nanog mailing list archives
Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)
From: Nathan Ward <nanog () daork net>
Date: Mon, 23 Jun 2008 17:41:07 +1200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/06/2008, at 4:17 AM, Paul Vixie wrote:
as randy bush often says, "it's just business." amazon has solid business reasons for creating EC2 and there's no way it could be profitable if they can't scale the user base, and there's no way to scale the user base if they have to police it at the application or "intent" level. so, i'm not whining, just pointing out that this is a sea change, the end of an era.
Seems to me that blocking outgoing messages to 22/TCP should be easy enough. I'm sure there's some convoluted case where might be needed, but my guess is that losing those few customers would be worth the return in "trust". Not that the case where this is legitimate is very small - we're talking about a web app connecting to SSH servers that are outside the administrative control of the owner of the web app, as if they were in the same administrative control it would be trivial to run it on alternative ports.
Same goes for SMTP, but provide mail relays that let you send messages only from domains you have registered with EC2 - should be easy enough to validate ownership - scan whois for email addresses, and send them "Person X has asked to send mail from this domain, please pass this message on to them. $verification_url".
Sure there's other bad things that people are going to use this service for, but these seem to be the obvious ones that are easy to limit without big disruptions.
Do 'normal' web hosting providers allow customer created scripts to create TCP sessions out to arbitrary things?
- -- Nathan Ward -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEVAwUBSF83c6hXB4ariYS3AQIBzAgAqiWxzvBjTfjzuf1GyE+PM9doF2S11d94 eKlWGeSjzqob2onSYbm46ffUNTkLQdwkt/jKRDS9eIk7nR7/5OWH9Mg9xkBR5uyu KndZyJgToHSA50TcpCjop3EXACjnufod7ZxTW0PZgVjAYU8cD7qfvXEBzcNuBxKH nZfe0gRuNL/swcArseXUxkL1Sf0qPRykc5nJOPQ0LHcjdoyZoAKlCqPerFVYjldz lOcTFtWMbBDNAUxAy2/ue2hv+K8VGMjC4JPGFdpFqDcumex86sagRJBcA8VbGY25 RkgPdLG41AUDtTGwuAnC3BQclsBcwlZRp4l/DDQYl+CVfPfU9+kuDw== =m6z6 -----END PGP SIGNATURE-----
Current thread:
- Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)], (continued)
- Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Suresh Ramasubramanian (Jun 23)
- RE: Cloud service [was: RE: EC2 and GAE means end of ip addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Tomas L. Byrnes (Jun 23)
- Re: Cloud service [was: RE: EC2 and GAE means end of ip addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Suresh Ramasubramanian (Jun 23)
- Re: Cloud service [was: RE: EC2 and GAE means end of ip addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Adrian Chadd (Jun 23)
- RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Frank Bulk (Jun 23)
- Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Joel Jaeggli (Jun 23)
- RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Frank Bulk (Jun 23)
- Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Joel Jaeggli (Jun 23)
- RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Frank Bulk - iNAME (Jun 23)
- Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Joel Jaeggli (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Nathan Ward (Jun 22)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Brandon Galbraith (Jun 22)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Stephen Satchell (Jun 22)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Nathan Ward (Jun 22)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Eliot Lear (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Paul Vixie (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Patrick Giagnocavo (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Suresh Ramasubramanian (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Colin Alston (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Paul Vixie (Jun 23)
- RE: EC2 and GAE means end of ip address reputation industry? (Re:Intrustion attempts from Amazon EC2 IPs) Tomas L. Byrnes (Jun 23)