Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
Joel Jaeggli
joelja at bogus.com
Mon Jun 23 21:06:23 UTC 2008
Frank Bulk wrote:
> Thanks. Even with TLS, the destination port (either 25 or 365) is
> well-known, right, as is the source IP?
And 587 though that's generally your customers, who are going authenticate.
> At the minimum RBLs could be used
> for that encrypted traffic.
Yeah, given that that point you're basically filtering by ip again, you
can do that with a bgp community. That's not really smtp filtering anymore.
> Frank
>
> -----Original Message-----
> From: Joel Jaeggli [mailto:joelja at bogus.com]
> Sent: Monday, June 23, 2008 2:20 PM
> To: frnkblk at iname.com
> Cc: nanog at merit.edu
> Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address
> reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
>
> <snip>
>
> dpi boxes from a number of vendors can do that sort of thing... whether
> they can do it fast enough to be inline with your compute cloud is
> another question entirely.
>
> That said the result is fairly perilous when rejecting a message
> involves forging packets. and of course tls supporting mta's will be
> opaque to the network traffic inspecting device.
>
>
More information about the NANOG
mailing list