Richard Clayton, Failures in a Hybrid Content Blocking System

[Florian Weimer <fw@deneb.enyo.de>]

Abstract:

| Three main methods of content blocking are used on the Internet:
| blocking routes to particular IP addresses, blocking specific URLs
| in a proxy cache or firewall, and providing invalid data for DNS
| lookups.  The mechanisms have different accuracy/cost
| trade-offs. This paper examines a hybrid, two-stage system that
| redirects traffic that might need to be blocked to a proxy cache,
| which then takes the final decision. This promises an accurate
| system at a relatively low cost. A British ISP has deployed such a
| system to prevent access to child pornography. However,
| circumvention techniques can now be employed at both system stages
| to reduce effectiveness; there are risks from relying on DNS data
| supplied by the blocked sites; and the system can be used as an
| oracle to determine what is being blocked. Experimental results show
| that it is straightforward to use the system to compile a list of
| illegal websites.

<http://www.cl.cam.ac.uk/users/rnc1/cleanfeed.pdf> (via Seth
Finkelsteins Infothought)

Die Inhalte sind ganz interessant, auch wenn ich den in Abschnitt 5.2
beschriebenen Angriff nicht unbedingt Cleanfeed zuordnen würde.

(JFTR: Mit dem "cleanfeed" für den Newsserver INN hat das *gar*
*nichts* zu tun.)

--
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de