When the procedures dictate that government agencies get involved at certain
points
and you notify them of the outage or problem, what other steps do you
recommend?
Operational entities are not, in most cases, law enforcement agencies.
There is a limit to
how much notification one should undertake in these situations.
thanks. /m.
> -----Original Message-----
> From: Dawson, Peter D [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, May 23, 2000 3:22 PM
> To: IETF general mailing list
> Subject: RE: Should IETF do more to fight computer crime?
>
>
> >On Tue, 23 May 2000 18:27:41 -0000, "Dawson, Peter D"
> ><[EMAIL PROTECTED]> said:
> >> True, but only the origin of packets are determined. What is
> >needed is
> >> a code of ethics between ISPs , to share information.
> >> i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
> >> very rarely would isp1 be willing to disclose to isp2,...
> >> which (user) is leased that specific dynamic ip address.
> >
> >Note that many providers may be legally bound to not give any more
> >information than "Yeah, that's one of our IP addresses". I know we
> >have a lot of issues regarding privacy laws due to the fact that we're
> >an agency of the Commonwealth of Virginia. If we find that one of our
> >students has been naughty, about all we can say to people outside is
> >that we're aware of it and that action is being taken as per
> >our procedures.
> >--
>
> lets say a non-student was naughty and was attacking the vt.edu network...
> would you feel satisfied with the answer.. "we're aware of it and that
> action is being taken as per our procedures".... knowing fully well that
> the outage costs is running into a couple of millions on a single site ??
> /pd
