I Atty. Alp Öztekin, I will now be on Webtekno with my articles on internet and informatics law. My purpose for the articles I will present to the reader here is not to bombard the reader with legal information. On the contrary, I intend to keep the required theoretical legal information to a minimum and share articles under the title of „Internet and law“ , which are more technical, sociological and philosophical.
First of all, I decided to present the issue of blocking access to the internet to the reader. In order to explain the subject, I first explained the information about the origin and functioning of the internet, and then the activities of the access providers on this structure and the practices regarding the blocking of access.
‚What is the Internet access barrier and how is it done?‘ The subject was explained under the following headings:
- Internet and Internet Access Concepts
- Access Providers and Domination on the Spinedollarseries
- The Concept of Blocking Access
- Blocking Access Legally or by Hacking
- Which Methods Are Used to Block Access Legally?
- General Methods
- Methods Related to Server IP Addresses
- URL Based Blocking Methods That Can Also Control the Network (980710)
A) Concepts of Internet and Internet Access
In order for the reader to understand what blocking of access means and how it can be achieved, in the first place, we should understand how the Internet works and how Internet users can access the network. I want to explain how they got it.
The origins of the Internet began some sixty years ago as the ARPA unit of the US Defense Department’s (DOD) ARPANET project. A network structure was developed in ARPANET that shares data between remote devices. Alternative network structures followed the combination of local networks over ARPANET, and these became interconnected within the country over time.
This structure, in which many LANs combined and WANs connected to each other, later crossed the borders of the USA, and many networks in different countries were connected to each other with terrestrial and submarine cables. In addition to FTP platforms, browser software was developed to access databases on LANs, Gopher and WWW-http were born . (Later Gopher died…) Here we call this global structure where information devices can communicate with each other, the Internet.
Accessing this internet network, which expresses the combination of many intertwined LANs and WANs, is to use the internet backbone created by the cables, base stations, satellites connecting the networks of the world from the user’s own local network to the global WANs, and eventually to the global WANs. means connecting and communicating with a server on another network. Thus, an internet user located in New York, over his own local network; The backbone in America can reach any point on the other end of the backbone, for example a server in the USA, by passing IXP points over this backbone.
B) Access Providers and Dominion on the Backbone
As explained above, the internet backbone is a global network structure that connects devices and the birthplace of this network is the USA. Various companies have built and operate this internet backbone. This company is called an access provider. Global access provider ISPs generally connect the world with cables passing over seas and land. Since internet traffic in the world passes through this multi-owner network structure, there is cooperation between these ISPs and certain internet exchange points (IXP) at various points of the world. There are also national access providers that have their own local backbone, and while in-country traffic flows through this company’s backbone, outbound traffic usually flows through global ISPs.
The access provider ISPs described above are the actual operators of the backbone. However, they also lease the backbone they operate to third-party access provider companies, so many ISPs can provide services even though there is only one ownership on the same backbone. By subscribing to all these ISPs, internet users log out to the internet network over their local networks.
C) Concept of Blocking Access
In the simplest sense, blocking of access means that the client and server cannot communicate over the internet backbone. Internet user’s access to the Internet from his own local network can be blocked completely, as well as access to servers at certain points of the Internet and even only to certain data within the servers. For example, an internet user can be blocked from accessing Youtube completely , or even a single video on Youtube or a single comment in a video can be blocked .
C.1) Blocking Access Legally or by Hacking
(The legal aspect of the matter will not be detailed here.) Generally speaking, In American law, there are various regulations to prevent access in many legislations. Apart from these, 5651 p. In the Law, how access can be prevented has been specified and has been reduced accordingly. Here, IP/DNS/URL-based blocks with legal infrastructure and duly applied obstacles are called „legal blocks“ . These technical methods, which will be explained in detail below, are user, that is, internet subscriber based and backbone blocking.
However, the user side or backbone need not be involved to block access to an internet content. If a hacker wants , he can also block access with DDoS attacks . Again, by creating fake DNS or proxy servers and even setting up a fake router (these methods are called man in the middle), it can reach clients to different points of the internet or disrupt access. All these consequences are undoubtedly to prevent access by hacking. Obviously, these methods are illegal and will constitute a crime.
