this is not the right way to block access to a site as i can setup my own dns or use foreign nameservers
but what is the best method? blocking ip traffic to the site can also mean to block legitimate traffic to a shared hosting server!?
cheers oliver
On Feb 17, 2009, at 4:57 PM, "Xaver Aerni" <mailto:xaerni@pop.chxaerni@pop.chmailto:xaerni@pop.ch> wrote:
When the ISP block it only by DNS Filtering??? I think to block 1 side is a DNS Filtering the easyest and fastest way. Greetings Xaver ----- Original Message ----- From: Yann Gauteronmailto:ygauteron@gmail.com To: mailto:swinog@swinog.ch mailto:swinog@swinog.ch swinog@swinog.chmailto:swinog@swinog.ch Sent: Tuesday, February 17, 2009 4:50 PM Subject: Re: [swinog] Post from Canton de Vaud
You're assuming that the biggest ISPs will apply the filtering at the entrance of their network, which is not necesseraly true. They can also decide to filter closer to their access equipments. This would mean that peerings with other ISPs or BGP-tiered enterprises would be unfiltered.
Depending where the filtering is applied, professional access could also be prevented to be filtered.
________________________________
_______________________________________________ swinog mailing list mailto:swinog@lists.swinog.chswinog@lists.swinog.chmailto:swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list mailto:swinog@lists.swinog.chswinog@lists.swinog.chmailto:swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinoghttp://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
IP Block is the Problem, you are Blocking more sites as the to block... I think a Server has 100 Sites if you block the IP all 100 Sites are blocked. You have a big Problem you must block a Site Xy and the UBS.Com or an other bigger Firm is on the same server. Greetins Xaver ----- Original Message ----- From: Oliver Bolliger To: Xaver Aerni Cc: swinog@swinog.ch Sent: Tuesday, February 17, 2009 5:14 PM Subject: Re: [swinog] Post from Canton de Vaud
this is not the right way to block access to a site as i can setup my own dns or use foreign nameservers
but what is the best method? blocking ip traffic to the site can also mean to block legitimate traffic to a shared hosting server!?
cheers oliver
On Feb 17, 2009, at 4:57 PM, "Xaver Aerni" xaerni@pop.ch wrote:
When the ISP block it only by DNS Filtering??? I think to block 1 side is a DNS Filtering the easyest and fastest way. Greetings Xaver ----- Original Message ----- From: Yann Gauteron To: swinog@swinog.ch Sent: Tuesday, February 17, 2009 4:50 PM Subject: Re: [swinog] Post from Canton de Vaud
You're assuming that the biggest ISPs will apply the filtering at the entrance of their network, which is not necesseraly true. They can also decide to filter closer to their access equipments. This would mean that peerings with other ISPs or BGP-tiered enterprises would be unfiltered.
Depending where the filtering is applied, professional access could also be prevented to be filtered.
--------------------------------------------------------------------------
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Xaver Aerni wrote:
IP Block is the Problem, you are Blocking more sites as the to block... I think a Server has 100 Sites if you block the IP all 100 Sites are blocked. You have a big Problem you must block a Site Xy and the UBS.Com or an other bigger Firm is on the same server.
In other words, you need to publish content you don't want to be removed on a company webserver outside of switzerland, or easier, put it on twitter, digg, facebook, myspace etc etc etc... hell, make it a video message on Youtube ;)
Another trick is to get accounts on massive shared hosting servers.
Lets see a 'judge' request for blocking that kind of sites. Of course, Google Cache and archive.org is always so nice to retain a copy ;)
IP-based blocking is too crude, as it hurts other content too. DNS-based blocking is too minimal as it can be circumvented easily.
Both of course don't stand a chance against anonymizers and proxies.
As there clearly is no technical way to block the content, the only thing that is achieved is that the judge asks to censor the requested blocks from people who don't want to see it in the first place (people who want to see it will circumvent the block).
As such, request the 'judge' to provide the technical means to really make his/her request for blocking really effective and not just a little step up to get there.
Greets, Jeroen
Oliver Bollisger schrieb:
but what is the best method? blocking ip traffic to the site can also mean to block legitimate traffic to a shared hosting server!?
Filter the traffic for specific IPs/networks/etc (eg by playing some BGP games) through transparent proxies and redirect "forbidden" traffic to a suitable target (or /dev/null).
Yes, that is an engineering challenge, but feasible.
