Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

What is SOPA? And is it as bad as everyone says it is? Part 2

What is SOPA? And is it as bad as everyone says it is? Part 2

Rate This
  • Comments 1

Continuing on from my previous post, the SOPA process is this:

  1. A website based in China hosts a bunch of illegally obtained, copyrighted material. Let’s assume that these are all movies, and the website is called “http://myfreemovies.cn. The A-record for this website is 292.168.11.47. They make these movies available for free to anyone who logs in and downloads them (i.e., the Napster model). This is against US law.

  2. The Attorney General discovers this web site and asks China to shut it down. The country of China responds with “GFY. And MYOB.”

  3. The Attorney General issues notices to the following US corporations:
    1. To Google, Yahoo and Microsoft, ordering them to exclude myfreemovies.cn from any search result.

    2. To Google (again), ordering them to refuse serving up and taking any revenue from advertisements on myfreemovies.cn.

    3. To Comcast, Verizon and RoadRunner, telling them to refuse resolution for any http request that points to 292.168.11.47.

None of the above sub-points are difficult to implement from a technical point of view. Indeed, we have been doing them for years:

  • Spam filters have long since used URL blocklists. Furthermore, they also perform URL/host resolution and keep track of spammy IP space. If spam messages point to bad IP space, they score the message as spam.

  • This technique is no longer novel. Search engines have filtered their search results for malicious links and fraudulent pharmaceuticals for years. This is in response to Black Search Engine Optimization.

  • ISPs have had options to do DNS filtering. 15 months ago, I wrote a post about the Response Policy Zone (RPZ) that discusses how to filter for bad URLs at the DNS level.

  • ISPs filtering their own users is also not new. 15 months ago, I wrote a post about how Comcast redirects users to a quarantine if their computer is accessing a known C&C.

Of course, spammers are equally familiar with these tactics which is why they rotate through domains and IPs so quickly, and why spam filters (and search engine and other types of filters) are so constantly updating their lists of abusive locations.

But the point is that this “censorship” has been voluntary by large services for a long time. It isn’t anything new; compliance with SOPA or PIPA simply means that in addition to keep track of bad guys, companies would have to keep track of one more additional list of copyright infringers.

That doesn’t sound so bad.

Does it?

Leave a Comment
  • Please add 4 and 3 and type the answer here:
  • Post
  • No.  It doesn't.  But at the same time, one could get around it very easily for instance, by running your own recursive DNS server (I do it at home and love it.)  

Page 1 of 1 (1 items)