Re: Cloud service [was: RE: EC2 and GAE means end of ip addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]

Is there a vendor that makes a product that perform spam/malware filtering literally in the network, i.e. as a service provider, can I
filtering for the enterprises in my customer base by adding a
On Mon, Jun 23, 2008 at 6:01 PM, Frank Bulk - iNAME <frnkblk at iname.com> wrote: provide spam piece of
network gear? I'm not aware of one today except those who provide enterprise-oriented gateways like SonicWall.
Symantec Mail Security / Turntide Mailchannels Traffic Control
--srs
BTW, we CAN do "in the cloud" email traffic shaping - on EC2, ironically. But also on your own equipment if that's your preference. Regards, Ken -- Ken Simpson CEO MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel

Ken: Thanks for the info, but that still requires the domain owner to change their MX records. I was wondering if there was something that could literally be placed in the flow of traffic, like an FWSM in transparent mode. Frank -----Original Message----- From: Ken Simpson [mailto:ksimpson@mailchannels.com] Sent: Monday, June 23, 2008 5:23 PM To: nanog@nanog.org Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
On Mon, Jun 23, 2008 at 6:01 PM, Frank Bulk - iNAME <frnkblk at iname.com> wrote:
Is there a vendor that makes a product that perform spam/malware filtering literally in the network, i.e. as a service provider, can I provide spam filtering for the enterprises in my customer base by adding a piece of network gear? I'm not aware of one today except those who provide enterprise-oriented gateways like SonicWall.
Symantec Mail Security / Turntide Mailchannels Traffic Control
--srs
BTW, we CAN do "in the cloud" email traffic shaping - on EC2, ironically. But also on your own equipment if that's your preference. Regards, Ken -- Ken Simpson CEO MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel

On Mon, Jun 23, 2008 at 10:31 PM, Frank Bulk - iNAME <frnkblk@iname.com> wrote:
Ken:
Thanks for the info, but that still requires the domain owner to change their MX records. I was wondering if there was something that could literally be placed in the flow of traffic, like an FWSM in transparent mode.
That probably depends a lot on the topology in question... Doing it on 'ethernet' is far different from doing it on T1 over ATM or channelized oc-48... A Checkpoint FW can do this sort of thing with a 'security server' (though performance is certainly a question...). I think you're also always stuck in a store-and-forward mode so 'on the wire' isn't really helpful for SMTP, often you can't make a decision about an email without getting a large portion of it down, so snuffing connections mid-stream isn't going to help your email infra very much :( -Chris
Frank
-----Original Message----- From: Ken Simpson [mailto:ksimpson@mailchannels.com] Sent: Monday, June 23, 2008 5:23 PM To: nanog@nanog.org Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
On Mon, Jun 23, 2008 at 6:01 PM, Frank Bulk - iNAME <frnkblk at iname.com> wrote:
Is there a vendor that makes a product that perform spam/malware filtering literally in the network, i.e. as a service provider, can I provide spam filtering for the enterprises in my customer base by adding a piece of network gear? I'm not aware of one today except those who provide enterprise-oriented gateways like SonicWall.
Symantec Mail Security / Turntide Mailchannels Traffic Control
--srs
BTW, we CAN do "in the cloud" email traffic shaping - on EC2, ironically. But also on your own equipment if that's your preference.
Regards, Ken
-- Ken Simpson CEO
MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel

Source IP blocking makes up a large portion of today's spam arrest approach, so we shouldn't discount the CPU benefits of that approach too quickly. I'm not sure where today's technology is in regards for caching the first 1 to 10kB of a session....once enough information is garnered to block, issue TCP RSETs. If it's good, free the contents of the cache. Frank -----Original Message----- From: christopher.morrow@gmail.com [mailto:christopher.morrow@gmail.com] On Behalf Of Christopher Morrow Sent: Monday, June 23, 2008 10:45 PM To: frnkblk@iname.com Cc: Ken Simpson; nanog@nanog.org Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)] On Mon, Jun 23, 2008 at 10:31 PM, Frank Bulk - iNAME <frnkblk@iname.com> wrote:
Ken:
Thanks for the info, but that still requires the domain owner to change their MX records. I was wondering if there was something that could literally be placed in the flow of traffic, like an FWSM in transparent mode.
That probably depends a lot on the topology in question... Doing it on 'ethernet' is far different from doing it on T1 over ATM or channelized oc-48... A Checkpoint FW can do this sort of thing with a 'security server' (though performance is certainly a question...). I think you're also always stuck in a store-and-forward mode so 'on the wire' isn't really helpful for SMTP, often you can't make a decision about an email without getting a large portion of it down, so snuffing connections mid-stream isn't going to help your email infra very much :( -Chris
Frank
-----Original Message----- From: Ken Simpson [mailto:ksimpson@mailchannels.com] Sent: Monday, June 23, 2008 5:23 PM To: nanog@nanog.org Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
On Mon, Jun 23, 2008 at 6:01 PM, Frank Bulk - iNAME <frnkblk at iname.com> wrote:
Is there a vendor that makes a product that perform spam/malware filtering literally in the network, i.e. as a service provider, can I provide spam filtering for the enterprises in my customer base by adding a piece of network gear? I'm not aware of one today except those who provide enterprise-oriented gateways like SonicWall.
Symantec Mail Security / Turntide Mailchannels Traffic Control
--srs
BTW, we CAN do "in the cloud" email traffic shaping - on EC2, ironically. But also on your own equipment if that's your preference.
Regards, Ken
-- Ken Simpson CEO
MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel

Source IP blocking makes up a large portion of today's spam arrest approach, so we shouldn't discount the CPU benefits of that approach too quickly.
I'm not sure where today's technology is in regards for caching the first 1 to 10kB of a session....once enough information is garnered to block, issue TCP RSETs. If it's good, free the contents of the cache.
What's your interest in mopping up spam in the middle of the network? Usually spam is viewed as a leaf-node problem (much to the chagrin of receivers, actually). Regards, Ken -- Ken Simpson CEO MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel

For the reason you stated, "much to the chagrin of receivers". Easier to sell a service to customers downstream if it's being done in the network, without MX changing. Frank -----Original Message----- From: Ken Simpson [mailto:ksimpson@mailchannels.com] Sent: Tuesday, June 24, 2008 8:38 AM To: frnkblk@iname.com Cc: 'Christopher Morrow'; nanog@nanog.org Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
Source IP blocking makes up a large portion of today's spam arrest approach, so we shouldn't discount the CPU benefits of that approach too quickly.
I'm not sure where today's technology is in regards for caching the first 1 to 10kB of a session....once enough information is garnered to block, issue TCP RSETs. If it's good, free the contents of the cache.
What's your interest in mopping up spam in the middle of the network? Usually spam is viewed as a leaf-node problem (much to the chagrin of receivers, actually). Regards, Ken -- Ken Simpson CEO MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel
participants (3)
-
Christopher Morrow
-
Frank Bulk - iNAME
-
Ken Simpson