nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blocking specific sites within certain countries.

From: Valdis.Kletnieks () vt edu
Date: Thu, 14 Nov 2002 18:01:26 -0500
On Thu, 14 Nov 2002 17:26:21 EST, "Patrick W. Gilmore" <patrick () ianai net>  said:


Not if you block the domain name terrorist.com from resolving at the 
caching name server, only if you block the IP address to which is resolves 
on your routers.  (Which in many cases will be an Akamai server inside your 
network - if not, just ask. :)


http://a1016.g.akamai.net/f/1016/606/1d/(rest deleted)

So tell me again how you're going to filter a1016.g.akamai.net?  And how you're
not going to piss off the OTHER sites on that server? (Yes, I know that the
virtualized hostname is down in the (rest deleted) part of the URL - is that
what you want to try to filter in a firewall? Especially when the name could
(and probably will) be % encoded or whatever?

Or are we simply assuming that all terrorists are dumb enough to not know
how to use a proxy? (Remember that we *are* worried they're smart enough to
use strong crypto...)
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: