This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] False positive CSAM blocking attributed to RIPE
- Previous message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
- Next message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Clayton
richard at highwayman.com
Wed Sep 29 02:33:50 CEST 2021
>I am writing about a case that has been referred to my organization involving >global blocking (packet dropping, apparently) of IP addresses that have been >reported as hosting CSAM by the Canadian Center for Child Protection (C3P). lose one point everyone who didn't read that this is a watchdog not the site owner -- and if you Google their name, one whose activities and focus has attracted some controversy >However, in the case that was reported to me, rather than allowing the hosting >provider to take down the offending image, the takedown notice was followed by >global packet dropping of the hosting IP address, which took down the entire >server and other websites along with it: there's no such thing as "global packet dropping" but if the website is offline then either traffic is being blocked near to the site itself by a hosting company or upstream provider, or some national level blocking is being applied (though often this takes the form of arranging that the website name does not resolve in DNS rather than packet dropping per se) > the hosting provider has attributed >this censorship to RIPE, RIPE NCC operates a directory service -- maintaining lists of which organisations have been assigned which IP addresses (along with 4 other Regional Internet Registries) >although I cannot verify whether or not this is true. it is untrue, you should interrogate the hosting provider directly because their statement (whatever it was) has clearly been severely garbled before you reported it here >If I am able to obtain more details from RIPE staff, I will follow up with them. that would be a waste of their time -- you need to backtrack to the hosting provider and, if you can obtain some technical help, ascertain the actual nature of the blocking (assuming it is still in place) or at least review what technical evidence there is about the impact (assuming that's the aspect you care about -- rather than what you describe as an error of categorisation by C3P) >I'm writing to find out if anyone has more information that they >can share about how this might have happened, and how it can be >prevented from happening in the future. there is considerable information to be found online about how blocking works, the mechanisms used and how it regularly goes wrong. Entering this arena without attempting to do your homework is counterproductive. -- Dr Richard Clayton <richard.clayton at cl.cam.ac.uk> Cambridge Cybercrime Centre mobile: +44 (0)7887 794090 Computer Laboratory, University of Cambridge, CB3 0FD tel: +44 (0)1223 763570 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 185 bytes Desc: not available URL: </ripe/mail/archives/anti-abuse-wg/attachments/20210929/53000306/attachment.sig>
- Previous message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
- Next message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]