Re: The Great Firewall of Norway

[David Farber <dave () farber net>]

Begin forwarded message:

From: Rich Kulawiec <rsk () gsp org>
Date: February 13, 2007 2:06:47 PM EST
To: "Simen E. Sandberg" <senilix () gallerbyen net>
Cc: David Farber <dave () farber net>, Gunnar Helliesen  
<gunnar () helliesen com>
Subject: Re: [IP] Re: The Great Firewall of Norway

> ?The minority agrees with the majority that a measure of this type  
> will
> not give 100 percent effect, as there exists technical by-passing
> possibilities. Still, at the same time, this is the case for most
> measures in the struggle against computer ciminality. Even if the  
> effect
> will not be 100 percent with a filter, it can be considerable. If one
> can stop most of the illegal traffic with a filter, a lot will be
> achieved.?

This is currently impossible.  (That is, "stop[ping] most of the illegal
traffic with a filter".)

Phishers, identity thieves, spammers, and child pornographers -- among
others -- are in control of at least 100 million systems located all
over the world.  (Vint Cerf estimates 140M here: http:// 
arstechnica.com/news.ars/post/20070125-8707.html
and a recent NYTimes article by Markoff cites a figure of 70M.  Nobody
knows for sure, but there seems widespread agreement that 100M is
the right order of magnitude -- and it's getting worse.)

Norway is not exempt from this.  I've observed quite a few hijacked
systems on monet.no, alfanett.no, bluecom.no, adsl.no, sbnett.no,
tele2.no, catch.no, and others -- just like I have on most ISPs
in most countries.

These systems can be used to host web sites, provide DNS, send mail,
host FTP sites, participate in P2P networks, conduct DoS attacks --
whatever their new masters want.

So how, exactly, do you plan to block?

You can't block based on domain: these people buy domains by the  
hundreds,
sometimes thousands, and change them much faster than you can update
filters.

You can't block by IP address, because they have their choice of many  
tens
of millions -- including all the hijacked systems inside Norway.  (Of  
course,
if the systems implementing the blocking are themselves hijacked...)

You can't block by protocol, because those same protocols are used for
lots of other things.  (And even if you did, someone would just invent
another protocol.)

You can't block by content, because no software method is even remotely
close to reliable enough and all the ones involving humans are either
biased, slow, or both.  Besides, it's easy enough to encrypt traffic.

And so on.

So let me tell you what will happen if you proceed with this proposal.
It will have a temporary, minor effect.  It might even help  
authorities find
a few of the stupider criminals.  These arrests will be announced as
"proving" the success of the measures.  Some of them will be of innocent
victims (see "Julie Amero" who may well be one here in the US) whose
computers were hijacked and used without their knowledge.

But within a relatively short time, none of it will matter.  The people
who wish to profit by providing this material will have figured out very
effective ways to bypass the filters.

And you'll be right back where you are today -- except you will have
spent a lot of time and money to get there.  You won't be "stopping most
of the illegal traffic", you'll barely be stopping *any* of it.

---Rsk


-------------------------------------------
Archives: http://archives.listbox.com/247/
Powered by Listbox: http://www.listbox.com