Blocking certain terrorism/porn sites and DNS
Hi, I have a doubt which i am sure a lot of people in this list would be able to help me with. There was news that terror groups like Al Qaida, etc. are using internet to promote their terror links and these web sites provide online training on how one could assemble bombs, etc. The community as a whole wants to close all such web sites. I dont think there is any ambiguity there. My question is why cant we ban websites like, say, alqaida.com (hypothetical name), etc. from the whois database. As far as i understand if there is a website with the name of www.abc.com then it needs to register itself with the whois database (from network solutions) so that all the queries to this website can be forwarded to the corresponding nameserver. Now, if we want to block abc.com permanently then cant we simply remove this URL entry from the whois database? Will this work? Thanks, Abhishek -- Class of 2004 Institute of Technology, BHU Varanasi, India
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Abhishek Verma Sent: 18 August 2005 10:20 To: nanog@nanog.org Subject: Blocking certain terrorism/porn sites and DNS
Hi,
I have a doubt which i am sure a lot of people in this list would be able to help me with.
There was news that terror groups like Al Qaida, etc. are using internet to promote their terror links and these web sites provide online training on how one could assemble bombs, etc.
The community as a whole wants to close all such web sites. I dont think there is any ambiguity there.
My question is why cant we ban websites like, say, alqaida.com (hypothetical name), etc. from the whois database.
As far as i understand if there is a website with the name of www.abc.com then it needs to register itself with the whois database (from network solutions) so that all the queries to this website can be forwarded to the corresponding nameserver. Now, if we want to block abc.com permanently then cant we simply remove this URL entry from the whois database?
Will this work?
It would stop them using whichever hostnames you banned but do you really think this would stop them using the internet. Terrorist1: Mmmm seems the internet community have put a stop to us using www.bombsrus.com Terrorist2: Ok right lets give up and strive for world peace instead. I don't think so :) More likely they will (and already are) hiding behind very non terror sounding names, not a lot we can do about that really. Brett.. -- Brett Carr Ripe Network Coordination Centre System Engineer -- Operations Group Singel 258 Amsterdam NL GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8
Will this work?
It would stop them using whichever hostnames you banned but do you really think this would stop them using the internet.
No, that wasnt my point. I just wanted to make sure that my understanding of banning a hostname was indeed correct. We can this way atleast block all websites with *alqaida* domain names. I wanted to know if the arguments of "freedom of speech" etc. apply to the Internet also, wherein somebody could argue that no central authority can stop somebody from expressing their thoughts, etc.
Terrorist1: Mmmm seems the internet community have put a stop to us using www.bombsrus.com Terrorist2: Ok right lets give up and strive for world peace instead.
I don't think so :)
Even i dont think so! :)
More likely they will (and already are) hiding behind very non terror sounding names, not a lot we can do about that really.
Brett..
On 18/08/05, Abhishek Verma <abhishekv.verma@gmail.com> wrote:
I wanted to know if the arguments of "freedom of speech" etc. apply to the Internet also, wherein somebody could argue that no central authority can stop somebody from expressing their thoughts, etc.
The EFF on line 1, for you
On 8/18/05, Abhishek Verma <abhishekv.verma@gmail.com> wrote:
The community as a whole wants to close all such web sites. I dont think there is any ambiguity there.
I disagree. There absolutely IS some ambiguity there, the community as a whole does not want to "close all such web sites". It was bad enough back in the '90s when Internic refused to accept registration of certain four letter words. DNS is not a proper venue for censoring ideas.
No, that wasnt my point. I just wanted to make sure that my understanding of banning a hostname was indeed correct. We can this way atleast block all websites with *alqaida* domain names.
I wanted to know if the arguments of "freedom of speech" etc. apply to the Internet also, wherein somebody could argue that no central authority can stop somebody from expressing their thoughts, etc.
