[53445] in North American Network Operators' Group
Re: Blocking specific sites within certain countries.
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Nov 14 18:02:10 2002
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Thu, 14 Nov 2002 17:26:21 EST."
<31752497.1037294781@[172.30.118.247]>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 14 Nov 2002 18:01:26 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1145686254P
Content-Type: text/plain; charset=us-ascii
On Thu, 14 Nov 2002 17:26:21 EST, "Patrick W. Gilmore" <patrick@ianai.net> said:
> Not if you block the domain name terrorist.com from resolving at the
> caching name server, only if you block the IP address to which is resolves
> on your routers. (Which in many cases will be an Akamai server inside your
> network - if not, just ask. :)
http://a1016.g.akamai.net/f/1016/606/1d/(rest deleted)
So tell me again how you're going to filter a1016.g.akamai.net? And how you're
not going to piss off the OTHER sites on that server? (Yes, I know that the
virtualized hostname is down in the (rest deleted) part of the URL - is that
what you want to try to filter in a firewall? Especially when the name could
(and probably will) be % encoded or whatever?
Or are we simply assuming that all terrorists are dumb enough to not know
how to use a proxy? (Remember that we *are* worried they're smart enough to
use strong crypto...)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_1145686254P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE91CtGcC3lWbTT17ARAmZ5AKCEf/t6gwFOMuP0uupHNWBzsuv3fwCcCf05
j3Ww2u/2UlCMQpbnCdqygMk=
=6Cy6
-----END PGP SIGNATURE-----
--==_Exmh_1145686254P--
