Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]

Joel Jaeggli joelja at bogus.com
Mon Jun 23 16:06:23 CDT 2008


Frank Bulk wrote:
> Thanks.  Even with TLS, the destination port (either 25 or 365) is
> well-known, right, as is the source IP? 

And 587 though that's generally your customers, who are going authenticate.

> At the minimum RBLs could be used
> for that encrypted traffic.  

Yeah, given that that point you're basically filtering by ip again, you 
can do that with a bgp community. That's not really smtp filtering anymore.

> Frank 
> 
> -----Original Message-----
> From: Joel Jaeggli [mailto:joelja at bogus.com] 
> Sent: Monday, June 23, 2008 2:20 PM
> To: frnkblk at iname.com
> Cc: nanog at merit.edu
> Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address
> reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
> 
> <snip>
> 
> dpi boxes from a number of vendors can do that sort of thing... whether
> they can do it fast enough to be inline with your compute cloud is
> another question entirely.
> 
> That said the result is fairly perilous when rejecting a message
> involves forging packets. and of course tls supporting mta's will be
> opaque to the network traffic inspecting device.
> 
> 





More information about the NANOG mailing list