Netflix VPN detection - actual engineer needed

Owen DeLong owen at delong.com
Tue Jun 7 05:59:34 UTC 2016


I believe there are a lot more than 4.

Owen

> On Jun 6, 2016, at 8:25 PM, Spencer Ryan <sryan at arbor.net> wrote:
> 
> The tunnelbroker service acts exactly like a VPN. It allows you, from any
> arbitrary location in the world with an IPv4 address, to bring traffic out
> via one of HE's 4 POP's, while completely masking your actual location.
> 
> 
> *Spencer Ryan* | Senior Systems Administrator | sryan at arbor.net
> *Arbor Networks*
> +1.734.794.5033 (d) | +1.734.846.2053 (m)
> www.arbornetworks.com
> 
> On Mon, Jun 6, 2016 at 11:22 PM, Blair Trosper <blair.trosper at gmail.com>
> wrote:
> 
>> It should be pointed out that -- the SPECIFIC accusation from Netflix -- is
>> that people on TunnelBroker are on a VPN or proxy unblocker.
>> 
>> The data does not bear that out.  Hash tag just saying.
>> 
>> </soapbox>
>> 
>> On Mon, Jun 6, 2016 at 7:53 PM, Ricky Beam <jfbeam at gmail.com> wrote:
>> 
>>> On Mon, 06 Jun 2016 19:41:14 -0400, Mark Andrews <marka at isc.org> wrote:
>>> 
>>>> What lie?  Truly who is lying here.  Not the end user.  Not HE.  There
>> is
>>>> no requirement to report physical location.
>>>> 
>>> 
>>> The general lie that is IP Geolocation. HE only has what I tell them
>> (100%
>>> unverified), and what MaxMind (et.al.) tell them (~95% unverified.) They
>>> know my IPv4 endpoint address, but that doesn't give them a concrete
>> street
>>> address -- they're guessing in exactly the same way everyone else does.
>> And
>>> more to the point, HE doesn't share that information with anyone. (whois
>> is
>>> populated with your account information. they don't ask where your
>> tunnels
>>> are going.)
>>> 
>>> Are they legally required to go to this level?
>>>> 
>>> 
>>> Possibly, but Netflix isn't going to push this. Win or Lose, they still
>>> lose distribution rights.
>>> 
>>> Netflix (and their licensees) know people are using HE tunnels to get
>>>>> around region restrictions. Their hands are tied; they have to show
>>>>> they're doing something to limit this.
>>>>> 
>>>> 
>>>> No, they do not know.  The purpose of HE tunnels is to get IPv6 service.
>>>> The fact that the endpoints are in different countries some of the time
>>>> is incidental to that.
>>>> 
>>> 
>>> YES. THEY. DO. There have been entire COMPANIES doing this. (which is
>>> likely what sparked this level of response.) Neither HE nor Netflix are
>>> naming names, but a short walk through the more colorful parts of the
>>> internet should be enlightening.
>>> 
>>> Garbage.  You have to establish the tunnel which requires registering
>>>> a account.  It also requires a machine at the other end.  Virtual
>>>> or physical they don't move around the world in a DDNS update. The
>>>> addresses associated with a tunnel don't change for the life of
>>>> that tunnel.
>>>> 
>>> 
>>> True. 'tho, you can list any nonsense address you want. They do nothing
>> to
>>> validate it. (Use my favorite BS address: Independence MT -- pop: zero.
>>> It's a dirt road across a mountain in the middle of absolutely nowhere.
>>> Google it!)
>>> 
>>> The tunnel endpoint (your IPv4 address) is known only to HE, and not
>>> exposed to ANYONE. That's not going to EVER change. Once your tunnel has
>>> been setup, that address ("Client IPv4 Address") is not set in stone.
>>> People have dynamic addresses, and HE recognizes this, so there are
>>> numerous methods to change the tunnel endpoint address. (tunnel
>>> configuration page, update through an http(s) request, etc.) THUS, a
>> tunnel
>>> can move; it can be terminated anywhere, at anytime. Not only can one
>>> update the endpoint to a different address on the same box, but to a
>>> completely different box entirely.
>>> 
>>> Furthermore, one account can have several tunnels through different
>>> servers that present addresses from different regions. Where I appear to
>> be
>>> in the world, thus, depends on which tunnel I have enabled. (and in which
>>> countries HE has prefixes, which currently appears to be 4)
>>> 
>> 




More information about the NANOG mailing list