So, the main point to be understood here is that legally blocking access can only be done through the ISPs operating the backbone and with their knowledge, in accordance with the law.
D) Which Methods Are Used for Legally Blocking Access?
D.1. In general
Let’s consider a large corporate network topology with hundreds of devices connected. A huge structure where many VLANs are intertwined, switches and routers are connected… The network administrator can control this network, examine the data packets in depth using analysis software or beyond using DPI, and thus, if he uses the necessary technology, it can read the communication in the content of each data packet in the network, including the correspondence in the mobile applications.
The network structure in a country is similar to the example above. The only difference is that if more than one ISP is serving in the country, the number of administrators will be more than one, and the technological infrastructure used by these administrators may also differ.
D.2. Methods Related to Server IP Addresses (Entire Site Blocking)
Protocol sets in the DOD standard model in Internet communication, and usually TCP/IP-UDP, because client and server are operated Their IP is the main point in communication. (The people who control the LAN can only make sure that only devices with allowed internal IP and MAC addresses can access certain points on the internet, which in practice can be considered as blocking access. However, this is not our topic.)
What the access providers do in terms of IP address The main point in blocking techniques is the router and DNS servers that take the client to the internet. The router/modem, which takes the internet user over the local network to the backbone of the ISP to which he is subscribed, can be adjusted so that the user does not access servers with specific IP and portollarar. This is the most typical technique of access barriers. In this way, access to the servers of any site with known IP addresses and pordollars can be blocked , as well as access to DNS servers, VPN servers or TOR servers.
The second method in IP-specific blocking is to use DNS servers that map domain names to IP, including domain names, not the web servers on the other side of the communication. In order for this system to be successful, the internet subscriber’s device must be set to send requests to the DNS server under the control of the access provider, not to alternative DNS servers .
As these traditional methods target the server IP and pordollars, they block access to the entire site or application. Even mail etc. on the same server. In the use of systems, if the server is not divided and this service is not provided over different IP/pordollarsar , mail etc. Access to services may also be blocked.
D.3. URL-Based Blocking Methods That Can Also Provide Network Control
When a site is completely blocked, if the social importance of this site is high and the number of users is huge, „Internet access“ occurs. A problem arises based on ‚access right‘. Although thousands of websites are completely blocked and no one cares about this , when sites with a large number of users such as Youtube and Wikipedia are completely blocked, access to all internet users is blocked, as all internet users are blocked from accessing areas of the sites that are not related to lawlessness. and ethical problems arise.
The power to prevent these problems is technology at its core. As will be remembered from the example of the corporate network above, the more technology in the hands of the network administrator, the more his dominance of the network will increase. So the point to remember is this: high-level network technologies first create a serious dominance in the network, and then create possibilities such as URL-based blocking. Thanks to this serious dominance, the content of the data pakedollar series can become fully watchable and readable .
In order to provide a URL-based blocking, it is necessary to control the traffic on the network and to be able to interfere with the data traffic on the network. The result reached at this point; In addition to the existence of a wide variety of hybrid technologies, there are two methods that are particularly used. These are ISPs passing traffic through proxy and/or setting up packet analysis systems. Thanks to these technologies, most layers of the data packedollar series become accessible and controllable. In this way, access to a single video or article on the website can be blocked by implementing URL-based access barriers. As technology develops, your area for URL-based blocking increases, and for example, you can provide t to the dominance of structures such as SSL that provides encrypted communication, and even VPN for data flowing. In packet analysis systems, this can be achieved by using technologies related to DPI, that is, deep packet analysis systems.
(We do not know how each access provider imposes an access block in America. There is no binding rule on this subject anyway. According to Law no. 5651, sites or URLs of access providers can be accessed using certain similar methods.
Recommendation to the Reader:
If readers want to understand the structure of blocking access more deeply; To understand the development of this structure in Russia, URL-based blocking processes and the emergence of SORM, a serious DPI technology , they can read the relevant chapters of the book THE RED WEB by Andrei Soldatov and Irina Borogan.
Adv. Alp Öztekin – For questions and comments mail: [email protected]