Using temporary IPs in the cloud considered harmful
Here's an amusing hobby:
1. Start Amazon EC2 instances (or any other cloud service)
2. Use something like honeyd to listen on all ports
3. Wait for random activity associated with the previous owner of the EC2 instance to start flowing in.
I stumbled across this by accident after getting flooded by connections from apps.facebook.com which seems to be trying to interact with a Facebook app that was previously hosted on an IP which I'm now using. Presumably the previous owner of an EC2 instance had a DNS name that resolved to this IP and didn't see the risks of doing so. Remember: the Amazon public IPs are temporary and will be reassigned once the EC2 instance stops or dies.
For the sake of your users' privacy and security, use Elastic IPs. Even if the instance dies, the Elastic IP still belongs to you and won't be accidentally be reassigned to someone else. When you start up a new instance you can have the Elastic IP assigned to the new instance using ec2-associate-address.
22 comments
[ 4.2 ms ] story [ 54.3 ms ] threadThe bigger problem is trying to run a mail server on EC2. You can't, really, as a lot of providers are still doing (stupid) IP based filtering.
Email has essentially converged on a patchwork ad-hoc net-wide implementation of a few of the proposals lampooned in the famous Slashdot copy/paste thing. Small businesses who are serious about getting their mail delivered pay what amounts to a delivery tax. The difference is it is not actually a tax, it is just a per-piece rate paid to a mailing service that keeps up with all the SPF records, feedback loops, blacklist monitoring, etc for us. However, considered from the perspective of the firm, it is essentially a tax, and it means that people paying a penny or two per email end up trustworthy. Everyone else is left in the email wild west, where they either have massive amounts of physical and reputational capital (Amazon et al) and get their mail accepted for free, or they're almost certainly trying to spam you (statistically speaking).
This is strongly related to strong centralization of email. I just had my 20,000th email submitted yesterday. Of those 20k, over 12k belong to just 10 domains. Even that overstates the diversity of spam squashing strategies, since most of the domains eventually use the same RBLs, etc.
In my experience some anti-spam organisations seem to want to keep that area wild. Or they just don't see the standard problems from their high horses. I get most of my servers listed as dynamic at least twice a year just because the ISP happens to provide residential dynamic DSL in the same netblock. And I can't change the rDNS of course, because the ISP doesn't allow it for people with ranges smaller than /28. Good luck explaining the situation to sorbs or people who block based on sorbs' dynamic list unconditionally.
The minimum "credible" IP suitable for duty as an email server is probably a cheap VPS somewhere.
Getting off the lists is an enormous pain in the ass. They make absurd demands, like changing the rDNS on every single IP in the block to contain the word static.... as though breaking rDNS is a good idea.
That "static" thing is just stupid. God I wish ISPs would just standardise on putting "dyn" into the rDNS of their dynamic IPs though. That would solve so many problems.
That's exactly what happened. It was apparently dial-up space many years ago.
I say many, because the space in question has been under my control since 2005, and it's STILL on the dynamic ip list, despite a roughly annual attempt to get de-listed.
Hm. I've been involved with the mail servers of a few small businesses and I don't think it's as bad as you're implying. SPF isn't hard to set up, the RBL systems seem to work pretty well, and if you're sending from a stable IP/domain with a few years on the clock and no history of abuse, your mail will usually get through.
I view those for-pay mailing companies as being necessary only if you're sending out something a little spam-like but not spam, like opt-in mailing lists or marketing material or something that might otherwise look a lot like spam. But for regular mail I don't think it's at all necessary.
Not in my experience. I have been on both sides: sending mail, and implementing IP based filtering. It's a clusterfuck.
EDIT: I'll give you that it's not as bad as the whole (win|fail|this) thing that's becoming popular.
Also, I have anti-anti-anti-missile-missile-missile missiles.
Yeah, this is a clear case of "... for fun and profit".
You have a really good point.