Network Level Content Blocking (UK)

Sean Donelan sean at
Thu Jun 7 18:55:38 UTC 2007

On Thu, 7 Jun 2007, Sean Donelan wrote:
> On Thu, 7 Jun 2007, Chris L. Morrow wrote:
>>> Its not "content" blocking, its source/destination blocking.
>> oh, so null routes? I got the impression it was application-aware, or
>> atleast port-aware... If it's proxying or doing anything more than
>> port-level blocking it's likely it sees content as well, or COULD.
>> Either way, it's not like it's effective for anything except the m ost
>> casual of users :(
> Its more than null routes, but not much more.  The router does a re-route on 
> a list of network/IP address, and then for the protocols the redirector
> box understands (i.e. pretty much only HTTP) it matches part of the 
> application/URL pattern.
> So IWF can block only one part of a sub-tree of a popular shared webhosting 
> site *IF* is one of a few application protocols.

Sorry, clicked send before finishing.

BUT the important thing is the network operator and routers don't actually 
look at the content.  If the same bad content (picture, video, whatever) 
appears somewhere else that isn't on the IWF list, it won't be blocked.

And likewise if the content at the source/destination changes/removed, 
e.g. the picture disappears, the destination will continue to be blocked 
until IWF updates their bad list even though nothing bad still at the 

More information about the NANOG mailing list