Within the USA, arguments of "freedom of speech" DO apply. Somebody can and should argue that no central authority is entitled to stop somebody from expressing their thoughts. IMHO, it is not the purpose of network operators to make value judgments regarding the packets that we transport. Why not just bring back the "evil bit" as a serious proposal? Kevin Kadow
It was bad enough back in the '90s when Internic refused to accept registration of certain four letter words. DNS is not a proper venue for censoring ideas.
Again, I am not discussing "censoring ideas". I want to know if its indeed "tehnically" possible and feasible to block a website URL from being accessed.
No, that wasnt my point. I just wanted to make sure that my understanding of banning a hostname was indeed correct. We can this way atleast block all websites with *alqaida* domain names.
I wanted to know if the arguments of "freedom of speech" etc. apply to the Internet also, wherein somebody could argue that no central authority can stop somebody from expressing their thoughts, etc.
Within the USA, arguments of "freedom of speech" DO apply.
Somebody can and should argue that no central authority is entitled to stop somebody from expressing their thoughts.
IMHO, it is not the purpose of network operators to make value judgments regarding the packets that we transport.
Why not just bring back the "evil bit" as a serious proposal?
Kevin Kadow
-- -- Class of 2004 Institute of Technology, BHU Varanasi, India
Again, I am not discussing "censoring ideas". I want to know if its indeed "tehnically" possible and feasible to block a website URL from being accessed.<<
Technically, easy enough to test, open your hosts file and do an entry like 127.0.0.1 www.abc.com it should block it just as if the root servers blocked it and you can test to see if this is "feasible" all you like without actually affecting anyone else. The problem with feasibility is that not all of us consider peril sensitive sunglasses to be a solution. Geo. George Roettger Netlink Services
coz i assumed that everyone wants to block such sites. sorry if i hurt some feelings. apologies, abhishek On 8/18/05, Randy Bush <randy@psg.com> wrote:
Again, I am not discussing "censoring ideas".
then why did you use emotionally loaded words such as "terrorist?"
randy
-- -- Class of 2004 Institute of Technology, BHU Varanasi, India
There are actually perfectly valid reasons for not blocking such sites, even if you feel (as I do) that jihadis are the enemies of civilization. Many of these sites are used to transmit data concerning terrorist attacks or for recruitment, etc. Some include forums where supporters can post messages. Its a safe bet to assume that various law enforcement bodies may monitor such sites. If you block them at the DNS level, they will simply move elsewhere. Logically, it will take longer for law enforcement to catch up than it will for the bad guys to start using another domain name. That's a bad thing. So, to answer your original question: yes, it is entirely possible, from a technical point of view*. If you were going to block a web site, using DNS is probably the best way to ensure there is minimal "collateral damage" - blocking via IP address will result in other sites getting blocked due to virtual hosting (using a single IP address for many web sites). However, there are legal, ethical, and law enforcement reasons why such action may not always be wise. Discussing any sort of blocking will always arouse passions. Talking about blocking port 445 to stop an (alleged) worm infestation seems to get people's undergarments in a knot. For good or ill, the Internet was built as an open network and seems to work best that way. That ideal has been transmitted to most of those who currently toil away to keep it running and to improve it. Don't be afraid to keep asking questions, Abhishek. Just remember that the inmates of this particular asylum get testy now and again :) Thanks, Daniel Golding (*There are additional questions on where you should do this blocking. That's an entirely separate can of worms) On 8/18/05 6:38 AM, "Abhishek Verma" <abhishekv.verma@gmail.com> wrote:
coz i assumed that everyone wants to block such sites.
sorry if i hurt some feelings.
apologies, abhishek
On 8/18/05, Randy Bush <randy@psg.com> wrote:
Again, I am not discussing "censoring ideas".
then why did you use emotionally loaded words such as "terrorist?"
randy
-- Daniel Golding Network and Telecommunications Strategies Burton Group
Check out http://tor.eff.org. Of particular interest are "hidden services." If you think you can block the use of the Internet... think again. -Jeff -- ============================================================================= Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice jis@mit.edu ============================================================================
On 8/18/05, Daniel Golding <dgolding@burtongroup.com> wrote:
There are actually perfectly valid reasons for not blocking such sites, even if you feel (as I do) that jihadis are the enemies of civilization.
