Just last week, the National Privacy Commission (NPC) issued a cease and desist order (CDO) against lisensya.info for illegally collecting personally identifiable information of license holders and vehicle owners by pretending to be an authorized website of the Land Transportation Office. The CDO was sent to the respondent, the National Telecommunications Commission (NTC), and Land Transportation Office (LTO) via email on November 12, 2020.
Yesterday afternoon, November 23, 2020, several Internet Service Providers (ISP) in the country got an email from the NTC with the subject FOR BLOCKING and signed by NTC Commissioner Gamaliel A. Cordoba.
We have been following the developments of this incident and we noticed that the website ordered by the NTC to be blocked is not spelled correctly. The correct website should have been lisensya.info and NOT lisenya.info. The order above therefore is useless in blocking traffic to the offending website.
While the memorandum, according to our source mentioned lisensya.info, still it causes confusion among the internet providers in the country as it is not clear on how to implement the order.
Engineer Pierre Tito Gala, co-founder of Democracy.Net.PH also noticed that there’s something wrong with the order. “..this is how powerful the NTC is when it comes to content control. The NTC deems itself to have the power to order the blocking of websites without a court order issued for the purpose. (the NPC’s CDO is not a court order, as the NPC is not a court) the government didn’t need the takedown clause that was the subject of an SC decision after all” Gala said in a Facebook post.
In addition, the NTC did not specify what sort of measures would be acceptable in order to comply with such an order. However, to comply with the intent of the NTC order, here are what ISPs can do depending on how their network is setup:
Web Filtering Firewall: If they have a webfilter capable firewall, this is an example of how they can block the lisensya.info website:
Any client behind this firewall will immediately be blocked from accessing the LISENSYA.INFO website. End of story there. However, this approach suffers from at least two weaknesses:
- One, this assumes that ISPs offer firewall web-filtering service to ALL their clients. This is not usually the case. Clients sometimes demand UNFILTERED internet access. And any filtering would violate their commercial terms of engagement.
- Secondly, it is entirely unclear whether such web-filtering firewall might be able to block the HTTPS (secured) web traffic.
DNS redirection: We created an authoritative DNS domain Lisensya.info that points to a “special” IP address.
Then for our purposes, we can point it to the National Privacy Commission’s website IP:
This shows the NPC’s website IP address:
Then when NPC website installs a host header check, it should then popup a warning message that the site they intended to visit is harmful. This is cool! Good job NPC.
This confirms that the DNS redirection works:
However, this technic can be easily thwarted. ISP clients may not be using the ISPs DNS server. They may be using 220.127.116.11 or 18.104.22.168 or 22.214.171.124. Thankfully, there is a fallback. Google has already flagged this:
IP Filter Firewall: If the ISP doesn’t have a webfiltering firewall, the next best option would be to block the IP address that LISENSYA.INFO points to. As of this writing, it points to: 126.96.36.199.
On you firewall it is a simple matter to create a rule to BLOCK all outbound IP traffic to destinations whose IP address is 188.8.131.52/24
Or on a router, you can create an entry in your outbound access control list as follows:
access-list 10 deny ip any host 184.108.40.206
However, this approach also has a weakness. The nefarious group behind lisensya.info could easily switch to ANOTHER IP address. Hence it will be a perpetual cat and mouse affair.
In any case, we here at Manila Bulletin welcome other interesting ideas on how ISPs might be able to EASILY carry out NTC’s order.