Skip navigation. The dot net.


Network Abuse

OTS takes a direct and immediate interest in protecting the operational integrity of the network, and the ability of the user community to use the network. Any activity at a THEnet subscriber site which disrupts, or has the potential to disrupt, THEnet/Internet communications must be traced to its source and remedial action must be taken.

Often this involves identifying a compromised computer system that is being controlled by a virus, trojan horse, root kit, or other rogue process. Such a computer system will generally be locatable by its IP address, and must be disconnected from the network. Typically OTS will have become aware of the compromised computer system from intrusion detection reports, and will notify contact persons at the THEnet subscriber site.

The virus, trojan horse, root kit, or other rogue process must be removed. In most cases removal requires that the computer system be rebuilt. Rebuilding a computer system generally entails formatting the disk, re-installing the operating system and applications from the original distribution media (generally CD or DVD), and then downloading all updates for the operating system and applications. Once the computer system has been rebuilt, effective security measures must be introduced. Such measures include an anti-virus application as well as software firewalling to prevent unauthorized inbound connections. Firewall functionality is commonly available in recent versions of computer operating systems. It is critically important that updates to the operating system and applications (especially the anti-virus application) be downloaded and installed whenever such updates are available. Downloading these updates can generally be set to happen automatically.

In any case where a computer system is repeatedly observed to be compromised, OTS may ask the THEnet subscriber to state whether it has rebuilt the system in question, and whether appropriate security measures have been introduced. In extreme or intractable cases, OTS may withdraw Internet access for a given IP address or even for the entire subscriber site. The latter action would generally be taken only in the event that one or more compromised systems posed an on-going threat to Internet service at other institutions. In such a case, OTS would make every reasonable effort to contact staff at the subscriber site, via e-mail and telephone, before shutting Internet access to the site.

IP Spoofed Address Denial of Service (DoS) Attacks

OTS requires that THEnet subscribers configure their router(s) in such a way as to prevent their site's participation in so-called 'smurf' and other IP spoofed address attacks on other Internet sites.

The intended result of this policy is 1) to prevent a smurf attack or other IP spoofed address attack from originating at a THEnet subscriber site, and 2) to prevent the use of a THEnet subscriber as an intermediary 'amplifier' site.


Transmission of unsolicited bulk email (spam) by a THEnet subscriber is strictly prohibited, including the maintenance by a THEnet subscriber of 'open relay' systems permitting such transmission by third parties. Additionally, a THEnet subscriber may not host a network service (web-based or other) that is advertised in unsolicited bulk email, even though such email originates in other networks. Repeated infractions of this 'spam' policy will be considered as grounds for termination of THEnet service.

Resale of THEnet Connectivity

The resale of THEnet/Internet access by any THEnet subscriber is prohibited.