<politics> Enemies of Civilization? The defensive Jihad going on is simply a War on US policies and defense of their land. It's simply outrageous that after all the coverage and books that have been written on this subject (sept 11, bin laden, jihad, muslim fundamentals) that some/most Americans still think that radical islamists hate Americans, Freedom, and Democracy. It's simply false; radical islamists hate American military on their land, Americans defending and arming radical muslim dictators (think Saudi), who prosecute and murder their people, and the western world exploiting their countries natural resources, oil , to be sold at below fair market value. They don't hate you or I, the only thing they hate is US policy, if it were to change so would the world (for now). Why were the sept 11 Hijackers Saudi? Because they hate the US support of the dictators who are oppressing them. By the way, where is the plane? Can anyone show proof of a plane hitting the pentagon? A plane, debris, engines, luggage, remains? </politics>
Can someone point me to a mailing list that discusses netops? I seem to have stumbled across the net.kook terrorism rant list by accident. Thanks! -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/
Abhishek Verma wrote:
coz i assumed that everyone wants to block such sites.
Bad assumption. After all, terrorist is poorly defined, and from the perspective of a particular government. For example, Hamas is considered a terrorist organization by Israel and the US, but other governments note a "freedom fighter" humanitarian organization that runs schools and medical facilities. Zionists were once considered terrorists by the British and the United Nations (the settler that shot unarmed Palestinians yesterday would certainly count even these days), yet those freedom fighters now have a country code of their own. Under a strict definition, the continuing zotob et alia attacks are terrorism. But we block their sites as a "police" of their actions that hurt us on the Internet, rather than because of their thoughts. Funny thing though, they don't seem to call their sites "spam-king", but instead "opt-in-real-big", or the equivalent. So, we have to examine their binaries to find the sites.
sorry if i hurt some feelings.
It's not our feelings, it's that you didn't think of the consequences. Apparently, you need a bit of life experience, "Class of 2004". Some of us remember there was a coup in Russia, and the Parliament was being shelled. They cut the phone lines, yet the Internet didn't go down, and became the only method of communication. Real-time reports were passed across the border; international outrage helped save lives. Certain governments considered the export of packet switching technology to Russia as treasonous. Was it a good thing, anyway?
On 8/18/05, Randy Bush <randy@psg.com> wrote:
Again, I am not discussing "censoring ideas".
then why did you use emotionally loaded words such as "terrorist?
and "porn", which is also clearly in the eye of the beholder.... ;-) -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
you seem to have a couple of ideas co-mingled. ) whois == dns ... there is zero technical requirement for whois to exist. removing or blocking entries in your whois of choice is trivial and painless. ) URLs map to IP addresses. ... you can or your ISP can filter based on IP address pretty easily. You only task here is to keep up with the DNS changes that move the URL to new IP space. ) there is NO centralized system here. there are hundreds of whois systems in place and the DNS is structured so that responsibility is delegated... there would have to be worldwide agreement on not only what should be filtered but how. And that (worldwide agreement) is going to be hard to bring to pass. So just because the VSGN whois does not have the entry, does not mean that the IN whois does not have it either. Or because VSNL blocks IP packets to certain prefixes does not mean they are not routed elsewhere in the Internet. --bill On Thu, Aug 18, 2005 at 03:27:14PM +0530, Abhishek Verma wrote:
It was bad enough back in the '90s when Internic refused to accept registration of certain four letter words. DNS is not a proper venue for censoring ideas.
Again, I am not discussing "censoring ideas". I want to know if its indeed "tehnically" possible and feasible to block a website URL from being accessed.
No, that wasnt my point. I just wanted to make sure that my understanding of banning a hostname was indeed correct. We can this way atleast block all websites with *alqaida* domain names.
I wanted to know if the arguments of "freedom of speech" etc. apply to the Internet also, wherein somebody could argue that no central authority can stop somebody from expressing their thoughts, etc.
