
and supply the experteise to help them correct and secure it.
When we report a problem to an ISP, we do not insist that terminating the
account is their only option. We request them to (a) investigate, and (b)
take steps (as they deem appropriate in the context of their relationship
with the customer...) to assure that the incident will not be repated.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
