[105428] in North American Network Operators' Group
Re: EC2 and GAE means end of ip address reputation industry? (Re:
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Jun 23 12:56:24 2008
To: William Herrin <herrin-nanog@dirtside.com>
In-Reply-To: Your message of "Mon, 23 Jun 2008 11:38:16 EDT."
<3c3e3fca0806230838p245ca697pea1bc6aa02f2c593@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 23 Jun 2008 12:55:03 -0400
Cc: Paul Vixie <vixie@isc.org>, nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1214240103_2988P
Content-Type: text/plain; charset=us-ascii
On Mon, 23 Jun 2008 11:38:16 EDT, William Herrin said:
> Concur. From an address-reputation perspective EC2 is no different
> than, say, China. Connections from China start life much closer to my
> filtering threshold that connections from Europe because a far lower
> percentage of the connections from China are legitimate. EC2 will get
> the same treatment. As that starts to impact Amazon's ability to
> maintain and grow the service, they'll do something about it. Or let
> it wither. Either way, address reputation solves my problem.
No, it only solves your problem *if* you can compute a trustable reputation for
each address. For instance, "connections from China" loses if another /12
shows up in the routing table and isn't correctly tagged as "China". And
this fails the other way too - I remember a *lot* of providers were blocking
a /8 or so because it was "China", and didn't know that a chunk of that /8
was in fact Australia. Similarly, you lose if EC2 deploys another /16 and
you don't pick up on it.
There's a *reason* that Marcus Ranum listed "Trying to enumerate badness"
as one of the 6 stupidest ideas in computer security....
--==_Exmh_1214240103_2988P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFIX9VncC3lWbTT17ARAmrSAKDtFEyHv70Mjih6rOi/hL5ZnEsI6ACeMsSe
OCBrdhQ0dqIGkbT0V6R9w+E=
=JCAQ
-----END PGP SIGNATURE-----
--==_Exmh_1214240103_2988P--
