On Mon, Aug 29, 2016 at 12:47 PM, Steve Atkins <steve@blighty.com> wrote:
Unless your abuse / security desk is staffed by lawyers it's probably better to avoid words like "criminal" and "unlawfully" altogether
Not really an ambiguous situation IMHO, but whatever floats your boat. Bear in mind, though, that if you reasonably suspect your company is caught up in a specific violation of the law and you fail to validate and/or end the violation, your inaction brings liability on the company. Even though you're not a lawyer. That's true from the highest executive to the lowest janitor.
and stick to "in violation of our ToS".
This I would avoid. A ToS is a contract. Contracts are open to negotiation. The law is not. If you don't want to say "unlawfully attack," then stop at "attack." On Mon, Aug 29, 2016 at 1:04 PM, Laszlo Hanyecz <laszlo@heliacal.net> wrote:
I know this is against the popular religion here but how is this abuse on the part of your customer? Google, Level3 and many others also run open resolvers, because they're useful services. This is why we can't have nice things.
Google mitigates the attack vector with rate limiting through custom software. I would venture a guess that Jason's customer is not that sophisticated. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>