Netflix VPN detection - actual engineer needed
Baldur Norddahl
baldur.norddahl at gmail.com
Wed Jun 8 17:03:55 UTC 2016
On 2016-06-08 17:58, Nicholas Suan wrote:
>
>
> On Wednesday, June 8, 2016, Baldur Norddahl <baldur.norddahl at gmail.com
> <mailto:baldur.norddahl at gmail.com>> wrote:
>
>
> A start would be blocking 2620:108:700f::/64 as discovered by a
> simple DNS lookup on netflix.com <http://netflix.com>. I am not
> running a HE tunnel (I got native IPv6) and I am not blocked from
> accessing Netflix over IPv6 so can't really try it. I am curious
> however that none of the vocal HE tunnel users here appears to
> have tried even simple counter measures such as a simple firewall
> rule to drop traffic to that one /64 prefix.
>
>
> That's a start but Netflix has a few more prefixes than that:
> http://bgp.he.net/AS2906#_prefixes6
They do but that is irrelevant. Blocking just that one /64 prefix works
because that is where their tunnel detector apparently lives.
I think we are at the point where we can say it would be nice if Netflix
could just redirect users from IPv6 to IPv4 when a tunnel is suspected.
They do deserve flames for being bad guys here when they have such an
easy out.
But you can also just fix the issue yourself with a simple firewall rule.
Regards,
Baldur
More information about the NANOG
mailing list