Mapping the Internet Infrastructure in Serbia — RIPE Labs
lundi 28 septembre 2015 à 11:22GuiGui's Show - Liens
Excellent : analyse de la structure des réseaux des FAI Serbes pour en déterminer la solution de censure adaptée et donc les coûts associés, permettant de mettre KO une proposition de loi du gouvernement visant à censurer les sites web proposant des jeux d'argent / paris sans l'avis de l'État (en France, ça se nomme ARJEL, https://fr.wikipedia.org/wiki/Autorit%C3%A9_de_r%C3%A9gulation_des_jeux_en_ligne, pour rappel).
« Through empirical research, SHARE Foundation created a map of the Internet in Serbia and analysed the implications network structure could have on Internet filtering. By visualising and analysing the structure and topology of individual Internet Service Providers in Serbia, we tried to determine how easy it would be to install filtering devices on these networks. This data was used to inform the government on the proposal of a new law.
[...]
1. Determining the IP ranges
First we looked at the RIPE Database and took all the IP ranges registered to organisations in Serbia. Below you can see a representation of ISPs in Serbia and the number of IP addresses alocated to them.
[...]
There are three basic network structures:
* Centralised: All devices are connected to one centre. This centre has privileged accessibility and thus represents the dominant element of the network.
* Decentralised: Although the centre is still the point of highest accessibility, the network is structured so that sub-centres also have significant levels of accessibility.
* Distributed: No centre has a level of accessibility that significantly differs from the others.
By analysing our visualisations of ISPs in Serbia we noted that both centralised and decentralised models are present. An example of a centralised network model can be seen in the network of the state-owned Telekom Serbia. An example of a decentralised model can be seen in the university network AMRES (see more on these two networks below).
[...]
In one of our previous research projects (in Serbian only), we looked at Internet filtering at the national research and education network of Serbia AMRES. We discovered a decentralised method of content filtering, delegated and executed through local administrators and routers at every university in Serbia. Each local administrator is responsible for their own blacklist of sites and ports. AMRES is one of the oldest ISPs in Serbia, established in the early 1990s, and its method of Internet filtering presented here is filtering on an institutional level. If we take a look at the visualisation of the AMRES network (in Figure 4), we can clearly see why this method of Internet filtering was most applicable: the decentralised structure of the AMRES network somehow imposes this kind of filtering strategy.
[...]
In December 2014, the Government of the Republic of Serbia sent a Proposal of the Law on Amendments to the Law on Games of Chance to the Parliament (in Serbian). The proposed changes were adopted without discussion and public insight, even though these provisions would introduce Internet censorship in Serbia through a “back door”. What presented the main problem was the amendment of Article 10 of the current law, i.e. the new Item 16 of Paragraph 1, which prohibits “enabling access to websites by domestic electronic communication network service operators to legal entities or individuals organizing games of chance without the approval or consent of the Administration”. What this basically means is that the government suggested filtering (or censoring) access to online gambling sites in order to regulate gambling. To be able to do that, ISPs would have to monitor which sites their users are visiting.
Fortunately, after the SHARE Foundation analysed the proposal and started a media campaign, the proposal of the law was withdrawn from the parliamentary procedure following an intervention of the government. In one part of the proposal, it was written that the installation, maintenance and costs of the equipment intended for filtering is the responsibility of the ISPs. In order to estimate the (unreasonable) costs ISPs would bear, we analysed the network topology maps of every individual ISP in Serbia to see how much and what kind of equipment they would need to purchase. Even though our method is not 100% accurate, we had something to work with, something that gave us an insight into the unknown and invisible design of the networks.
[...]
By looking at the map of Telekom Serbia’s network (see Figure 5), the biggest ISP in Serbia and owner of the biggest share of the infrastructure, we could observe a highly centralised structure where almost all the main nodes and routers were connected to just two main servers.
The logical conclusion is that in order to perform real-time filtering they would need to install equipment exactly in those two points. On the other hand, from the number of nodes attached to those two main routers, we can assume that they are able to process huge amounts of traffic, therefore the equipment they would need to install would probably need to be of high-end performance. We were able to predict the type and cost of the theoretical filtering solution, given that there are just a few manufacturers of such equipment.
[...]
