[104749] in North American Network Operators' Group
Re: amazonaws.com?
daemon@ATHENA.MIT.EDU (Robert Bonomi)
Mon May 26 12:38:58 2008
Date: Mon, 26 May 2008 11:38:47 -0500 (CDT)
From: Robert Bonomi <bonomi@mail.r-bonomi.com>
To: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
> From: "Suresh Ramasubramanian" <ops.lists@gmail.com>
> Subject: Re: amazonaws.com?
>
> On Mon, May 26, 2008 at 1:28 PM, Colin Alston <karnaugh@karnaugh.za.net>
> wrote:
[[.. sneck ..]]
> With respect, in such cases, amazon is better off firewalling outbound
> port 25 (or indeed, outbound anything at all) for accounts that dont
> specifically ask for it. Quite a lot of EC2 compute time is for
> number crunching and such - not just hosting, or email, or ..
I'm hard-pressed to think of a single letigimate use for a _compute_ cluster
that requires outgoing access to more than a handful (i.e. an _itemizable_
list) of machines.
Am I missing something obvious?
If not, such a "block all outgoing, except for listed exceptions" policy
could be 'trivially' implemented with an extra list field on the sign-up
form, coupled with automated transformation into firewall rules.
