On Tue, May 27, 2008 at 1:10 AM, Colin Alston <karnaugh@karnaugh.za.net> wrote:
On 26/05/2008 18:13 Suresh Ramasubramanian wrote:
I didnt actually, Bonomi did .. but going on ..
Quite a lot of EC2 compute time is for number crunching and such - not just hosting, or email, or ..
That's not actually true, the trend is towards thumbnail generation and video encoding dispatch for sites that use it, this requires getting the
[yes, that's right - twitter seems to be using it for example]
Either way, limiting of ports is a direct and undeniable limiting of the capability of the product. A staggeringly large amount of my spam comes from DSL lines in eastern europe and such places, and yet for some reason I don't
You're at odds with a lot of best practice there. This one for example - http://www.maawg.org/port25
I agree with abuse reports and active abuse desks but please, don't for one second expect me to believe you side with the idea that upstream providers and hosts should randomly firewall ports - since 90% of the time, as history has shown me, they screw it up.
I am sure that all the nanog regulars here who are / have been the guys with enable on tier 1 networks routers (and run huge dialup/dsl pools) will agree with that (!) Port firewalling, especially port 25 firewalling, isnt - or rather shouldnt be - random. There are enough cookbook configs to just blanket block port 25, and far more advanced configs (ask Chris Morrow sometime about huge uunet dialup pools with radius filters to punch holes for port 25 connectivity to different ISP smarthosts etc etc) --srs -- Suresh Ramasubramanian (ops.lists@gmail.com)