-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/05/14 18:09, David Barrett wrote: > On Mon, May 12, 2014 at 6:56 AM, Michael Rogers > <[email protected] <mailto:[email protected]>> > wrote: > > This was a successful strategy - for a while. Some types of spam > disappeared, but others quickly reappeared as the spammers realised > we were blocking them via IP addresses and file hashes, both of > which were easy to change as fast as we could block them (once per > hour, by the end) using scripted could instances. > > > I assume that means "cloud instances"? How would an attacker > spontaneously spin up random IPs in a huge block? Even for > something like EC2 I don't think you can pull up new IPs on demand > (but I haven't tried).
Sorry yes, cloud. :-) I don't know how the spammers operated, but we saw very rapid turnover of IP addresses within EC2 address ranges. There's an API for deploying EC2 instances, and each new instance gets allocated an IP address from a pool, so I guess the spammers may have written a script to check the block list and automatically replace any blocked instances. > Amazon EC2 has some enormous IP ranges. Maybe create a second > block list of addresses that aren't allowed to contribute to the > first block list? ;-) > > > Agreed, if it's easy to get a new IP, then this whole argument > falls apart. But I think this argument is largely true. Based on > the EC2 docs: > > http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html > > "By default, all AWS accounts are limited to 5 EIPs, because public > (IPv4) Internet addresses are a scarce public resource. We > strongly encourage you to use an EIP primarily for load balancing > use cases, and use DNS hostnames for all other inter-node > communication." > > Granted, Amazon clearly *can* do this: > > "If you feel your architecture warrants additional EIPs, please > complete the Amazon EC2 Elastic IP Address Request Form. We will > ask you to describe your use case so that we can understand your > need for additional addresses." > > The question is whether they'd allow a copyright enforcer to do > this. And even if they do, the total number of elastic IPs is > likely smaller than the total number of torrent users at any point > in time. I think EIP means something more specific than the IP address of an instance - it means an address that the customer can map to different instances. Each instance also has an address that points only to that instance. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses "When you launch an instance in EC2-Classic, we automatically assign a public IP address to the instance. When you launch an instance into EC2-VPC, you can control whether your instance receives a public IP address. The public IP address is assigned to the eth0 network interface (the primary network interface). A public IP address is assigned to your instance from Amazon's pool of public IP addresses, and is not associated with your AWS account. When a public IP address is disassociated from your instance, it is released back into the public IP address pool, and you cannot reuse it." Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTcUEMAAoJEBEET9GfxSfMN/UIAIZEDjD2QYxwF7N9vAo+7uXJ 7PCzrNlWpRLXY9MHxuHok8hnxAIdQVGFFLZeY1eLlypQUpQFk+JBwqBslMYfNCUw qA3AgZ80jr14MKxRcSPrWPKiIuK7gGezf+iD5dK58Z0C8evfn6Aegf6pATECssBa CJQIkmdBpdXTYkOipp2buUFnl1DzvH55rSo0RtsHOYJ31YhI5iIKef++MvGhYVlR vpBRdbTkTK4ILH/TlXM1lx6wwIrwYyr3Mv/mTWJlVsDD3obdpqMOBSTSKP8WFRsK xgHPUWbgmS/8PG4ZTxdxeoocXmJ3IkMJ/Og3q1VRI8Iob2ERVhwUy8cifQ8SY0A= =6wyW -----END PGP SIGNATURE----- _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
