[105441] in North American Network Operators' Group
Re: Cloud service [was: RE: EC2 and GAE means end of ip
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Mon Jun 23 17:07:21 2008
Date: Mon, 23 Jun 2008 14:06:23 -0700
From: Joel Jaeggli <joelja@bogus.com>
To: frnkblk@iname.com
In-Reply-To: <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAAARqHu3MDtfTrUiP+y61e0MAQAAAAA=@iname.com>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
Frank Bulk wrote:
> Thanks. Even with TLS, the destination port (either 25 or 365) is
> well-known, right, as is the source IP?
And 587 though that's generally your customers, who are going authenticate.
> At the minimum RBLs could be used
> for that encrypted traffic.
Yeah, given that that point you're basically filtering by ip again, you
can do that with a bgp community. That's not really smtp filtering anymore.
> Frank
>
> -----Original Message-----
> From: Joel Jaeggli [mailto:joelja@bogus.com]
> Sent: Monday, June 23, 2008 2:20 PM
> To: frnkblk@iname.com
> Cc: nanog@merit.edu
> Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address
> reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
>
> <snip>
>
> dpi boxes from a number of vendors can do that sort of thing... whether
> they can do it fast enough to be inline with your compute cloud is
> another question entirely.
>
> That said the result is fairly perilous when rejecting a message
> involves forging packets. and of course tls supporting mta's will be
> opaque to the network traffic inspecting device.
>
>
