On 19/07/06 11:50 +0530, Kenneth Gonsalves wrote:
On 19-Jul-06, at 11:04 AM, Devdas Bhagat wrote:
this is not about democracy - it is about stupidity. Some specific sites were to be blocked (what good that would do no one knows) so the isps responded by blocking en masse
The ISPs nullrouted the destination IPs. They did not proxy all the traffic.
what does this mean (not being sarcastic, really want to know)
Pre-requisites to understanding this: The OSI model.
ISPs are basically organisations which move packets around. They do this at the network layer (layer 3), which on the Internet is IP. Routers can parse packet headers a bit deeper, to layer 4 (transport - TCP/UDP).
HTTP is a layer 7 protocol. This implies that it is encapsulated inside the layer 4 envelope, which a router is *not* optimised to look at. You need a proxy for this job.
So unless your ISP has a transparent proxy (ideally, truly transparent - spoofing client IPs and breaking networking), it isn't really feasible for the ISP to block a name based site.
They could hijack DNS if needed, but that needs far, far more clue than the average Indian ISP can afford. This is also technologically fragile, and *generally* not recommended in an ISP environment.
When a subnet is null-routed, all packets sent to that network are discarded. In this case, the network was a single IP. All subdomains of blogspot.com point to the same IP, and hence were blocked.
Devdas Bhagat