[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
- Subject: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
- From: joelja at bogus.com (Joel Jaeggli)
- Date: Mon, 23 Jun 2008 14:06:23 -0700
- In-reply-to: <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAAARqHu3MDtfTrUiP+y61e0MAQAAAAA=@iname.com>
- References: <[email protected]> <[email protected]> <[email protected]> <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAADcGSEPPH29Tb+q7zNc/[email protected]> <[email protected]> <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAAARqHu3MDtfTrUiP+y61e0MAQAAAAA=@iname.com>
Frank Bulk wrote:
> Thanks. Even with TLS, the destination port (either 25 or 365) is
> well-known, right, as is the source IP?
And 587 though that's generally your customers, who are going authenticate.
> At the minimum RBLs could be used
> for that encrypted traffic.
Yeah, given that that point you're basically filtering by ip again, you
can do that with a bgp community. That's not really smtp filtering anymore.
> Frank
>
> -----Original Message-----
> From: Joel Jaeggli [mailto:joelja at bogus.com]
> Sent: Monday, June 23, 2008 2:20 PM
> To: frnkblk at iname.com
> Cc: nanog at merit.edu
> Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address
> reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
>
> <snip>
>
> dpi boxes from a number of vendors can do that sort of thing... whether
> they can do it fast enough to be inline with your compute cloud is
> another question entirely.
>
> That said the result is fairly perilous when rejecting a message
> involves forging packets. and of course tls supporting mta's will be
> opaque to the network traffic inspecting device.
>
>