Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]

[Joel Jaeggli <joelja () bogus com>]

Frank Bulk wrote:
> Thanks.  Even with TLS, the destination port (either 25 or 365) is
> well-known, right, as is the source IP? 

And 587 though that's generally your customers, who are going authenticate.

> At the minimum RBLs could be used
> for that encrypted traffic.  

Yeah, given that that point you're basically filtering by ip again, you 
can do that with a bgp community. That's not really smtp filtering anymore.

> Frank 
>
> -----Original Message-----
> From: Joel Jaeggli [mailto:joelja () bogus com] 
> Sent: Monday, June 23, 2008 2:20 PM
> To: frnkblk () iname com
> Cc: nanog () merit edu
> Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address
> reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
>
> <snip>
>
> dpi boxes from a number of vendors can do that sort of thing... whether
> they can do it fast enough to be inline with your compute cloud is
> another question entirely.
>
> That said the result is fairly perilous when rejecting a message
> involves forging packets. and of course tls supporting mta's will be
> opaque to the network traffic inspecting device.