I created a company for that in 2008 at the time there were HADOPI discussions in France. Encryption is not the only problem to solve as you may have only egress or ingress traffic on the box, and you may be connected as a tap and need to inject « resets » to terminate « bad sessions ». In 2009 EANTC tested 26 products in their Berlin Lab from big (Cisco, Allot, Juniper…) and small players (us). We were the only one meeting all criteria (>10Gbps - actually did 20Gbps; encrypted traffic; tunneled traffic such as Thor; asymmetric traffic; YouTube; P2P jungle;…). Note: to enable the full scale of features this its not an only matter of technology but right way to deploy (what, where, how). Last, but not least, the most critical aspect, in relation with legal aspects, is that the granularity of action should be the « session » , not the IP address (we were doing that).
In any case, lack of multi-national legal basis makes filtering a problem... > Le 21 févr. 2025 à 05:10, Collin Anderson <col...@averysmallbird.com> a écrit > : > > This thread wisely points out the technical reasons the request is difficult, > but I think the underlying answer is a bit closer to Brian and Joel's > response, which is that it's country-specific. In a fair amount of > jurisdictions, there's either a centralized list or apparatus to deal with > the requirement, or you're having to hash it out with some court order or > settlement. Where there's still ambiguity or some lingering threat of > state/civil action, the answer is generally to talk to operators in the same > country and at least do what they are doing. The best way of not creating > problems (when you aren't willing to deal with said problems) is to not be > tall grass. > > On Thu, Feb 20, 2025 at 8:41 PM Mike Hammett <na...@ics-il.net > <mailto:na...@ics-il.net>> wrote: >> More than one vendor has claimed to be able to do this. I have been under >> the weather the past week, so I haven't been able to have conversations with >> the rest. >> >> However, the one I talked to more or less has a team whose purpose is to >> search out the content as if you were a user, build a signature, and push >> the signature out. Obviously, that won't stop individual Plex, FTP, etc. >> servers, but it sounds like it goes by the 90/10 rule. If you make it hard >> enough, most people will give up. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com <http://www.ics-il.com/> >> >> Midwest-IX >> http://www.midwest-ix.com <http://www.midwest-ix.com/> >> >> ----- Original Message ----- >> From: "Mike Hammett" <na...@ics-il.net <mailto:na...@ics-il.net>> >> To: "NANOG" <nanog@nanog.org <mailto:nanog@nanog.org>> >> Sent: Monday, February 10, 2025 2:57:46 PM >> Subject: Filtering "Illegal" Video >> >> I've never paid much attention to the abilities to filter traffic because I >> didn't care what my customers were doing until which time a lawful order >> told me to care. >> >> Someone recently asked me that since there was only one legal way in a >> particular country to consume television service over IP, was there any way >> to block the "illegal" streams. I put "illegal" in quotes because some of it >> really is the pirated crap, but some is likely just watching Netflix, Prime, >> Hulu, etc. over a VPN. >> >> With the tooling I have, no, I can't block that stuff. Well, at least not >> with any precision. I'd certainly miss a bunch and there would be a bunch of >> collateral damage. However, I also know that I'm not using overly >> sophisticated tooling or methods to achieve this. >> >> Are there platforms out there that can accomplish this with any precision? >> >> No, I don't know what constitutes "TV" in that jurisdiction, nor do I ask >> this group to weigh in on that. Are YouTube, Vimeo, and Rumble "TV"? Are >> Netflix and Prime "TV"? >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com <http://www.ics-il.com/> >> >> Midwest-IX >> http://www.midwest-ix.com <http://www.midwest-ix.com/> >> >> >> >> > > > > -- > Collin David Anderson > averysmallbird.com <http://averysmallbird.com/> | @cda | Washington, D.C.
