Inside Internet Filtering

A couple months back a customer asked me over lunch “Why can’t you just block the bad videos on YouTube?”  I started into a technical explanation of how difficult filtering video streams is.  Part way through the answer an idea sprang to life.  I could barely wait to get back to the office and pound out a proof of concept.

I’m excited to be able to announce an enhancement to our Safe Eyes parental control software which provides clip-by-clip filtering on YouTube.

Traditionally most Internet filters have either blocked or allowed YouTube as a whole.  Most often it was blocked.  The new filtering capability in Safe Eyes represents the first time an Internet filter has been able to allow or block individual YouTube clips based on their content no matter where they appear online.

YouTube is the third most heavily trafficked website in the world and the fourth in the U.S., after Google, Yahoo and MySpace. Blocking the whole site is unnecessary for families because it means blocking good content along with bad, including perfectly innocent videos making the rounds among friends.  Safe Eyes’ new ability to filter out only the offensive clips solves the problem.
- Forrest Collier, CEO of InternetSafety.com

The new YouTube filtering is included in the latest version of Safe Eyes and available now at www.safeeyes.com.  Thanks to the entire Safe Eyes team for turning this “lunch table idea” into a reality.

Press Release: Keep YouTube ‘Clean’ for Your Kids with Safe Eyes

While reading this article from KSL TV for one of my previous posts I noticed near the end of the article that often secure sites are not filtered by Internet filtering software.

Clayton Ostler the IT Manager for ContentWatch (the company behind NetNanny) made the statement:

“The (filters) can detect that the data is coming from an encrypted site, but they can’t actually read the content of that data.”

Basically he is saying that because they can’t see unencrypted the content, that they can’t filter it.  Which is true for a dynamic filter like NetNanny, but isn’t true for a hybrid list-based filter like Safe Eyes.  Safe Eyes has been filtering secure sites for over a year now.

Mr. Ostler also hinted that a new version of NetNanny which can filter secure sites would be out later this month.  So have they created a system that is capable of inspecting the encrypted data?  If they have, doesn’t that defeat the purpose of having encryption in the first place?  Maybe they are using some other technique, we will have to wait and see.

After my post about CyberPatrol’s new SiteSURV product, one of my readers emailed and asked “What is DNS Poisoning?”  Instead of responding personally, I thought it would make a good blog post.

First a little background on the Domain Name System or DNS.  Basically every computer on the Internet has an IP address, for instance this site is 72.54.145.200.  But it is a whole lot easier to reference these computers by name, like www.insideinternetfiltering.com.  So the Domain Name System was created to turn these names into the numbers that our computers understand.

This system works as a hierarchy of DNS servers.  At the top are the root servers, they have .com, .org, .net etc.  When you register a domain, an entry is added to these root servers that tells computers looking for your domain where to look next.  So at the root servers there is a entry for insideinternetfiltering.com that tells them to look to my two DNS servers for more information about my domain.  My DNS servers have an entry for www that describes my IP address.

For your computer to work properly on the Internet you need to at least one DNS server entered in your network settings.  Most of the time this happens automatically for you when you connect to your Internet Service Provider or corporate network.  Then when you enter a URL in your browser, www.insideinternetfiltering.com for example, your computer consults that DNS server behind the scenes.  If that DSN server doesn’t know the IP address for www.insideinternetfiltering.com it then typically consults the root server looking for insideinternetfiltering.com, which in turn sends it to my DNS server, which returns the IP address for my site.  This is known as an authoritative response.

So with that as background, what is DNS poisoning?  Quite simply it is technical jargon for changing the normal flow of the DNS system and introducing results that aren’t authoritative.  This term is often applied to malicious types of attacks as the DNS poisoning article wikipedia article points out.  However, it has also traditionally be used to describe a method of Internet filtering in which DNS return values are altered from their authoritative value for the purposes of filtering content.

For instance, lets say that the DNS server that is configured on my computer is programmed with a blacklist of bad websites.  On this list is a site called www.badsite.com.  When you try to visit www.badsite.com, your computer asks the DNS server for the IP address of www.badsite.com.  The DNS server is programmed to look at the blacklist and if it finds www.badsite.com it does not consult the root DNS server, but instead returns an invalid value that causes your computer to not connect to the site.  It could even return a new valid IP address that would send you to a server that has been configured to display a “this site has been blocked” page.

This was a long post.  If there is something that doesn’t make sense, please comment.