Within the USA, arguments of "freedom of speech" DO apply.
Somebody can and should argue that no central authority is entitled to stop somebody from expressing their thoughts.
IMHO, it is not the purpose of network operators to make value judgments regarding the packets that we transport.
Why not just bring back the "evil bit" as a serious proposal?
Kevin Kadow
--
-- Class of 2004 Institute of Technology, BHU Varanasi, India
It was bad enough back in the '90s when Internic refused to accept registration of certain four letter words. DNS is not a proper venue for censoring ideas.<<
and the end result is a monopoly http://datapimp.com/ Geo. George Roettger Netlink Services
Why not just bring back the "evil bit" as a serious proposal?
I've recently discovered a useful application for the evil bit: sandboxes for mobile code (think Java applets) can use it to instruct firewalls not to open additional ports just because a client sends a "PORT" command on a port 21/TCP connection. 8-)
On Thu, Aug 18, 2005 at 02:32:42PM +0530, Abhishek Verma wrote:
No, that wasnt my point. I just wanted to make sure that my understanding of banning a hostname was indeed correct. We can this way atleast block all websites with *alqaida* domain names.
I believe you've mispelt "Al Q'aeda". You see the problem. Cheers, -- jr 'PDFTT' a -- Jay R. Ashworth jra@baylink.com Designer +-Internetworking------+----------+ RFC 2100 Ashworth & Associates | Best Practices Wiki | | '87 e24 St Petersburg FL USA http://bestpractices.wikicities.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
On Thu, 18 Aug 2005, Jay R. Ashworth wrote:
I believe you've mispelt "Al Q'aeda".
You see the problem.
*Especially* with respect to English translations of Arabic names. How many different ways are there to spell Saddam Husein? For that matter, how many different spellings did the media outlets use for Moammar Quaddafi? -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: sjsobol@JustThe.net Snail: 22674 Motnocab Road, Apple Valley, CA 92307
On Thursday 18 Aug 2005 9:20 am, Abhishek Verma wrote:
My question is why cant we ban websites like, say, alqaida.com (hypothetical name), etc. from the whois database.
If we, is the US department of commerce, the answer is probably yes. The only operational significance, is that there is no way easy way of estimating in advance the effect of removing valid DNS information from the system, unless you are the administrator of the system concerned (and even then mistakes happen - not when I do it of course<cough>). i.e. It may be that a nameserver called "ns1.example.com" supports domains in a completely different TLD, like "example.co.uk", which belongs to an important organisation or service. That said spammers routinely have domains, and nameservers, removed with very little if any damage to legitimate Internet users. The real question is should we, words don't kill people, people kill people.
If we, is the US department of commerce, the answer is probably yes.
The only operational significance, is that there is no way easy way of estimating in advance the effect of removing valid DNS information from the system, unless you are the administrator of the system concerned (and even then mistakes happen - not when I do it of course<cough>).
i.e. It may be that a nameserver called "ns1.example.com" supports domains in a completely different TLD, like "example.co.uk", which belongs to an important organisation or service.
Okay, so i am not talking about blocking or removing a name server. I am talking of removing that offending entry (like www.abc.com) from the whois database or whereever the central database is mantained.
That said spammers routinely have domains, and nameservers, removed with very little if any damage to legitimate Internet users.
The real question is should we, words don't kill people, people kill people.
Definitely!
-- -- Class of 2004 Institute of Technology, BHU Varanasi, India
Okay, so i am not talking about blocking or removing a name server. I am talking of removing that offending entry (like www.abc.com) from the whois database or whereever the central database is mantained.
on the global internet, i doubt there is anything that does not offend someone. randy
Who's going to judge whether it is good or bad? There is a lot of different point of view, and we couldn't know whether it is good or bad until the website is launching. I don't think this will resolve anything for anti-terrorism. Terrorism is judged by government viewpoint, and they have the power to order ISP to stop the site when they need. This is not the technical issue at all. A terrorist may be the hero for other country, and there is no way to make this as global practice. Some country may have different meaning for AlQaida by their language or local customs for an example. Even if this is enforced, people can do host the site under hotmail.com or some public web hosting site. So do we want to kill the domain because of one user's activities? I'm not saying that terrorist activities is acceptable, but this should be done by local government law and followed by legitimate procedure, not by technical/operational practice. I'm sure any registry can remove the domain if there is the reasonable request by the internal procedure or local government law or court order. Abhishek Verma wrote:
If we, is the US department of commerce, the answer is probably yes.
