Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
Source IP blocking makes up a large portion of today's spam arrest approach, so we shouldn't discount the CPU benefits of that approach too quickly. I'm not sure where today's technology is in regards for caching the first 1 to 10kB of a sessiononce enough information is garnered to block, issue TCP RSETs. If it's good, free the contents of the cache. What's your interest in mopping up spam in the middle of the network? Usually spam is viewed as a leaf-node problem (much to the chagrin of receivers, actually). Regards, Ken -- Ken Simpson CEO MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel
RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
For the reason you stated, much to the chagrin of receivers. Easier to sell a service to customers downstream if it's being done in the network, without MX changing. Frank -Original Message- From: Ken Simpson [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2008 8:38 AM To: [EMAIL PROTECTED] Cc: 'Christopher Morrow'; nanog@nanog.org Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] Source IP blocking makes up a large portion of today's spam arrest approach, so we shouldn't discount the CPU benefits of that approach too quickly. I'm not sure where today's technology is in regards for caching the first 1 to 10kB of a sessiononce enough information is garnered to block, issue TCP RSETs. If it's good, free the contents of the cache. What's your interest in mopping up spam in the middle of the network? Usually spam is viewed as a leaf-node problem (much to the chagrin of receivers, actually). Regards, Ken -- Ken Simpson CEO MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel
Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
When I hear cloud services I think in the network even though it appears all these cloud services perform their work at a data center as an outsourced service. Is there a vendor that makes a product that perform spam/malware filtering literally in the network, i.e. as a service provider, can I provide spam filtering for the enterprises in my customer base by adding a piece of network gear? I'm not aware of one today except those who provide enterprise-oriented gateways like SonicWall. Frank -Original Message- From: Roland Dobbins [mailto:[EMAIL PROTECTED] Sent: Sunday, June 22, 2008 9:20 PM To: [EMAIL PROTECTED] Subject: Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs) snip This is far different from free email Google or Hotmail - these cloud services (EC2, Mosso, Slicehost, Terremark's Enterprise Cloud, Telstra's new service, AppEngine, et.al.) are where many popular new Internet applications will live, and, even more significantly, where an increasing amount large-scale enterprise computing (like banking, pharma, government, and so forth) will take place. I foresee interesting times ahead. --- Roland Dobbins [EMAIL PROTECTED] // +66.83.266.6344 mobile History is a great teacher, but it also lies with impunity. -- John Robb
RE: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
Interesting. I was more thinking of the Turntide approach which operates within the network stream than Mailchannels which appears to operate on the same server as the MTA, but in front of it. Frank -Original Message- From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 9:16 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] On Mon, Jun 23, 2008 at 6:01 PM, Frank Bulk - iNAME [EMAIL PROTECTED] wrote: Is there a vendor that makes a product that perform spam/malware filtering literally in the network, i.e. as a service provider, can I provide spam filtering for the enterprises in my customer base by adding a piece of network gear? I'm not aware of one today except those who provide enterprise-oriented gateways like SonicWall. Symantec Mail Security / Turntide Mailchannels Traffic Control --srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
Frank Bulk wrote: Thanks. Even with TLS, the destination port (either 25 or 365) is well-known, right, as is the source IP? And 587 though that's generally your customers, who are going authenticate. At the minimum RBLs could be used for that encrypted traffic. Yeah, given that that point you're basically filtering by ip again, you can do that with a bgp community. That's not really smtp filtering anymore. Frank -Original Message- From: Joel Jaeggli [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 2:20 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] snip dpi boxes from a number of vendors can do that sort of thing... whether they can do it fast enough to be inline with your compute cloud is another question entirely. That said the result is fairly perilous when rejecting a message involves forging packets. and of course tls supporting mta's will be opaque to the network traffic inspecting device.
Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
On Mon, Jun 23, 2008 at 10:31 PM, Frank Bulk - iNAME [EMAIL PROTECTED] wrote: Ken: Thanks for the info, but that still requires the domain owner to change their MX records. I was wondering if there was something that could literally be placed in the flow of traffic, like an FWSM in transparent mode. That probably depends a lot on the topology in question... Doing it on 'ethernet' is far different from doing it on T1 over ATM or channelized oc-48... A Checkpoint FW can do this sort of thing with a 'security server' (though performance is certainly a question...). I think you're also always stuck in a store-and-forward mode so 'on the wire' isn't really helpful for SMTP, often you can't make a decision about an email without getting a large portion of it down, so snuffing connections mid-stream isn't going to help your email infra very much :( -Chris Frank -Original Message- From: Ken Simpson [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 5:23 PM To: nanog@nanog.org Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] On Mon, Jun 23, 2008 at 6:01 PM, Frank Bulk - iNAME frnkblk at iname.com wrote: Is there a vendor that makes a product that perform spam/malware filtering literally in the network, i.e. as a service provider, can I provide spam filtering for the enterprises in my customer base by adding a piece of network gear? I'm not aware of one today except those who provide enterprise-oriented gateways like SonicWall. Symantec Mail Security / Turntide Mailchannels Traffic Control --srs BTW, we CAN do in the cloud email traffic shaping - on EC2, ironically. But also on your own equipment if that's your preference. Regards, Ken -- Ken Simpson CEO MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel