Paul Vixie wrote:
with EC2, it's game-over for the IP reputation industry, other than possibly lists of dynamic IP blocks (modems, DSL, etc) from which SMTP ought not come. but for the wider IP address space, we now return to content based filtering, and i predict a mighty increase in the number of pink contracts in colo rooms. (the silver lining is, this could reduce pressure on BGP piracy/injection.)
I'm not sure that shared resources are impossibly tied to anonymity, at least when connectivity goes through a single entity. That entity is motivated to increase usage, to help its customers expose their own reputation (good or bad), and to host more complex services where this concern comes up. AWS already tracks VM instances and their internal IP allocations. They recently added "elastic IPs," which are assigned to a customer rather than a specific instance. To the rest of the world, they're static IPs. AWS could expose rwhois for those elastic IPs, or delegate from different shared and elastic blocks. Folks who care about establishing trust would choose elastic IPs. And while tracking NAT state for every connection would be painful, a few thoughtful choices could go a long way -- Pareto principle or even 95/5. For example, track instances w/more than 50 open outbound connections to dport 25; those trying to transmit a packet with a spoofed source address (ever); and count or rate-limit SYNs per internal instance IP. I could also see AWS allowing customers to translate all outgoing traffic to single customer-specific elastic IP, or even requiring it in order to generate certain traffic profiles (quantity, velocity, protocol, content). There's big design considerations here - points of egress/translation, EC2 availability zones - but they aren't insurmountable. Since the IP is already allocated to the customer, AWS could allow them to set a reverse DNS entry under their domain (and forward would match). Though GAE's shared architecture creates a bit more of a challenge, it's still not impossible. As it happens, GAE doesn't currently support many of the features that are most useful to abusers (like raw sockets), and may never. So the problems that prevent identifying a source entity also prevent abuse in the first place. Anyway, Amazon and Google are motivated and innovative, so I wouldn't write it off. Troy