amazonaws.com?

Suresh Ramasubramanian ops.lists at gmail.com
Mon May 26 16:13:12 UTC 2008


On Mon, May 26, 2008 at 1:28 PM, Colin Alston <karnaugh at karnaugh.za.net> wrote:
> Much like any large datacenter or hosting provider it is not feasible to
> police every packet in and out of the network, I assume "The World" has lots

Not a question of packet policing as much as having sufficient
controls in place to get rid of card fraud, regular audits etc .. and
THEN looking for obvious signs of abuse, proactively (inbound and
outbound traffic flow analysis, passive dns checks and a whole host of
other things that are possible).

The second thing is, of course, having an active abuse desk, but by
the time an abuse desk gets around to reading and responding to the
complaint, the damage is done (1 business day is a very good
turnaround indeed, at shops rather larger than world.std.com).

> (unless you have evidence to suggest the contrary). As a corollary to this I
> was simply noting that their terms do not include the ability to SMTP at all
> and as such the ranges are left in any blacklists they might fall into. You

With respect, in such cases, amazon is better off firewalling outbound
port 25 (or indeed, outbound anything at all) for accounts that dont
specifically ask for it.  Quite a lot of EC2 compute time is for
number crunching and such - not just hosting, or email, or ..

srs




More information about the NANOG mailing list