There are numerous ways in which the internet is filtered, although none of them are completely reliable. In reality the only ‘prefect’ method to block access to specific sites that are available online is to block access to the internet completely. Fortunately with the possible exception of North Korea this method is rarely used and most companies and countries use some other method to control access to websites.

The Western Democracies mostly leave access to the world wide web unfettered, however even these countries will restrict certain criminal sites. Companies normally will block access to sites which could cause them legal or productivity issues. After all, why leave access open from the company network to somewhere like Facebook when it serves little business purpose. What is more your employees are likely to waste many hours on such sites when they really should be working.

However there are also restrictions and blocks placed by the websites themselves. These are for a variety of reasons but mostly due to copyright and profit maximisation ones, they are probably most commonly found in large media sites who want to block access to their content outside the domestic market so that they can resell elsewhere. Mostly these blocks are quite simple ones, where the IP address of the inbound connection is looked up in database then either allowed through or blocked depending on which country it’s originated from. This method is actually very easily to bypass as all you need to do is mask your real address and present one from the specified country.

The easiest method by far to do this is to route your connection through an intermediate server. Originally most people used a proxy server for this, simply because free ones were readily available all over the internet in different locations. Most sites now can detect and automatically block these servers though so using a proxy for bypassing blocks is fairly redundant now. The new method is pretty similar but involves a VPN connection instead of a simple proxy. The advantage is that the connection is encrypted and virtually impossible to detect easily, although the Chinese have made some progress in this.

Providing the VPN server is located in the correct location it should allow unrestricted access to whichever site is accessed. So for example if you were in Paris you’d need to find a VPN server in the UK to access the BBC iPlayer in France. This is because when you connected to the BBC website it would only see the IP address of the VPN server and presume you were in the United Kingdom. Although the VPN cannot be detected directly, the IP addresses are vulnerable to detection and indeed some are blocked.  The main method for detecting and blocking addresses of VPN servers is by monitoring concurrent connections.  An overloaded VPN server will have hundreds of connections originating from a single IP addresses, it can be presumed that this is a relay server of some sort and they will often be blocked.

Jim Reeves


No Comments Networking, News

Leave a Reply

Your email address will not be published. Required fields are marked *