[53456] in North American Network Operators' Group
Re: Blocking specific sites within certain countries.
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Thu Nov 14 20:42:13 2002
Date: Thu, 14 Nov 2002 20:41:25 -0500
From: "Patrick W. Gilmore" <patrick@ianai.net>
To: nanog@merit.edu
In-Reply-To: <200211142301.gAEN1QHl006740@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
-- On Thursday, November 14, 2002 6:01 PM -0500
-- Valdis.Kletnieks@vt.edu supposedly wrote:
> On Thu, 14 Nov 2002 17:26:21 EST, "Patrick W. Gilmore"
> <patrick@ianai.net> said:
>
>> Not if you block the domain name terrorist.com from resolving at the
>> caching name server, only if you block the IP address to which is
>> resolves on your routers. (Which in many cases will be an Akamai
>> server inside your network - if not, just ask. :)
>
> http://a1016.g.akamai.net/f/1016/606/1d/(rest deleted)
>
> So tell me again how you're going to filter a1016.g.akamai.net? And how
> you're not going to piss off the OTHER sites on that server? (Yes, I know
> that the virtualized hostname is down in the (rest deleted) part of the
> URL - is that what you want to try to filter in a firewall? Especially
> when the name could (and probably will) be % encoded or whatever?
Well, believe it or not, you can filter on aXXXX. :)
But more importantly, no user is ever going to type
"aXXX.g.akamai.com/foo/bar/etc...". They are going to type
"www.ticketmaster.com", which is a CNAME for aXXX. If the ISP's name
server filters the "ticketmaster.com" domain, your random luser is not
going to be able to get to www.ticketmaster.com.
> Or are we simply assuming that all terrorists are dumb enough to not know
> how to use a proxy? (Remember that we *are* worried they're smart enough
> to use strong crypto...)
I did not think this is about stopping terrorists from getting to special
sites. I thought this was about a government censoring its citizens from
seeing "bad" web sites. Which is a Bad Idea IMHO, but I doubt the Spanish
government cares what I think.
Besides, what's to stop Joe User from using a public proxy outside his
country? :)
> Valdis Kletnieks
--
TTFN,
patrick
