[Chapter-delegates] Seeking Views: DNS Filtering

Wed Sep 7 08:18:30 PDT 2011

Dear Prof Ang,

I am afraid, though may be a significant part of the equation, DNS/IP
filtering is only a small part to address cyber crime. It is a system
that needs holistic, collaborative and varying but effective
approaches. It is not all about technology and not necessarily
international cooperation yet. That would come in no time if they see
a working model. I am thinking this is no different when the market
was dying to bring the Internet to the public, only just now the
masses tries to stop cyber crime.

Well .xxx is a business at least to some and some part of the globe.
Subtleties in a system are the most challenging portion, may be, in
any type of task, but may also the most rewarding if uncovered.

On 9/7/11, Ang Peng Hwa (Prof) <TPHANG at ntu.edu.sg> wrote:
> Dear Christian,
>
> Thank you. I spoke to several people about DNS filtering. My basic devil’s
> advocate question was: what is so bad about filtering .xxx? And many could
> not give me the kind of detailed downside risks you have delineated.
>
> Just to be clear, we are talking blocking Domain Names, right? Not IP
> addresses in themselves. In other words, the IP addresses are
> filtered/blocked only if they belong to a domain name.
>
> As you can probably guess, I am not a techie so my questions are probably
> basic to a number of you.
>
> Regards,
> Peng Hwa ANG
> [cid:image001.png at 01CC6D90.6836ECD0]ANG Peng Hwa (Professor) | Director,
> Singapore Internet Research Centre | Wee Kim Wee School of Communication and
> Information | Nanyang Technological University | WKWSCI 02-17, 31 Nanyang
> Link, Singapore 639798
> Tel: (65) 67906109 GMT+8h | Fax: (65) 6792-7526 | Web:
> www.ntu.edu.sg/sci/sirc<http://www.ntu.edu.sg/sci/sirc>
>
> From: cdel.firsthand.net [mailto:cdel at firsthand.net]
> Sent: Wednesday, 7 September, 2011 4:57 PM
> To: Ang Peng Hwa (Prof)
> Cc: Sally Wentworth; Chapter Delegates
> Subject: Re: [Chapter-delegates] Seeking Views: DNS Filtering
>
> It adds more than just cost and delays! IP filters make the instability
> consequences greater and can be circumvented. It can also lead to a new type
> of denial of service.
>
>
>
> Filtering IP Addresses is not fine grained to problem content or people.
> Many hosts using virtual machine partitions run multiple domains each with
> different owners, domains, applications such as web, email, whatever. So
> filtering IP does not match directly to problem content.
>
> Many users sit behind NAT with static single IP address. Many more are
> behind dynamic IP address allocating ISPs and dynamic DNS. This complicates
> confidence in drawing direct relationship between IP address and content.
>
> Just because an IP address is mentioned in a DNS it does not mean that the
> owner controller of that DNS domain delegation also owns controls the
> service or content at that IP address.
>
> Let's say some drug lord is fed up with Interpol. Just set up a series of
> websites with terror , drug, paedo, materials andvpoint to them. Then add
> another link to Interpol services. Call ICE or IWF and say look at this
> domain it is a disgrace. Seize it and filter all the IPs you find. How are
> they to know that one record for snuff.movie.bad.domain.com points to an
> unregistered IP for an Interpol gateway router?
>
>
>
>
> On what responsible or legal basis do you implement an IP filter? The RIR
> registered holder? iSP? The unregistered user? That user's customer?  Why
> would a US based domain seizure lead to an IP filter in Moscow?
>
>
> Christian
>
>
>
> Christian
>
>
>
>
>
>
> Christian de Larrinaga
>
>
> On 7 Sep 2011, at 07:07, "Ang Peng Hwa (Prof)"
> <TPHANG at ntu.edu.sg<mailto:TPHANG at ntu.edu.sg>> wrote:
> Dear Sally,
>
> Minor technical point in the first row of the table:
> Easily
> Circumvented: Users who wish to download filtered content can simply use IP
> addresses instead of DNS names.
>
> To prevent the user from using the IP address, a mechanism must be installed
> so that the IP address is looked up and then blocked. But this adds to cost
> and delays the response time.
>
> Regards,
> Peng Hwa ANG
> <image001.png>ANG Peng Hwa (Professor) | Director, Singapore Internet
> Research Centre | Wee Kim Wee School of Communication and Information |
> Nanyang Technological University | WKWSCI 02-17, 31 Nanyang Link, Singapore
> 639798
> Tel: (65) 67906109 GMT+8h | Fax: (65) 6792-7526 | Web:
> www.ntu.edu.sg/sci/sirc<http://www.ntu.edu.sg/sci/sirc>
>
> From:
> chapter-delegates-bounces at elists.isoc.org<mailto:chapter-delegates-bounces at elists.isoc.org>
> [mailto:chapter-delegates-bounces at elists.isoc.org] On Behalf Of Sally
> Wentworth
> Sent: Wednesday, 31 August, 2011 9:33 PM
> To: Chapter Delegates
> Subject: [Chapter-delegates] Seeking Views: DNS Filtering
>
> Dear ISOC Chapter Colleagues,
>
> As you may be aware, efforts to address illegal online activities using DNS
> filtering techniques have been cropping up all over the globe.  Attached is
> a DRAFT ISOC paper that outlines the issue and offers ISOC's concerns with
> this approach.  This paper is aimed at a non-technical audience.
>
> We want to share this draft paper with you and seek your views on its
> content.  Because this paper will help inform an IGF Workshop in September,
> we would appreciate if you could send us any comments as soon as possible
> but not later than FRIDAY, 09 SEPTEMBER.  This way, we will have time to
> consider all the views as we put together a final version.
>
> Thanks in advance!
>
> Sally Wentworth
> Andrei Robachevsky
>
>
>
>
> ________________________________
> CONFIDENTIALITY: This email is intended solely for the person(s) named and
> may be confidential and/or privileged. If you are not the intended
> recipient, please delete it, notify us and do not copy, use, or disclose its
> content. Thank you.
>
> Towards A Sustainable Earth: Print Only When Necessary
> _______________________________________________
> Chapter-delegates mailing list
> Chapter-delegates at elists.isoc.org<mailto:Chapter-delegates at elists.isoc.org>
> https://elists.isoc.org/mailman/listinfo/chapter-delegates
>

-- 
Kindest regards,
Rodel Urani