amazonaws.com?

Luke S Crawford lsc at prgmr.com
Thu May 29 20:38:14 UTC 2008


Peter Beckman <beckman at angryox.com> writes:
...snip "use snort" suggestion....

>   This is what I think we should ALL be doing -- monitoring our own network
>   to make sure we aren't the source, via customers, of the spam or DOS
>   attacks.  All outbound email from your own network should be scanned by
>   some sort of best-practice system before delivery to prevent or limit spam
>   from originating on your network.  IMO.
>   But let's be realistic -- the reality is that not everyone does, due to
>   financial or resource or management constraints

I believe that in the case of a VPS provider like ec2,  monitoring outgoing
traffic with an IDS is cheaper than not monitoring it. 

Abuse reports are expensive to process.  You need people with both
social and technical skills on your end, people with social and technical
skills who are willing to do what amounts to technical support.  Often the 
abuse reports are vague, requiring back-and-fourth.  Even if your IDS only 
catches a small percentage  of the abuse-generating complaints (and I bet 
the IDS can get a large percentage of the complaint-generating abuse-
it takes a lot of abuse to generate a complaint)  you are saving
a lot of money on abuse desk services.  Heck, I bet just the ability
to search IDS logs after a abuse report would pay for the IDS.





More information about the NANOG mailing list