Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!sdd.hp.com!spool.mu.edu!uunet!indetech!cirrus!dhesi
From: dhesi@cirrus.com (Rahul Dhesi)
Newsgroups: comp.admin.policy
Subject: Re: RFC on my "abuse"
Message-ID: <1991Jun27.163224.29818@cirrus.com>
Date: 27 Jun 91 16:32:24 GMT
References: <1991Jun25.213406.18977@cis.ohio-state.edu> <25.Jun.91.180934.68@cogsci.cog.jhu.edu> <1991Jun26.043640.19539@ms.uky.edu>, 	<1991Jun26.052725.14920@mp.cs.niu.edu> <kcO9qa200j5u82ov5U@andrew.cmu.edu>
Sender: news@cirrus.com
Organization: Cirrus Logic Inc.
Lines: 21

Disabling the account in this case was probably overkill.  An email
message or phone call would have been better.

However, in the past I have had occasion to disable a student account,
and the reason then was not malice:  It was to preserve evidence until
the student's side of the story was heard and everything could be
investigated.  This seems about as fair as you can get.  As soon as the
student gets in touch with the sysadmin, they can both consider what he
was actually doing, and if it proves to be innocuous, the acount can be
re-enabled with (hopefully) no lasting negative effect on anybody.

If the student *was* doing something truly malicious, and if serious
action is needed, then it is important that the state of the student's
account be preserved, so that any incriminating evidence isn't lost
before the investigation is complete.

But to disable an account for some ftp attempts over one quiet weekend
seems excessively paranoid to me.
-- 
Rahul Dhesi <dhesi@cirrus.COM>
UUCP:  oliveb!cirrusl!dhesi