nanog mailing list archives

Re: amazonaws.com?

From: Ian Mason <nanog () ian co uk>
Date: Fri, 30 May 2008 00:51:21 +0100


On 27 May 2008, at 16:33, Robert Bonomi wrote:

From nanog-bounces () nanog org  Mon May 26 21:16:58 2008
Date: Tue, 27 May 2008 07:46:26 +0530
From: "Suresh Ramasubramanian" <ops.lists () gmail com>
To: "Colin Alston" <karnaugh () karnaugh za net>
Subject: Re: amazonaws.com?
Cc: nanog () merit edu
On Tue, May 27, 2008 at 1:10 AM, Colin Alston<karnaugh () karnaugh za net> wrote:
On 26/05/2008 18:13 Suresh Ramasubramanian wrote:
I didnt actually, Bonomi did .. but going on ..
Mis-credit where mis-credit isn't due ...  Twasn't me, either.  <grin>
I just commented that I couldn't think of a reason for a _compute_cluster toneed access to unlimited remote machines/ports. And that it could'trivially'be made an _automatic_ part of the 'compute session' config -- toallow access
to a laundry-list of ports/machines, and those ports/machines -only-.
If Amazon were a 'good neighbor', they _would_ implement somethinglike this.That they see no need to do _anything_ -- when _actual_ problems,which aredirectly attributable to their failure to do so, have been broughtto theirattention -- does argue in favor of wholesale firewalling of theEC2 address-
space.
If the address-space owner won't police it's own property, there isno reasonfor the rest of the world to spend the time/effort to _selectively_police it
for them.
Amazon _might_ 'get a clue' if enough providers walled off the EC2space, andthey found difficulty selling cycles to people who couldn't accessthe machines
to set up their compute applications.


This is a classic example of externalities in the economics of security.

Currently, any damage caused by Amazon customers costs Amazon littleor nothing. Thecosts are borne by the victims of that damage. On the other handmitigating thisdamage would cause Amazon costs, in engineering and lost revenue. Soin economic

terms they have no incentive to 'do the right thing'.

So to get Amazon to police their customers either requires regulationor an externaleconomic pressure. Blocking AWS from folk's mail servers would applysome pressure,making areas of the net go dark to AWS would apply more pressurefaster. A considerableamount of pressure could be placed by a big enough money damageslawsuit but that has

a feedback delay of months to years.

Current thread:

Re: amazonaws.com?, (continued)
- - - Message not available
    - Re: amazonaws.com? Barry Shein (May 26)
    - Re: amazonaws.com? Colin Alston (May 26)
    - Re: amazonaws.com? Suresh Ramasubramanian (May 26)
    - Re: amazonaws.com? Colin Alston (May 26)
    - Re: amazonaws.com? Suresh Ramasubramanian (May 26)
    - Re: amazonaws.com? Dorn Hetzel (May 26)
- Re: amazonaws.com? Suresh Ramasubramanian (May 23)
- Re: amazonaws.com? Robert Bonomi (May 26)
- Re: amazonaws.com? Robert Bonomi (May 27)
  - RE: amazonaws.com? michael.dillon (May 27)
  - Re: amazonaws.com? Ian Mason (May 29)
    - Re: amazonaws.com? Paul Vixie (May 29)
    - RE: amazonaws.com? michael.dillon (May 30)
- RE: amazonaws.com? Robert Bonomi (May 27)
  - Re: amazonaws.com? Colin Alston (May 27)
  - RE: amazonaws.com? michael.dillon (May 27)
    - RE: amazonaws.com? Tony Finch (May 28)
    - RE: amazonaws.com? michael.dillon (May 28)
    - RE: amazonaws.com? Tony Finch (May 28)
    - Re: amazonaws.com? Sargun Dhillon (May 28)
    - Re: amazonaws.com? Steve Atkins (May 28)

(Thread continues...)