RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]

["Frank Bulk - iNAME" <frnkblk () iname com>]

Source IP blocking makes up a large portion of today's spam arrest approach,
so we shouldn't discount the CPU benefits of that approach too quickly.  

I'm not sure where today's technology is in regards for caching the first 1
to 10kB of a session....once enough information is garnered to block, issue
TCP RSETs.  If it's good, free the contents of the cache.

Frank

-----Original Message-----
From: christopher.morrow () gmail com [mailto:christopher.morrow () gmail com] On
Behalf Of Christopher Morrow
Sent: Monday, June 23, 2008 10:45 PM
To: frnkblk () iname com
Cc: Ken Simpson; nanog () nanog org
Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address
reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]

On Mon, Jun 23, 2008 at 10:31 PM, Frank Bulk - iNAME <frnkblk () iname com>
wrote:
> Ken:
>
> Thanks for the info, but that still requires the domain owner to change
> their MX records.  I was wondering if there was something that could
> literally be placed in the flow of traffic, like an FWSM in transparent
> mode.

That probably depends a lot on the topology in question... Doing it on
'ethernet' is far different from doing it on T1 over ATM or
channelized oc-48... A Checkpoint FW can do this sort of thing with a
'security server' (though performance is certainly a question...).

I think you're also always stuck in a store-and-forward mode so 'on
the wire' isn't really helpful for SMTP, often you can't make a
decision about an email without getting a large portion of it down, so
snuffing connections mid-stream isn't going to help your email infra
very much :(

-Chris

> Frank
>
> -----Original Message-----
> From: Ken Simpson [mailto:ksimpson () mailchannels com]
> Sent: Monday, June 23, 2008 5:23 PM
> To: nanog () nanog org
> Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip
> addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
>
> > On Mon, Jun 23, 2008 at 6:01 PM, Frank Bulk - iNAME <frnkblk at
> > iname.com> wrote:
> > > Is there a vendor that makes a product that perform spam/malware
> > > filtering literally in the network, i.e. as a service provider,
> > > can I provide spam filtering for the enterprises in my customer
> > > base by adding a piece of network gear?  I'm not aware of one
> > > today except those who provide enterprise-oriented gateways like
> > > SonicWall.
> >
> > Symantec Mail Security / Turntide
> > Mailchannels Traffic Control
> >
> > --srs
>
> BTW, we CAN do "in the cloud" email traffic shaping - on EC2,
> ironically. But also on your own equipment if that's your preference.
>
> Regards,
> Ken
>
> --
> Ken Simpson
> CEO
>
> MailChannels - Reliable Email Delivery
> http://mailchannels.com
> 604 685 7488 tel