Netflix VPN detection - actual engineer needed

Jimmy Hess mysidia at gmail.com
Sat Jun 4 02:39:16 UTC 2016


On Fri, Jun 3, 2016 at 3:05 PM, Spencer Ryan <sryan at arbor.net> wrote:
> There is no way for Netflix to know the difference between you being in NY
> and using the tunnel, and you living in Hong Kong and using the tunnel.

No way, really?    Come now.
The latency difference between New York and Hong Kong are very different.

If your minimum/bottomed-out RTT is less than 100ms away from a
Netflix server,  which can be measured using TCP protocol-based
metrics,  then you are not using a VPN.    This could be used as a
filter to reduce false positives.

Also, if you are using a tunnel service, then it is Unlikely your only
connectivity is IPv6,
therefore, when they suspect an IPv6 VPN,   they could  use methods of
figuring out your IPv4 address....  it could be an option  simply do
something along the
lines of a background HTTP request

along the lines of
$.ajax({type: "GET",  url:
"http://ipv4onlyhostname.netflix.example.com/x.cgi"}, data: {
timestamp:blah, action: 'get_proof_of_IPv4_address',
blahblah_sessionid:  blah } )

Then analyze the IPv4 connection before returning a proof of IP
address as a signed token.

Within the main page or system, allow the connection.   This method
proves your device is not
merely circumventing region controls through a simple VPN.

You at least have access to a computer in the allowed region a few
seconds before initiating the connection.

Or you know....  just redirect the IPV6 tunnel-provider connections at
Netflix' end to an IPv4-only hostname period,  so V6 is not used for
these users.


Furthermore,  they could make a USB dongle with a GPS receiver on it
that will answer a location-based challenge request,  that you're
expected to hook up to your computer feed from an outside antenna.
I don't let them off the hook, too easily.

> *Spencer Ryan* | Senior Systems Administrator | sryan at arbor.net
> *Arbor Networks*
> +1.734.794.5033 (d) | +1.734.846.2053 (m)
> www.arbornetworks.com
--
-JH



More information about the NANOG mailing list