![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)
From: Eliot Lear <lear () cisco com>
Date: Mon, 23 Jun 2008 09:02:04 +0200
Hi Paul,Let's go back to the case and point: Amazon is claimed not to behave as a good Netizen.[*] In these circumstances we have to ask why the traditional system doesn't work. This is precisely the case when you want to ding someone's reputation. Your argument that many good applications will be running to counterbalance the bad depends on whether those running the good applications will tolerate intermittent outages because the bad applications cause the sites to get blacklisted.
Also, let's remember that reputation means different things in different contexts. One could easily envision a cloud having a good web reputation and a lousy or at best neutral email reputation.[**] In addition, the risks of infection are also very different. In the web case, if a host connects to a known infected site, its risk of becoming infected is very high, compared to the risk of someone receiving an email message that points to spam. This means to me that end users who are protecting themselves with some sort of web reputation service are likely to guard against clouds and not quickly whitelist them.
But there's also the possibility for web reputation services to improve granularity above and beyond the IP address, but this depends on quite a number of things, such as whether SSL is used and where and how information is collected by the services.[***]
And so the question boils down to this: will Amazon and its ilk adapt to the current reputation services model or will it be the other way around? I think it will be both, but more the former than the latter.
Eliot [*] Not my claim.[**] Email reputation is commonly applied to messages and to TCP/25. For our purposes, although it's overly simplistic, let's view web reputation as everything else. [***] Self-signed certs are a clearly interesting area to consider when it comes to THEIR reputations. The same can be said for any X.509 CA that itself doesn't do a good job of confirming the identity of a requestor. I don't suggest that this should be a sole input or even a significant discriminator in and of itself, of course.
Current thread:
- RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)], (continued)
- RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Frank Bulk (Jun 23)
- Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Joel Jaeggli (Jun 23)
- RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Frank Bulk (Jun 23)
- Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Joel Jaeggli (Jun 23)
- RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Frank Bulk - iNAME (Jun 23)
- Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Joel Jaeggli (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Nathan Ward (Jun 22)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Brandon Galbraith (Jun 22)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Stephen Satchell (Jun 22)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Nathan Ward (Jun 22)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Eliot Lear (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Paul Vixie (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Patrick Giagnocavo (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Suresh Ramasubramanian (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Colin Alston (Jun 23)
- Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) Paul Vixie (Jun 23)
- RE: EC2 and GAE means end of ip address reputation industry? (Re:Intrustion attempts from Amazon EC2 IPs) Tomas L. Byrnes (Jun 23)