Network Level Content Blocking (UK)
Leigh Porter
leigh.porter at ukbroadband.com
Thu Jun 7 19:13:34 UTC 2007
Sean Donelan wrote:
>
> On Thu, 7 Jun 2007, Sean Donelan wrote:
>> On Thu, 7 Jun 2007, Chris L. Morrow wrote:
>>>> Its not "content" blocking, its source/destination blocking.
>>>
>>> oh, so null routes? I got the impression it was application-aware, or
>>> atleast port-aware... If it's proxying or doing anything more than
>>> port-level blocking it's likely it sees content as well, or COULD.
>>>
>>> Either way, it's not like it's effective for anything except the m ost
>>> casual of users :(
>>
>> Its more than null routes, but not much more. The router does a
>> re-route on a list of network/IP address, and then for the protocols
>> the redirector
>> box understands (i.e. pretty much only HTTP) it matches part of the
>> application/URL pattern.
>>
>> So IWF can block only one part of a sub-tree of a popular shared
>> webhosting site *IF* is one of a few application protocols.
>
> Sorry, clicked send before finishing.
>
> BUT the important thing is the network operator and routers don't
> actually look at the content. If the same bad content (picture,
> video, whatever) appears somewhere else that isn't on the IWF list, it
> won't be blocked.
>
> And likewise if the content at the source/destination changes/removed,
> e.g. the picture disappears, the destination will continue to be
> blocked until IWF updates their bad list even though nothing bad still
> at the destination.
But this is OK as it's unlikely that something good and wholesome will
be on http://n.n.n.n/foobardodgypr0n.html
Also the lists are actually updated fairly regularly.
--
Leigh Porter
More information about the NANOG
mailing list