..
Are there platforms out there that can accomplish this with any precision?
the Snort IDS? Any product capable of deep packet inspection that
can be plugged into a Tap or SPAN port.
Many network-based IDS would allow you to write custom rules to
detect packets matching certain patterns.
Then if the packet being sent out matches your custom rules one can
execute a trigger condition, such as temporarily block the customer IP
address for 2 minutes, until all their opened TCP connections time
out.
There's a scalability issue in that a large carrier would require a
massive number of analysis machines.
The cost and hardware resources to operate inspection devices can be
very high, and they can be very prone to false positives.
No, I don't know what constitutes "TV" in that jurisdiction, nor do I ask this group to weigh in on that. Are YouTube, Vimeo, and Rumble "TV"? Are Netflix and Prime "TV"?
In most of the world "Block all Illegal TV" would be a vague
unenforceable order.
The biggest thing you had to do in that case may be to file a response
to the order and provide
what additional information/direction is necessary.
Carrying out a blocking order for an ISP would generally include steps
such as modifying your
recursive DNS server policies to deny lookups for the domain names to
be blocked. Or possibly
adding ACLs to deny traffic towards IP addresses from your customers
on your network within jurisdiction
provided the IP addresses belong to entities to be blocked.
It's not that you have to weight in on what you think is illegal TV;
it's not a carrier's duty to figure
out every type of message that might be illegal where you have no
knowledge. Until there is a
particular regulation or law spelling out the requirement specifically or
Until you are
given enough information about exactly who to block with enough
specificity to block them
without causing damage to other legitimate service providers who
aren't subjects of the order.
For you to block Youtube: they had to tell you specifically to block
Youtube. Netflix would
not be covered, unless they provide Netflix in the order, etc. You
had to have knowledge
that a particular domain, IP address, or protocol is an illegal
service in order to recognize it should be blocked.
It's not generally possible to block a whole protocol without the
network containing deep-packet
inspection equipment.
In that case protocol alone still cannot tell you the difference
between IP telephony/videoconferencing,
or personal streaming versus viewing illegal content.
Traffic over VPNs is almost completely opaque, and there is no way
for a transit provider to detect
the difference between transferring legal Linux install disk images
or Home security footage to
a cloud provider versus pirated movies. So the only blocking
order that could really apply to
data transmission over VPN would be if the whole VPN connection is to
be blocked.
As a carrier you should have legal counsel to advise you about special
regulations in countries you
operate. It is possible to make efforts at disrupting or throttling
different protocols or port numbers.
For example, you could deploy a solution to block bittorrent if you
wanted, but it would be
expensive, not highly effective, and still impact legal uses of the
protocol just as much as illegal uses.