The only operational significance, is that there is no way easy way of estimating in advance the effect of removing valid DNS information from the system, unless you are the administrator of the system concerned (and even then mistakes happen - not when I do it of course<cough>).
i.e. It may be that a nameserver called "ns1.example.com" supports domains in a completely different TLD, like "example.co.uk", which belongs to an important organisation or service.
Okay, so i am not talking about blocking or removing a name server. I am talking of removing that offending entry (like www.abc.com) from the whois database or whereever the central database is mantained.
That said spammers routinely have domains, and nameservers, removed with very little if any damage to legitimate Internet users.
The real question is should we, words don't kill people, people kill people.
Definitely!
* Abhishek Verma:
There was news that terror groups like Al Qaida, etc. are using internet to promote their terror links and these web sites provide online training on how one could assemble bombs, etc.
If I were interested in instructions for assembling bombs, I'd look for U.S. militia sites, which happen to be protected by the First Amendment.
The community as a whole wants to close all such web sites. I dont think there is any ambiguity there.
Some U.S. Americans value their free speech rights, so the agreement is certainly not universal. If I'm not mistaken, the U.S. are quite lenient on their own lunatic fringe, especially if they wave the proper flags.
As far as i understand if there is a website with the name of www.abc.com then it needs to register itself with the whois database (from network solutions)
The central WHOIS database for .COM and .NET is NOT run by Network Solutions. Verisign (or the U.S. government) can only exercise control over most ccTLDs in a very disruptive way, which is unlikely to have a long-lasting effect if the ccTLD in question has any commercial value (unlike .iq, for example).
so that all the queries to this website can be forwarded to the corresponding nameserver.
I think you are interested in DNS, not WHOIS. WHOIS is mostly irrelevant in this discussion (except if you want to shut down sites quickly, see the recent thread on this list).
Now, if we want to block abc.com permanently then cant we simply remove this URL entry from the whois database?
The WHOIS database does not store URLs in the way you think it does. The U.S. administration cannot police the entire DNS name space. For example, I can add new domain names under enyo.de, and no one will know or can do anything about it (except maybe my brother and some people who have access to a special WHOIS server). Another example: There are many alleged child porn sites with host names ending in .ru. The U.S. government could ask IANA/Verisign to remove the delegation of .ru from the root name servers, but it's likely that those who have must access Russian sites (or whose customers request it) simply resurrect the delegation locally, or use some altenative set of DNS root servers. (Direct action against .RU sites is often infeasible, I'm told.)
On Thu, Aug 18, 2005 at 01:50:08PM +0530, Abhishek Verma wrote:
I have a doubt which i am sure a lot of people in this list would be able to help me with.
There was news that terror groups like Al Qaida, etc. are using internet to promote their terror links and these web sites provide online training on how one could assemble bombs, etc.
The community as a whole wants to close all such web sites. I dont think there is any ambiguity there.
Really? I think there are a lot of people who would disagree with you here. w
participants (19)
-
Abhishek Verma -
bmanning@vacation.karoshi.com -
Brett Carr -
Conrad -
Daniel Golding -
Florian Weimer -
Geo. -
Hyunseog Ryu -
Jay R. Ashworth -
Jeffrey I. Schiller -
Jonathan M. Slivko -
Kevin -
Randy Bush -
Simon Waters -
Steven Champeon -
Steven J. Sobol -
Suresh Ramasubramanian -
Will Yardley -
William Allen Simpson