-----Original Message----- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Gordon Ewasiuk via NANOG Sent: Wednesday, December 6, 2017 12:30 PM To: nanog@nanog.org Subject: Re: Suggestions for a more privacy conscious email provider > >Suggesting AWS doesn't care seems...well...inaccurate. > >-Gordon
This is all anecdotal so take it as you will. In 2016 I filed a total of 76 reports either via their web form or by emailing their abuse email directly. Every single one got this in reply: After submitting the initial abuse report (providing all the information they ask for in an initial report): >Hello, >Thank you for your abuse report. We were unable to identify the customer >responsible for the reported activity. Due to the frequency with which AWS >>public IP addresses can change ownership, we will need additional information >in order to identify the responsible customer(s). Then a few days later, after replying back to their email with the same content that was in the initial abuse report: >Hello, >This is a follow up regarding the abusive content or activity report that you >submitted to AWS. We have investigated this report, and have taken steps to >>mitigate the reported abusive content or activity. Due to our privacy and >security policies we are unable to provide details regarding the resolution of >this >case or the identity of our customer. >We are committed to mediating reports of abusive content or activity to the >satisfaction of both the reporters and our customers. If you believe the >>reported content or activity persists, or are not satisfied with the >resolution of this case, please reply directly to this message with more >information. Your >response should include the most recent activity logs or >web location of the content that you have available that indicates that the >activity or content >persists, as well as a clear, succinct explanation of >what you expect of us and our customer. > >Thank you for bringing this matter to our attention. > >Regards, >AWS Abuse Team So yes, it would //appear// that they do care. They do have an abuse team and they're very good at sending out those canned emails and making you think they've done something. But here we are in 2017 and I'm still seeing the exact same attempts from the exact same IP's that I reported in 2016. The way I see it, there's only two explanations: A bunch of people are running the same exact bots that use the same exact source ports and they all just happened to get the same set of public v4's assigned to them and they all just happened to target all of my sites at the exact same rate. or AWS didn't actually do anything about it. (Yes, none of that applies to their SES service, but there's nothing stopping someone from running postfix on an e2c instance. I won't comment on how the SES team there handles things, because I haven't had any dealings with their abuse team.) -----Original Message----- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Filip Hruska Sent: Wednesday, December 6, 2017 12:55 PM To: nanog@nanog.org Subject: Re: Suggestions for a more privacy conscious email provider > >SES can't hit your firewall with bots, it's just an email service. > >Maybe you meant EC2? And as I said earlier, if you have correctly setup >firewall and servers, port scanning or bots can't hurt you in any way. > > >-- >Filip Hruska >Linux System Administrator I don't remember mentioning SES in this thread before today. But as Rich said earlier: >And the latter is the problem: we are faced, unfortunately, with massive >operations that were designed, built, and deployed without the slightest >consideration for responsible behavior toward the rest of the Internet. >All the rest of us are paying the price for that arrogance, incompetence >and negligence: we're paying for it with DoS/DDoS defenses, with spam >and phish defenses, with brute-force attack defenses, with time and >money and computing resources, with complexity, with late nights and >early mornings, with annoyed customers, and -- on the occasions when those >defenses fail -- devastating consequences for organizations and people. > >These costs aren't always obvious because they're not highlighted line >items in an accounting statement. But they're real, and they're huge. > >How huge? Well, one measure could be found in the observation that >there's now an entire -- large and growing -- market segment that >exists solely to mitigate the fallout from these operations. > >And those same massive operations are doing everything they possibly >can to avoid hearing about any of this. That's why abuse@ is effectively >hardwired to /dev/null. And I note with interest that nobody from AWS >has had the professionalism to show up in this thread and say "Gosh, we're >sorry. We screwed up. We'll try to do better. Can you help us?" > >Because we would. I agree, the dumber bots won't cause any harm (beyond the wasted bandwidth) But every now and then there's a slightly smarter and more targeted bot run by someone who actually knows how to use nmap. New exploits are discovered every day, and as we all know the ones that are made public are in the minority. I know I'd sleep better at night knowing that one of the largest cloud providers would do something about it. I'm sure most of you would agree. I'll leave it at that. -Ed