On Wed, Sep 17, 2008 at 1:32 PM, David Ulevitch <davidu@everydns.net> wrote:
Christopher Morrow wrote:
How about providing some open-source intelligence in a centralized and machine-parsable fashion (perhaps with community input of intel even) which would allow better decsions to be made?
Reputation based on src_addr is /so/ 2005. ASN has a few more legs perhaps... but...
All the growth in Internet-connected compute clouds (EC2, AppNexus, GoGrid, etc.) makes any system based around IP reputation decidedly less useful.
there is more than 'srcip' you can use to judge reputation on... if you have something 'not a router' you can even implement other options... Adding things like ttl's to the entries, sliding the reputation on that as well. It's not just 'src ip'. ASN is a really big hammer....
At the end of the day, nobody is going to drop packets for amazon's IP space.
nope, but amazon can/may-be-able-to do some protections on their side, or individuals could choose to block bits/pieces of amazon, and they have already.
-David