On Mon, Feb 10, 2025 at 4:14 PM Mike Hammett <na...@ics-il.net> wrote: .. > Are there platforms out there that can accomplish this with any precision?
the Snort IDS? Any product capable of deep packet inspection that can be plugged into a Tap or SPAN port. Many network-based IDS would allow you to write custom rules to detect packets matching certain patterns. Then if the packet being sent out matches your custom rules one can execute a trigger condition, such as temporarily block the customer IP address for 2 minutes, until all their opened TCP connections time out. There's a scalability issue in that a large carrier would require a massive number of analysis machines. The cost and hardware resources to operate inspection devices can be very high, and they can be very prone to false positives. > No, I don't know what constitutes "TV" in that jurisdiction, nor do I ask > this group to weigh in on that. Are YouTube, Vimeo, and Rumble "TV"? Are > Netflix and Prime "TV"? In most of the world "Block all Illegal TV" would be a vague unenforceable order. The biggest thing you had to do in that case may be to file a response to the order and provide what additional information/direction is necessary. Carrying out a blocking order for an ISP would generally include steps such as modifying your recursive DNS server policies to deny lookups for the domain names to be blocked. Or possibly adding ACLs to deny traffic towards IP addresses from your customers on your network within jurisdiction provided the IP addresses belong to entities to be blocked. It's not that you have to weight in on what you think is illegal TV; it's not a carrier's duty to figure out every type of message that might be illegal where you have no knowledge. Until there is a particular regulation or law spelling out the requirement specifically or Until you are given enough information about exactly who to block with enough specificity to block them without causing damage to other legitimate service providers who aren't subjects of the order. For you to block Youtube: they had to tell you specifically to block Youtube. Netflix would not be covered, unless they provide Netflix in the order, etc. You had to have knowledge that a particular domain, IP address, or protocol is an illegal service in order to recognize it should be blocked. It's not generally possible to block a whole protocol without the network containing deep-packet inspection equipment. In that case protocol alone still cannot tell you the difference between IP telephony/videoconferencing, or personal streaming versus viewing illegal content. Traffic over VPNs is almost completely opaque, and there is no way for a transit provider to detect the difference between transferring legal Linux install disk images or Home security footage to a cloud provider versus pirated movies. So the only blocking order that could really apply to data transmission over VPN would be if the whole VPN connection is to be blocked. As a carrier you should have legal counsel to advise you about special regulations in countries you operate. It is possible to make efforts at disrupting or throttling different protocols or port numbers. For example, you could deploy a solution to block bittorrent if you wanted, but it would be expensive, not highly effective, and still impact legal uses of the protocol just as much as illegal uses. > ----- > Mike Hammett -- -JA
