We have a facility where we host several customers web sites. If we
recognize that someone is repeatedly, but unsuccessfully, trying to
atack one of the sites, do we take on any legal liability by NOT
pursuing the attacker and trying to shut them down?
We have agreements with our customers about how and when we notify them
that an attack has occurred and that is not really part of my question.
An analogy was drawn to a court case in Ohio somewhere in which a person
had posted a sign stating "beware of biting dog". Of course, someone got
bit and sued. The dog owner lost the case because he was aware of the
biting dog and hadn't taken -enough- precautions whereas a lazy owner
without the sign could have pleaded ignorance.
I have no idea as to the accuracy of that story and certainly believe we
have an obligation to provide site security, but I'm developing a lot of
concerns about what we do or don't do as part of our response. Any
Description: S/MIME Cryptographic Signature