amazonaws.com?

Robert Bonomi bonomi at mail.r-bonomi.com
Mon May 26 16:38:47 UTC 2008


> From: "Suresh Ramasubramanian" <ops.lists at gmail.com>
> Subject: Re: amazonaws.com?
>
> On Mon, May 26, 2008 at 1:28 PM, Colin Alston <karnaugh at karnaugh.za.net> 
> wrote:

[[.. sneck  ..]]

> With respect, in such cases, amazon is better off firewalling outbound
> port 25 (or indeed, outbound anything at all) for accounts that dont
> specifically ask for it.  Quite a lot of EC2 compute time is for
> number crunching and such - not just hosting, or email, or ..

I'm hard-pressed to think of a single letigimate use for a _compute_ cluster
that requires outgoing access to more than a handful (i.e. an _itemizable_ 
list) of machines. 

Am I missing something obvious?

If not, such a "block all outgoing, except for listed exceptions" policy 
could be 'trivially' implemented with an extra list field on the sign-up 
form, coupled with automated transformation into firewall rules.








More information about the NANOG mailing list