amazonaws.com?

Suresh Ramasubramanian ops.lists at gmail.com
Tue May 27 02:16:26 UTC 2008


On Tue, May 27, 2008 at 1:10 AM, Colin Alston <karnaugh at karnaugh.za.net> wrote:
> On 26/05/2008 18:13 Suresh Ramasubramanian wrote:
>>

I didnt actually, Bonomi did .. but going on ..

>> Quite a lot of EC2 compute time is for
>> number crunching and such - not just hosting, or email, or ..

>
> That's not actually true, the trend is towards thumbnail generation and
> video encoding dispatch for sites that use it, this requires getting the

[yes, that's right - twitter seems to be using it for example]

> Either way, limiting of ports is a direct and undeniable limiting of the
> capability of the product. A staggeringly large amount of my spam comes from
> DSL lines in eastern europe and such places, and yet for some reason I don't

You're at odds with a lot of best practice there.  This one for
example - http://www.maawg.org/port25

> I agree with abuse reports and active abuse desks but please, don't for one
> second expect me to believe you side with the idea that upstream providers
> and hosts should randomly firewall ports - since 90% of the time, as history
> has shown me, they screw it up.

I am sure that all the nanog regulars here who are / have been the
guys with enable on tier 1 networks routers (and run huge dialup/dsl
pools) will agree with that (!)

Port firewalling, especially port 25 firewalling, isnt - or rather
shouldnt be - random.  There are enough cookbook configs to just
blanket block port 25, and far more advanced configs (ask Chris Morrow
sometime about huge uunet dialup pools with radius filters to punch
holes for port 25 connectivity to different ISP smarthosts etc etc)

--srs
-- 
Suresh Ramasubramanian (ops.lists at gmail.com)




More information about the NANOG mailing list