Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uwm.edu!lll-winken!taco!SEWARD@CCVAX1.NCSU.EDU
From: seward@CCVAX1.NCSU.EDU (Bill Seward)
Newsgroups: comp.admin.policy
Subject: Re: RFC on my "abuse"
Message-ID: <0094AA7D.1BDED780@CCVAX1.NCSU.EDU>
Date: 25 Jun 91 17:58:06 GMT
References: <1991Jun25.154257.7452@m.cs.uiuc.edu>
Sender: news@ncsu.edu (USENET News System)
Reply-To: seward@CCVAX1.NCSU.EDU (Bill Seward)
Organization: North Carolina State University
Lines: 40

In article <1991Jun25.154257.7452@m.cs.uiuc.edu>, jjones@cs.uiuc.edu (Joel Jones) writes:

... details about testing for anonymous FTP sites deleted ...

>  Here's where the questions arise.  Would it have been better if he have sent 
>me email to stop doing this rather than suspending my account?  Should I have
>been using the network facilities at all?  At the time there had been no
>announcement from engineering computing services that off-site links were 
>available, but the general computing services people had.  Was this particular
>use an abuse of my privileges?  The written policy statement was not very
>specific about what constituted an overuse or abuse of computing resources. I
>knew from a friend that our link to the outside world (thru University of
>Arizona) was a leased line and there would be not incremental increase in costs
>due to my use of the network.  Does this make a difference?

Of course, this is all personal opinion.  Not having seen the written, public
policies at your site, I would say that you made a fair effort not to
overly tie up resources and to minimize costs to your institution.  However,
I would say that you showed questionable judgement in running this script.
Given how "hacker conscious" sites are these days, to me it seems obvious
that some site security folks would get upset by this.  I really think
it would have been a good idea to check with some one in systems for a) a
ready-made list of sites and b) is this a bright idea or what?

As far as the email vs. suspension of the account, I'd say that it is a
judgement call.  However, I am curious about why they didn't suspend it
the first time.  If I deemed it a serious enough offense to suspend an 
account, I'd do it the first time I noticed something "funny" not the
Nth time.

Did you actions in terms of complete explanation etc. make a difference?
Probably so.  I imagine that it made the impression that you weren't
out to break anyone's security, just curious and a bit lacking in judgment.


------------------------------------------------------------------------------
                               Bill Seward
        Cutaneous Pharmacology & Toxicology Center, NC State University
  SEWARD@NCSUVAX.BITNET                            SEWARD@CCVAX1.CC.NCSU.EDU 
------------------------------------------------------------------------------