[107905] in North American Network Operators' Group
Re: Atrivo/Intercage: Now Only 1 Upstream
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed Sep 17 14:54:41 2008
Date: Wed, 17 Sep 2008 14:41:23 -0400
From: "Christopher Morrow" <morrowc.lists@gmail.com>
To: "David Ulevitch" <davidu@everydns.net>
In-Reply-To: <48D13F11.6050600@everydns.net>
Cc: Skywing <Skywing@valhallalegends.com>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Wed, Sep 17, 2008 at 1:32 PM, David Ulevitch <davidu@everydns.net> wrote:
> Christopher Morrow wrote:
>
>> How about providing some open-source intelligence in a centralized and
>> machine-parsable fashion (perhaps with community input of intel even)
>> which would allow better decsions to be made?
>
> Reputation based on src_addr is /so/ 2005. ASN has a few more legs
> perhaps... but...
>
> All the growth in Internet-connected compute clouds (EC2, AppNexus, GoGrid,
> etc.) makes any system based around IP reputation decidedly less useful.
>
there is more than 'srcip' you can use to judge reputation on... if
you have something 'not a router' you can even implement other
options... Adding things like ttl's to the entries, sliding the
reputation on that as well. It's not just 'src ip'. ASN is a really
big hammer....
> At the end of the day, nobody is going to drop packets for amazon's IP
> space.
>
nope, but amazon can/may-be-able-to do some protections on their side,
or individuals could choose to block bits/pieces of amazon, and they
have already.
> -David
>
>
