[LINK] Green light for internet filter plans

rene rene.lk at libertus.net
Wed Dec 16 20:27:55 AEDT 2009


On Wed, 16 Dec 2009 18:22:56 +1100, Rick Welykochy wrote:
[...]
> If it includes complete URLs, as in
> "http://nasty.com/?page=1239823&SID=1234" then it cannot possibly be
> accurate since dynamic pages as per such a URL change all the time
> and often include things like SID (a session ID) and other user-level
> identifying and modifying information. It is impossible for the
> filter maintainers to know what all the parameters on a dynamic URL
> are and what they are used for.

Also, the Enex Report states:
	"An increasingly common technique used to negate filters is known as ‘fast 
fluxing’ and involves the rapid and automated change in IP addresses. This 
technique can be effectively employed against a number of filters that 
block using the IP address. Importantly, it should be noted that this 
technique is employed by providers of content rather than end-users."

Also, Telstra's report on their own trial (not conducted via the Enex/Govt 
trial) states:
	"After some review of the available industry data it was decided that 
testing an IP Plus Proxy solution wouldn’t yield value due to a recent 
rising phenomenon known as 'Fast Fluxing'. 
           Fast Fluxing is the term used to describe the rapid movement of 
Internet content from one IP address to another in order to avoid IP based 
blacklisting. This technique is now widely used by individuals who are 
attempting to propagate objectionable material, especially over the last 6 
months. This has become a popular method of distributing objectionable 
content because the content is actually hosted on PCs which have been 
hijacked. The IP address of a hijacked PC typically changes every time the 
(unsuspecting) Internet user connects to the Internet (which makes IP 
blocking ineffective)."
http://exchange.telstra.com.au/wp-content/uploads/2009/12/TBT-final-report1
.pdf 

The relevance of the above is that Conroy has long cited UK BT's 
implementation of blocking 'cp' as evidence that blocking works without 
performance degradation etc. BT uses a purpose built 'hybrid' filter (which 
they invented in about 2004) which uses IP address lookup in the first 
stage of the filtering process. 

Enex and Telstra are saying that IP address lookup has become ineffective 
in dealing with objectionable content because some/many of the alleged 
content providers have moved on to using "fast fluxing" (which presumably 
means that the much lauded UK BT system is much less effective now than it 
was some 5 years ago).

For that reason, Telstra trialled a hybrid system that uses DNS, instead of 
IP address lookup, in the first stage of the filtering process. Telstra 
said in its report that their system would be easily circumvented; and that 
if URLs on heavy traffic web sites, such as YouTube, were added to the 
blacklist then there would be significant speed degradation (the leaked 
ACMA blacklist had YouTube URLs on it, reportedly some were videos 
promoting the crime of graffiti); and that their system would cause the 
same problems as happened when UK IWF added a page on Wikipedia to their 
blacklist (which they subsequently removed from their blacklist).

All up, it's an "arms race" and there does not appear to be any 
filtering/blocking method that can prevent inadvertent, and certainly not 
intentional, access by children or adults to objectionable content.

At most, the govt's plan to implement mandatory ISP level blocking will 
result in a false sense of security by anyone who does not have an adequate 
understanding of how the Net works.

Irene





 



More information about the Link mailing list