Netflix VPN detection - actual engineer needed
Eric Kuhnke
eric.kuhnke at gmail.com
Mon Jun 6 21:44:32 UTC 2016
Geolocation by IP is even funnier as an idea for those who have worked in
network engineering for commercial, geostationary two-way satellite
services... Some examples:
1. C-band teleport in Singapore with SingTel IPs, remote terminals in
Afghanistan.
2. Ku-band teleport in Germany with IP space in an Intelsat /20, remote
terminal on the roof of a US government diplomatic facility in
$DEVELOPING_COUNTRY
3. Teleports in Miami with IP space that looks indistinguishable (in terms
of BGP-adjacency and traceroutes) from any other ISP in the metro Miami
area, providing services to small TDMA VSAT terminals in west Africa.
4. Things in Antarctica that are on the other end of a C-band SCPC pipe
from a large earth station in southern California.
5. Maritime Ku and C-band VSAT services with 2.5 meter size 3-axis tracking
antennas on top of cruise ships that could be literally anywhere in the
Mediterranean or Caribbean oceans, with the terrestrial end of the
connection in Switzerland, Italy, Maryland or Georgia.
6. Small pacific island nations that have no submarine fiber connectivity
and are now using o3b for IP backhaul, or C-band connectivity to teleports
in Australia.
On Mon, Jun 6, 2016 at 2:33 PM, Laszlo Hanyecz <laszlo at heliacal.net> wrote:
> On 2016-06-06 19:39, Christopher Morrow wrote:
>
>>
>> Doing any sort of 'authentication' or 'authorization' on src-IP is just
>> ..
>> broken.
>>
>>
>>
> This.
>
> Netflix is pretending to have a capability (geolocation by src ip) that
> doesn't exist and there is collateral damage from the application of their
> half baked solution. Those who end up getting dropped as collateral damage
> are rightly upset about the discrimination.
>
> -Laszlo
>
>
More information about the NANOG
mailing list