Network Level Content Blocking (UK)

Leigh Porter leigh.porter at
Thu Jun 7 19:13:34 UTC 2007

Sean Donelan wrote:
> On Thu, 7 Jun 2007, Sean Donelan wrote:
>> On Thu, 7 Jun 2007, Chris L. Morrow wrote:
>>>> Its not "content" blocking, its source/destination blocking.
>>> oh, so null routes? I got the impression it was application-aware, or
>>> atleast port-aware... If it's proxying or doing anything more than
>>> port-level blocking it's likely it sees content as well, or COULD.
>>> Either way, it's not like it's effective for anything except the m ost
>>> casual of users :(
>> Its more than null routes, but not much more.  The router does a 
>> re-route on a list of network/IP address, and then for the protocols 
>> the redirector
>> box understands (i.e. pretty much only HTTP) it matches part of the 
>> application/URL pattern.
>> So IWF can block only one part of a sub-tree of a popular shared 
>> webhosting site *IF* is one of a few application protocols.
> Sorry, clicked send before finishing.
> BUT the important thing is the network operator and routers don't 
> actually look at the content.  If the same bad content (picture, 
> video, whatever) appears somewhere else that isn't on the IWF list, it 
> won't be blocked.
> And likewise if the content at the source/destination changes/removed, 
> e.g. the picture disappears, the destination will continue to be 
> blocked until IWF updates their bad list even though nothing bad still 
> at the destination.

But this is OK as it's unlikely that something good and wholesome will 
be on http://n.n.n.n/foobardodgypr0n.html

Also the lists are actually updated fairly regularly.

Leigh Porter

More information about the NANOG mailing list