On Wed, Sep 17, 2008 at 1:32 PM, David Ulevitch <[EMAIL PROTECTED]> wrote: > Christopher Morrow wrote: > >> How about providing some open-source intelligence in a centralized and >> machine-parsable fashion (perhaps with community input of intel even) >> which would allow better decsions to be made? > > Reputation based on src_addr is /so/ 2005. ASN has a few more legs > perhaps... but... > > All the growth in Internet-connected compute clouds (EC2, AppNexus, GoGrid, > etc.) makes any system based around IP reputation decidedly less useful. >
there is more than 'srcip' you can use to judge reputation on... if you have something 'not a router' you can even implement other options... Adding things like ttl's to the entries, sliding the reputation on that as well. It's not just 'src ip'. ASN is a really big hammer.... > At the end of the day, nobody is going to drop packets for amazon's IP > space. > nope, but amazon can/may-be-able-to do some protections on their side, or individuals could choose to block bits/pieces of amazon, and they have already. > -David > >
