Hundreds of Sites Blocked By Canadian ISP 302
An anonymous reader writes "Last week Slashdot reported on the blockage
of a union website by Telus, a leading Canadian ISP. Since
that story, the company has restored access but the fallout
continues. The move may lead to new
ISP regulations in Canada and a study
by the OpenNet Initiative has found that by blocking the union
site, Telus also blocked an additional 766 websites including a breast
cancer fundraising site." From the article: "While there are a number of different ways to block access to Web
sites, the method Telus chose to block the Voices for Change site --
blocking its IP address -- produced massive collateral filtering.
Filtering by IP address is efficient since ISPs can quickly and
effectively block access to the target site using their existing routing
technology. Many ISPs already block certain IP addresses to combat
spam and viruses. Large networks, like Telus, have mechanisms in
place to block IP addresses almost instantaneously, simply by
updating their routers with a "block list" of addresses.
However, it is common for many different, unrelated Web sites to
share the same IP address."
Re:i'm confused.... (Score:2, Informative)
Re:i'm confused.... (Score:4, Informative)
Re:i'm confused.... (Score:5, Informative)
Re:i'm confused.... (Score:3, Informative)
From the Apache WebSite.
http://httpd.apache.org/docs/2.0/vhosts/name-base
IP-based virtual hosts use the IP address of the connection to determine the correct virtual host to serve. Therefore you need to have a separate IP address for each host. With name-based virtual hosting, the server relies on the client to report the hostname as part of the HTTP headers. Using this technique, many different hosts can share the same IP address.
Name-based virtual hosting is usually simpler, since you need only configure your DNS server to map each hostname to the correct IP address and then configure the Apache HTTP Server to recognize the different hostnames. Name-based virtual hosting also eases the demand for scarce IP addresses. Therefore you should use name-based virtual hosting unless there is a specific reason to choose IP-based virtual hosting. Some reasons why you might consider using IP-based virtual hosting:
Wow (Score:5, Informative)
A buddy of mine is a desktop admin at Telus in Toronto (the strike is in Alberta and BC). That's a hell of a message to send to the rest of your employees: "We 'support' your right to strike, but we don't want your message to get out to the world."
And he thought he hated his job before the strike. Yow.
Re:Hypocrisy in action. (Score:5, Informative)
Nothing new (Score:3, Informative)
Worse still, 'black-list' blocks not JUST only the IP, but entire subnets or IP ranges...you spend a whole friggen day debugging your network-router-firewall setup and spend the rest of the week arguing with your ISP about who's fault it is.
Solutions:
ifconfig
change MAC address? - an option, as 'most' routers can 'spoof' MAC addresses.
Re:Illegal, reckles, and dangerous. (Score:3, Informative)
Hope this helps.
Re:Never thought about it (Score:1, Informative)
More often than not they are just kids recruited from school and payed a pitance, they may as well be flipping burgers.
Same goes for all sorts of companies and institutions. All your precious data and services are run by cretins.
Re:Hypocrisy in action. (Score:5, Informative)
I used to work for a national NSP and during my tenure there we developed a few ways to block IP's despite the fact that half the linecards in our network didn't support packet filtering.
The best way to do this was with a global null route. We'd add a route on all the routers pointing one of our unused IPs to the null0 interface. Then we ran a "null route server" where anything we wanted to block was routed to that IP address (causing all traffic to it to get blocked at the entry point, rather than routed through the network)
We used these measures exclusively for spammers and for large DOS attacks. (For DOS attacks it was less effective because you actually had to block the victim instead of the source, but it was better than nothing)
The point behind this is, many times we had virtual hosting providers call us up and tell us we'd blocked thousands of sites, some even went on to name names. We told them to get the spammer off their server before service would be restored.
This is the normal policy of most ISPs. No Collateral damage involved, you violated the terms of service and I'm sorry your business revolves around the idea of putting a thousand customers on one point of failure.
Now, I'm not saying this is what Telus did. I'm saying this is what they probably did and you guys are jumping to conclusions. The fact is, from a router standpoint it's extrodinarly hard to block "www.example.com" without doing it by IP address.
Contact the CRTC about this (Score:3, Informative)
There's a five-step form, and they'll refer the complaint. For a quick cut-and-paste snippet, go to the following:
Please be advised that Telus Corporation may be in violation of the Telecommunications Act, Section 36. Please see http://www.crtc.gc.ca/RapidsCCM/Register.asp?lang
Telus ethics (Score:5, Informative)
How can they possibly claim that they took an ethical approach when they unilaterally terminated access to a website that depicted Telus in an unfavorable light. Whether the site in question was violating other contractual obligations or law is independent of the actions of Telus.
" Fellow TELUS team members:
Central to TELUS' purpose is to make the future friendly for our stakeholders. One of the critical elements in realizing this ambition is to ensure our individual and collective reputation is above reproach. How we work is just as important as what we do. Our goal is to demonstrate the highest level of ethics and integrity in our business dealings with all stakeholders (customers, shareholders, suppliers, colleagues, community). This is a corporate priority and a shared responsibility for all TELUS team members as each one of our actions and decisions affect our company and its reputation."
Re:Illegal, reckles, and dangerous. (Score:4, Informative)
No, what the website was doing was posting pictures of Telus managers.
Thats obviously an intimidation tactic, possibly even dangerious.
Yes, and there are methods of dealing with that - like court injunctions.
I think if they felt the site posed a danger to their employees, their right to safety is more important then thier status as a carrier, collateral damage be damned.
Bullshit. If they *really* felt that the site posed a danger, then they could get an injunction in a matter of hours. It is the correct way to do this, and it would actually *WORK*, because it would affect everybody, rather than just Telus customers.
Re:If they want to do that its fine (Score:1, Informative)
DMCA (Score:5, Informative)
I don't know if this is something that applies to Canada as well. But it's be biggest reasons why ISP's in USA will not filter or control access to parts of the internet based on content. The end user has the option to filter, but it must be controlled by that user, not the ISP.
Telus and ports... 80 is blocked (Score:3, Informative)
Re:Wow (Score:3, Informative)
As such the job action encompasses the entire Union, not just Alberta and BC how ever Telus has refused to provide the Union with the names of the employees in Eastern Canada.
Further, the job action is not actually a strike. Union members in BC and Northern Alberta were locked out of their jobs in an act initiated by Telus creating a 'Lock Out' and not a 'Strike'. Important distinction.
telus changes it's tune (Score:2, Informative)
After an out of court settlement today, TELUS acted quickly to remove the restrictions it placed on nearly one million customers. TELUS customers, and other Internet Service Providers who provide ADSL connections through the TELUS network are now able to connect to Voices For Change through its domain name www.voices-for-change.com.
(Now why the frack are ppl arguing about semantics and host headers? It's not even relevant to the topic.. sheesh)
Re:On the other hand... (Score:2, Informative)
Also, it was not the union who "was posting pictures of employees...". The site was run by a union member, which is a completely different story.
See you,
Stephan
Re:DMCA (Score:2, Informative)