EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)
paul at vix.com
Mon Jun 23 13:38:29 UTC 2008
> Let's go back to the case and point: Amazon is claimed not to behave as a
> good Netizen.[*] In these circumstances we have to ask why the traditional
> system doesn't work. This is precisely the case when you want to ding
> someone's reputation. Your argument that many good applications will be
> running to counterbalance the bad depends on whether those running the good
> applications will tolerate intermittent outages because the bad applications
> cause the sites to get blacklisted.
my argument doesn't get that far, actually. i think there will be no outages
because recipients of abuse won't feel that they can afford to toss out the
good with the bad in this particular case. which is going to remind of me
tom lehrer's quip, "feels like a christian scientist with appendicitis" once
an EC2 customer instance gets infected with malware that then ddos's somebody.
> But there's also the possibility for web reputation services to improve
> granularity above and beyond the IP address, but this depends on quite a
> number of things, such as whether SSL is used and where and how information
> is collected by the services.[***]
i suppose i have been too prolific here of late, since i predicted exactly
that, but it's no doubt buried in some response of mine that you did not read.
> And so the question boils down to this: will Amazon and its ilk adapt to
> the current reputation services model or will it be the other way around?
> I think it will be both, but more the former than the latter.
i think it will be both, and more the latter than the former. i'm basing this
prediction on leverage, risks, and costs. if amazon and google and anyone
else who provides large scale virtualization (where "large scale" means there
is no in-person meeting to kick off the relationship, no credit check on the
customer, and so on) knows that their good customers are so valuable to the
rest of the world that some number of bad customers mixed in will not matter,
then their rational decision will be to discover the break point and enforce
that much and no more. this is how big companies get big and stay big; it's
what ISP's have always done wrt their abuse desks; it's the break point i
sought to move with MAPS; and the basis for that break point is in a totally
different place for (server-side large-scale no-fixed-ip).
More information about the NANOG