|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)
Hi Paul, Let's go back to the case and point: Amazon is claimed not to behave as a good Netizen.[*] In these circumstances we have to ask why the traditional system doesn't work. This is precisely the case when you want to ding someone's reputation. Your argument that many good applications will be running to counterbalance the bad depends on whether those running the good applications will tolerate intermittent outages because the bad applications cause the sites to get blacklisted. Also, let's remember that reputation means different things in different contexts. One could easily envision a cloud having a good web reputation and a lousy or at best neutral email reputation.[**] In addition, the risks of infection are also very different. In the web case, if a host connects to a known infected site, its risk of becoming infected is very high, compared to the risk of someone receiving an email message that points to spam. This means to me that end users who are protecting themselves with some sort of web reputation service are likely to guard against clouds and not quickly whitelist them. But there's also the possibility for web reputation services to improve granularity above and beyond the IP address, but this depends on quite a number of things, such as whether SSL is used and where and how information is collected by the services.[***] And so the question boils down to this: will Amazon and its ilk adapt to the current reputation services model or will it be the other way around? I think it will be both, but more the former than the latter. Eliot [*] Not my claim. [**] Email reputation is commonly applied to messages and to TCP/25. For our purposes, although it's overly simplistic, let's view web reputation as everything else. [***] Self-signed certs are a clearly interesting area to consider when it comes to THEIR reputations. The same can be said for any X.509 CA that itself doesn't do a good job of confirming the identity of a requestor. I don't suggest that this should be a sole input or even a significant discriminator in and of itself, of course.
|