Abstract: | Three main methods of content blocking are used on the Internet: | blocking routes to particular IP addresses, blocking specific URLs | in a proxy cache or firewall, and providing invalid data for DNS | lookups. The mechanisms have different accuracy/cost | trade-offs. This paper examines a hybrid, two-stage system that | redirects traffic that might need to be blocked to a proxy cache, | which then takes the final decision. This promises an accurate | system at a relatively low cost. A British ISP has deployed such a | system to prevent access to child pornography. However, | circumvention techniques can now be employed at both system stages | to reduce effectiveness; there are risks from relying on DNS data | supplied by the blocked sites; and the system can be used as an | oracle to determine what is being blocked. Experimental results show | that it is straightforward to use the system to compile a list of | illegal websites.
<http://www.cl.cam.ac.uk/users/rnc1/cleanfeed.pdf> (via Seth Finkelsteins Infothought) Die Inhalte sind ganz interessant, auch wenn ich den in Abschnitt 5.2 beschriebenen Angriff nicht unbedingt Cleanfeed zuordnen w�rde. (JFTR: Mit dem "cleanfeed" f�r den Newsserver INN hat das *gar* *nichts* zu tun.) -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