Yes, that is a legal challenge, but it can be done in ways compatible with constitutional rights and contractual obligations.
Yes, that contradicts many fundamental principles of how many people perceive the Internet, but that is a weak argument in public discussion.
Yes, judges from the canton of Vaud seem to be specifically incompetent and impertinent, but this can not be corrected by whining on a techie mailing list.
Note that I'm far from endorsing or supporting such decisions, but that I'm just asking for more effective ways to unmask the short-sightedness of the judges orders.
-- Matthias
There is one commercial solution out there I have heard about,
netclean Whitebox.
only problem? blind on one eye.
Quote: "The NetClean WhiteBox does not currently support IPV6"
Source of Quote? http://adminblog.ch/2009/01/ipv6-traffic-existiert/
lg silvan
Am 17.02.2009 um 23:44 schrieb Matthias Leisi:
Oliver Bollisger schrieb:
but what is the best method? blocking ip traffic to the site can also mean to block legitimate traffic to a shared hosting server!?
Filter the traffic for specific IPs/networks/etc (eg by playing some BGP games) through transparent proxies and redirect "forbidden" traffic to a suitable target (or /dev/null).
Yes, that is an engineering challenge, but feasible.
Yes, that is a legal challenge, but it can be done in ways compatible with constitutional rights and contractual obligations.
Yes, that contradicts many fundamental principles of how many people perceive the Internet, but that is a weak argument in public discussion.
Yes, judges from the canton of Vaud seem to be specifically incompetent and impertinent, but this can not be corrected by whining on a techie mailing list.
Note that I'm far from endorsing or supporting such decisions, but that I'm just asking for more effective ways to unmask the short- sightedness of the judges orders.
-- Matthias _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
silvan
they've presented the product on swinog last time: http://www.swinog.ch/meetings/swinog17/20081022_SWINOG.pdf
-steven
_____
From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Silvan Michael Gebhardt Sent: Tuesday, February 17, 2009 11:56 PM To: Matthias Leisi Cc: swinog@swinog.ch Subject: Re: [swinog] Post from Canton de Vaud
There is one commercial solution out there I have heard about,
netclean Whitebox.
only problem? blind on one eye.
Quote: "The NetClean WhiteBox does not currently support IPV6"
Source of Quote? http://adminblog.ch/2009/01/ipv6-traffic-existiert/
lg silvan
Am 17.02.2009 um 23:44 schrieb Matthias Leisi:
Oliver Bollisger schrieb:
but what is the best method? blocking ip traffic to the site can also
mean to block legitimate traffic to a shared hosting server!?
Filter the traffic for specific IPs/networks/etc (eg by playing some BGP games) through transparent proxies and redirect "forbidden" traffic to a suitable target (or /dev/null).
Yes, that is an engineering challenge, but feasible.
Yes, that is a legal challenge, but it can be done in ways compatible with constitutional rights and contractual obligations.
Yes, that contradicts many fundamental principles of how many people perceive the Internet, but that is a weak argument in public discussion.
Yes, judges from the canton of Vaud seem to be specifically incompetent and impertinent, but this can not be corrected by whining on a techie mailing list.
Note that I'm far from endorsing or supporting such decisions, but that I'm just asking for more effective ways to unmask the short-sightedness of the judges orders.
-- Matthias _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
I've uploaded the scan of the request to our webserver:
http://www.bebbicell.ch/PE03.018380.pdf
Andreas Fink
Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG IceCell ehf
--------------------------------------------------------------- Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: andreas@fink.org www.finkconsulting.com www.global-networks.ch www.bebbicell.ch --------------------------------------------------------------- ICQ: 8239353 MSN: msn1@gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333
Andreas Fink wrote:
I've uploaded the scan of the request to our webserver:
As one can read in your PDF on page 1 (in French) and page 3 (in German), the order is suspended until a decision is made regarding the appeal from Cyberlink.
My understanding (IANAL) is that this means there will be a statement from a judge whether or not this blocking order is legal and whether or not it has to be carried out by the Swiss ISPs.
Best regards,
Alexandre
right
As one can read in your PDF on page 1 (in French) and page 3 (in German), the order is suspended until a decision is made regarding the appeal from Cyberlink.
which will lead to a new recurse maybe :)
My understanding (IANAL) is that this means there will be a statement from a judge whether or not this blocking order is legal and whether or not it has to be carried out by the Swiss ISPs.