Given that our analysis is still only at the level of an individual ISP, this is just a small fragment of the story. The Internet is a network of networks, and to be able to create a full picture and to understand where the points of control are, we need to examine their local interconnections and links to the International networks. This is a topic for further research. »
Via le twitter de Stéphane Bortzmeyer (https://twitter.com/bortzmeyer/with_replies)
(Permalink)
Excellent : analyse de la structure des réseaux des FAI Serbes pour en déterminer la solution de censure adaptée et donc les coûts associés, permettant de mettre KO une proposition de loi du gouvernement visant à censurer les sites web proposant des jeux d'argent / paris sans l'avis de l'État (en France, ça se nomme ARJEL, https://fr.wikipedia.org/wiki/Autorit%C3%A9_de_r%C3%A9gulation_des_jeux_en_ligne, pour rappel).
« Through empirical research, SHARE Foundation created a map of the Internet in Serbia and analysed the implications network structure could have on Internet filtering. By visualising and analysing the structure and topology of individual Internet Service Providers in Serbia, we tried to determine how easy it would be to install filtering devices on these networks. This data was used to inform the government on the proposal of a new law.
[...]
1. Determining the IP ranges
First we looked at the RIPE Database and took all the IP ranges registered to organisations in Serbia. Below you can see a representation of ISPs in Serbia and the number of IP addresses alocated to them.
[...]
There are three basic network structures:
* Centralised: All devices are connected to one centre. This centre has privileged accessibility and thus represents the dominant element of the network.
* Decentralised: Although the centre is still the point of highest accessibility, the network is structured so that sub-centres also have significant levels of accessibility.
* Distributed: No centre has a level of accessibility that significantly differs from the others.
By analysing our visualisations of ISPs in Serbia we noted that both centralised and decentralised models are present. An example of a centralised network model can be seen in the network of the state-owned Telekom Serbia. An example of a decentralised model can be seen in the university network AMRES (see more on these two networks below).
[...]
In one of our previous research projects (in Serbian only), we looked at Internet filtering at the national research and education network of Serbia AMRES. We discovered a decentralised method of content filtering, delegated and executed through local administrators and routers at every university in Serbia. Each local administrator is responsible for their own blacklist of sites and ports. AMRES is one of the oldest ISPs in Serbia, established in the early 1990s, and its method of Internet filtering presented here is filtering on an institutional level. If we take a look at the visualisation of the AMRES network (in Figure 4), we can clearly see why this method of Internet filtering was most applicable: the decentralised structure of the AMRES network somehow imposes this kind of filtering strategy.
[...]
In December 2014, the Government of the Republic of Serbia sent a Proposal of the Law on Amendments to the Law on Games of Chance to the Parliament (in Serbian). The proposed changes were adopted without discussion and public insight, even though these provisions would introduce Internet censorship in Serbia through a “back door”. What presented the main problem was the amendment of Article 10 of the current law, i.e. the new Item 16 of Paragraph 1, which prohibits “enabling access to websites by domestic electronic communication network service operators to legal entities or individuals organizing games of chance without the approval or consent of the Administration”. What this basically means is that the government suggested filtering (or censoring) access to online gambling sites in order to regulate gambling. To be able to do that, ISPs would have to monitor which sites their users are visiting.
Fortunately, after the SHARE Foundation analysed the proposal and started a media campaign, the proposal of the law was withdrawn from the parliamentary procedure following an intervention of the government. In one part of the proposal, it was written that the installation, maintenance and costs of the equipment intended for filtering is the responsibility of the ISPs. In order to estimate the (unreasonable) costs ISPs would bear, we analysed the network topology maps of every individual ISP in Serbia to see how much and what kind of equipment they would need to purchase. Even though our method is not 100% accurate, we had something to work with, something that gave us an insight into the unknown and invisible design of the networks.
[...]
By looking at the map of Telekom Serbia’s network (see Figure 5), the biggest ISP in Serbia and owner of the biggest share of the infrastructure, we could observe a highly centralised structure where almost all the main nodes and routers were connected to just two main servers.
The logical conclusion is that in order to perform real-time filtering they would need to install equipment exactly in those two points. On the other hand, from the number of nodes attached to those two main routers, we can assume that they are able to process huge amounts of traffic, therefore the equipment they would need to install would probably need to be of high-end performance. We were able to predict the type and cost of the theoretical filtering solution, given that there are just a few manufacturers of such equipment.
[...]
Given that our analysis is still only at the level of an individual ISP, this is just a small fragment of the story. The Internet is a network of networks, and to be able to create a full picture and to understand where the points of control are, we need to examine their local interconnections and links to the International networks. This is a topic for further research. »
Via le twitter de Stéphane Bortzmeyer (https://twitter.com/bortzmeyer/with_replies)
(Permalink)