EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)

Nathan Ward nanog at daork.net
Mon Jun 23 00:41:07 CDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 23/06/2008, at 4:17 AM, Paul Vixie wrote:
> as randy bush often says, "it's just business."  amazon has solid  
> business
> reasons for creating EC2 and there's no way it could be profitable  
> if they
> can't scale the user base, and there's no way to scale the user base  
> if
> they have to police it at the application or "intent" level.  so,  
> i'm not
> whining, just pointing out that this is a sea change, the end of an  
> era.

Seems to me that blocking outgoing messages to 22/TCP should be easy  
enough. I'm sure there's some convoluted case where might be needed,  
but my guess is that losing those few customers would be worth the  
return in "trust". Not that the case where this is legitimate is very  
small - we're talking about a web app connecting to SSH servers that  
are outside the administrative control of the owner of the web app, as  
if they were in the same administrative control it would be trivial to  
run it on alternative ports.

Same goes for SMTP, but provide mail relays that let you send messages  
only from domains you have registered with EC2 - should be easy enough  
to validate ownership - scan whois for email addresses, and send them  
"Person X has asked to send mail from this domain, please pass this  
message on to them. $verification_url".

Sure there's other bad things that people are going to use this  
service for, but these seem to be the obvious ones that are easy to  
limit without big disruptions.

Do 'normal' web hosting providers allow customer created scripts to  
create TCP sessions out to arbitrary things?

- --
Nathan Ward




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iQEVAwUBSF83c6hXB4ariYS3AQIBzAgAqiWxzvBjTfjzuf1GyE+PM9doF2S11d94
eKlWGeSjzqob2onSYbm46ffUNTkLQdwkt/jKRDS9eIk7nR7/5OWH9Mg9xkBR5uyu
KndZyJgToHSA50TcpCjop3EXACjnufod7ZxTW0PZgVjAYU8cD7qfvXEBzcNuBxKH
nZfe0gRuNL/swcArseXUxkL1Sf0qPRykc5nJOPQ0LHcjdoyZoAKlCqPerFVYjldz
lOcTFtWMbBDNAUxAy2/ue2hv+K8VGMjC4JPGFdpFqDcumex86sagRJBcA8VbGY25
RkgPdLG41AUDtTGwuAnC3BQclsBcwlZRp4l/DDQYl+CVfPfU9+kuDw==
=m6z6
-----END PGP SIGNATURE-----




More information about the NANOG mailing list