If the judge in charge fail with his decisssion who is gona to pay what he caused ? Maybe someone ordered allready equipment as he got paniked ...
Roger
Correct. The decision dated 11 February 2009 is not actually an order to do anything, but rather the official's decision that YOU DON'T HAVE TO DO ANYTHING, until the appeal by Cyberlink has been decided.
This explains the absence of a legal remedy. You don't need a legal remedy against a decision which does not oblige you to do anything.
It will be very interesting to see whether Cyberlink's appeal will be successful. If there's anyone from Cyberlink on this list: I would be very interested in reading a copy of the appeal, which of course would be treated confidentially (Anwaltsgeheimnis).
Regards, Christa
________________________________
Von: swinog-bounces@lists.swinog.ch im Auftrag von Alexandre Suter Gesendet: Mi 18.02.2009 12:41 An: swinog@swinog.ch Betreff: Re: [swinog] Post from Canton de Vaud
Andreas Fink wrote:
I've uploaded the scan of the request to our webserver:
As one can read in your PDF on page 1 (in French) and page 3 (in German), the order is suspended until a decision is made regarding the appeal from Cyberlink.
My understanding (IANAL) is that this means there will be a statement from a judge whether or not this blocking order is legal and whether or not it has to be carried out by the Swiss ISPs.
Best regards,
Alexandre
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
I've uploaded the scan of the request to our webserver: http://www.bebbicell.ch/PE03.018380.pdf
Thanks Andreas for sharing this information (since, somehow, we didn't receive it).
Question for you Christa. The order is suspended, does it mean that blocking those websites becomes now illegal ?
Oh, and thank you Christa for participating in the SwiNOG community debate, its always interesting (and almost required) to have a lawyer in such discussions.
Pascal
On 18.02.2009, at 13:45, Pascal Gloor wrote:
I've uploaded the scan of the request to our webserver: http://www.bebbicell.ch/PE03.018380.pdf
Thanks Andreas for sharing this information (since, somehow, we didn't receive it).
Question for you Christa. The order is suspended, does it mean that blocking those websites becomes now illegal ?
Oh, and thank you Christa for participating in the SwiNOG community debate, its always interesting (and almost required) to have a lawyer in such discussions.
Pascal_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
you have to read the thing fully:
The cover letter in french says CYBERLINK has opposed. The german text says despite the recurs of Cyberlink, it stays in force:
"Der Rekurs hat keine aufschiebende Wirkung aauf die Untersuchungshandlungen ; der angefochtene Entscheid ist trotz des Rekurses Rechtskräftig, es sei den der Untersuchungsrichter hat das Gegenteil entschieden"
Also, the original "order" was not sent to me, I wonder most about the sentence
"gegen die vorliegende Verfügung keine Rechtsmittel möglich sind".
So a judge decides to force me to do anything without hearing my voice, without giving me the right to oppose is really out of my sense of democracy and law.
Andreas Fink
Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG IceCell ehf
--------------------------------------------------------------- Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: andreas@fink.org www.finkconsulting.com www.global-networks.ch www.bebbicell.ch --------------------------------------------------------------- ICQ: 8239353 MSN: msn1@gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333
Funny "Verfügung". But what about Swisscom and sunrise and maybe others? Are those not ISP??
Just a stupid question...
Cheers, Günti
NormalThis verfügung is a Joke... Many of the ISP han't received this Letter.
I think we must have here in Switzerland as soon as possible an "Internetgesetz". They take an article. of 1995. For a Phone and put it in the Internet...
I don't think the kiosk shop assistant is liable for contents of the newspaper.
We could make a test.... Greetings Xaver
----- Original Message ----- From: Robert.Guentensperger@swisscom.com To: swinog@swinog.ch Sent: Wednesday, February 18, 2009 4:38 PM Subject: Re: [swinog] Post from Canton de Vaud
Funny "Verfügung".
But what about Swisscom and sunrise and maybe others?
Are those not ISP??
Just a stupid question.
Cheers,
Günti
------------------------------------------------------------------------------
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
On 18.02.2009, at 16:38, Robert.Guentensperger@swisscom.com <Robert.Guentensperger@swisscom.com
wrote:
Funny “Verfügung”. But what about Swisscom and sunrise and maybe others? Are those not ISP??
