>Just to side-track this thread a little - I just received a call from
>someone in California, who said that one of our local dialup Internet
>customers was hacking his system! We determined who the customer was, but
>the problem is, what should our next step be? There are no local laws
>regarding hacking. Simply disabling the dialup account might open ourselves
>up to a lawsuit from the customer, particularly as we are the only providers
>of Internet service on the island (Grenada, West Indies).
Well, at that point you simply refer to your acceptable use policy which
the customer agreed to when they signed up, and look up the punishment
(if any) for such activity.
I am, of course, being a bit faceitious... Based on your question, you
don't have one.. yet. Obviously, you need one for just such an emergency.
At this point, you write one, and inform the user that you're written one,
based on his actions. Tell the user to consider this their warning. If your
policy calls for termination of service, then next time cut the account.
And if you decline to have such a policy... and it's trult not against the
law to hack from there.... heck, I bet you could sell lots of shell accounts.
How are the privacy and extradition laws there? :)
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
