On Mon, Aug 29, 2016 at 12:47 PM, Steve Atkins <st...@blighty.com> wrote: > Unless your abuse / security desk is staffed by > lawyers it's probably better to avoid words like > "criminal" and "unlawfully" altogether
Not really an ambiguous situation IMHO, but whatever floats your boat. Bear in mind, though, that if you reasonably suspect your company is caught up in a specific violation of the law and you fail to validate and/or end the violation, your inaction brings liability on the company. Even though you're not a lawyer. That's true from the highest executive to the lowest janitor. > and stick to "in violation of our ToS". This I would avoid. A ToS is a contract. Contracts are open to negotiation. The law is not. If you don't want to say "unlawfully attack," then stop at "attack." On Mon, Aug 29, 2016 at 1:04 PM, Laszlo Hanyecz <las...@heliacal.net> wrote: > I know this is against the popular religion here but how is this abuse on > the part of your customer? Google, Level3 and many others also run open > resolvers, because they're useful services. This is why we can't have nice > things. Google mitigates the attack vector with rate limiting through custom software. I would venture a guess that Jason's customer is not that sophisticated. Regards, Bill Herrin -- William Herrin ................ her...@dirtside.com b...@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