Just a stupid question…
Cheers, Günti
Actually a good question. The list shows a carrier operators in it which is in the wholesale voice but for sure is not an ISP.
in the text it says
"stellt fest dass er somit den wichtigsten Access-Providern der Schweiz verordnet hat, Schritte zu unternehmen, um ihren Abonenten den Zugang zur internetseite... zu verhindern".
I guess this is the proof that Swisscom and Sunrise is considered "unimportant" in this respect.
Another proof that this judge has no clue on what he's into... - or -
he probably knows that the Lawyers of Swisscom, Sunrise etc would kill his judgment on the spot.
we've of course received this... (at least i had this on my desk)
-steven
Robert.Guentensperger@swisscom.com schrieb:
Funny “Verfügung”.
But what about Swisscom and sunrise and maybe others?
Are those not ISP??
Just a stupid question…
Cheers,
Günti
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
NormalHi Günti
Finecom and some other ISPs got the same 'Verfügung' already one year before. Due to the trick with the deadline for the 'Rekurs' over christmas and new year we (and also some other ISPs) failed to oppose.
It's interesting to see, that the judge decided to use a new (and even larger) list of ISPs than one year before. Case Nr etc. is still the same...
cheers, michel
----- Original Message ----- From: Robert.Guentensperger@swisscom.com To: swinog@swinog.ch Sent: Wednesday, February 18, 2009 4:38 PM Subject: Re: [swinog] Post from Canton de Vaud
Funny "Verfügung".
But what about Swisscom and sunrise and maybe others?
Are those not ISP??
Just a stupid question.
Cheers,
Günti
------------------------------------------------------------------------------
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
The citation below refers to an Article in the applicable Strafprozessordnung which states that a "Rekurs" does not have "aufschiebende Wirkung" IN PRINCIPLE. Yet in this case, the judge ordered that "aufschiebende Wirkung" IS granted. The actual decision in a "Verfügung" is always contained in the part called "Dispositiv", which usually comes just before the signature.
General advice: Always read a Verfügung from the end. It is there where the actual information is to be found (in the present case: "(dass) die Wirkung der Verfügung vom 17. Dezember 2008 bis zum Entscheid über den am 29. Dezember 2008 eingereichten Rekurs aufgeschoben wird").
Christa
you have to read the thing fully:
The cover letter in french says CYBERLINK has opposed. The german text says despite the recurs of Cyberlink, it stays in force:
"Der Rekurs hat keine aufschiebende Wirkung aauf die Untersuchungshandlungen ; der angefochtene Entscheid ist trotz des Rekurses Rechtskräftig, es sei den der Untersuchungsrichter hat das Gegenteil entschieden"
Also, the original "order" was not sent to me, I wonder most about the sentence
"gegen die vorliegende Verfügung keine Rechtsmittel möglich sind".
So a judge decides to force me to do anything without hearing my voice, without giving me the right to oppose is really out of my sense of democracy and law.
Andreas Fink
Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG IceCell ehf
--------------------------------------------------------------- Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: andreas@fink.org www.finkconsulting.com http://www.finkconsulting.com/ www.global-networks.ch www.bebbicell.ch --------------------------------------------------------------- ICQ: 8239353 MSN: msn1@gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333
Andreas Fink afink@list.fink.org wrote:
The german text says despite the recurs of Cyberlink, it stays in force:
"Der Rekurs hat keine aufschiebende Wirkung aauf die Untersuchungshandlungen ; der angefochtene Entscheid ist trotz des Rekurses Rechtskräftig, es sei denn der Untersuchungsrichter hat das Gegenteil entschieden"
The order from December 17 would have remained in force if it had not been suspended by means of the order from February 11.
Also, the original "order" was not sent to me, I wonder most about the sentence
"gegen die vorliegende Verfügung keine Rechtsmittel möglich sind".
That is part of the order from February 11 which suspends the effect of the order of December 17 until a higher court has decided about Cyberlink's opposition.
So a judge decides to force me to do anything without hearing my voice, without giving me the right to oppose is really out of my sense of democracy and law.
No, the one decision concerning which ISPs were not giving a right to oppose was the judge's decision to suspend his own order.
Greetings, Norbert
-
Alexandre Suter -
Andreas Fink -
Christa Pfister -
Jeroen Massar -
Matthias Leisi -
Michel Renfer -
Norbert Bollow -
Oliver Bolliger -
Pascal Gloor -
Robert.Guentensperger@swisscom.com -
roger@mgz.ch -
Silvan Michael Gebhardt -
Steven Glogger -
Xaver Aerni