From: Troy Davis <troy@yort.com> ... AWS already tracks VM instances and their internal IP allocations. They recently added "elastic IPs," which are assigned to a customer rather than a specific instance. To the rest of the world, they're static IPs.
abusers don't have specific identities. they will find out the minimum level of identity-checking they have to spoof, and spoof that. stolen credit cards, throwaway domains, free e-mail accounts, and so on. before they get disco'd they already have their next instance set up and ready to go. the game is to live in the time margin of the ISP's reaction time, so that each fake identity gets a predictable amount of time and resources before it's stopped/abandoned. this is why during my time running MAPS, i focused on fully funded abuse desks with the power to suspend or disconnect in real time, 24x7, pending management review. warning policies or management approval increased the guaranteed minimum useful lifetime of a fake hosting customer identity to the point where there was no benefit in sending that ISP complaints at all. some ISPs went to extreme lengths to tie fake identities together so as to increase the up-front costs of serial abusers, but this inevitably raised their overall costs and also their acquisition costs for non-abusive customers, and the only thing that kept those increased costs from making these ISPs noncompetitive was that their reputation would be better, and a better reputation had an offsetting benefit. given that an static IP's reputation has inertia, and it takes days or weeks or sometimes years for a "bad IP" to get its reputation cleaned up enough for it to be reused, there's a window here where the pool of IP's EC2 can churn through if it assigned them statically to potentially abusive customers may not be large enough to also accomodate the new non-abusive load during the period they want that churn-pool to cover. and they'll have clean-up costs in resetting the reputation of previously abused IP's, with a natural tendancy of IP reputation services to think that amazon, as a large company, is doing the absolute minimum work nec'y to prevent serial abuse, such that inertia for EC2 addresses is likely to be effectively higher than for non-EC2 addresses.
... Anyway, Amazon and Google are motivated and innovative, so I wouldn't write it off.
Troy
amazon and google are also large and profitable, and they know how to manage their risks and costs to the maximum benefit of their shareholders and their customers. this is a variation on "good, fast, or cheap: choose two". for something like EC2 to be a financial success, it has to scale, and the trade- offs that make scale possible also create dark corners and loopholes in which abusers can thrive. reputation systems have generally not scaled well, but they'll still be possible, based on content, domain name, digital signatures, webs of trust, that kind of thing. just not IP addresses like in the old days. paul