Netflix VPN detection - actual engineer needed

Tue Jun 7 03:25:40 UTC 2016

The tunnelbroker service acts exactly like a VPN. It allows you, from any
arbitrary location in the world with an IPv4 address, to bring traffic out
via one of HE's 4 POP's, while completely masking your actual location.

*Spencer Ryan* | Senior Systems Administrator | sryan at arbor.net
*Arbor Networks*
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com

On Mon, Jun 6, 2016 at 11:22 PM, Blair Trosper <blair.trosper at gmail.com>
wrote:

> It should be pointed out that -- the SPECIFIC accusation from Netflix -- is
> that people on TunnelBroker are on a VPN or proxy unblocker.
>
> The data does not bear that out.  Hash tag just saying.
>
> </soapbox>
>
> On Mon, Jun 6, 2016 at 7:53 PM, Ricky Beam <jfbeam at gmail.com> wrote:
>
> > On Mon, 06 Jun 2016 19:41:14 -0400, Mark Andrews <marka at isc.org> wrote:
> >
> >> What lie?  Truly who is lying here.  Not the end user.  Not HE.  There
> is
> >> no requirement to report physical location.
> >>
> >
> > The general lie that is IP Geolocation. HE only has what I tell them
> (100%
> > unverified), and what MaxMind (et.al.) tell them (~95% unverified.) They
> > know my IPv4 endpoint address, but that doesn't give them a concrete
> street
> > address -- they're guessing in exactly the same way everyone else does.
> And
> > more to the point, HE doesn't share that information with anyone. (whois
> is
> > populated with your account information. they don't ask where your
> tunnels
> > are going.)
> >
> > Are they legally required to go to this level?
> >>
> >
> > Possibly, but Netflix isn't going to push this. Win or Lose, they still
> > lose distribution rights.
> >
> > Netflix (and their licensees) know people are using HE tunnels to get
> >>> around region restrictions. Their hands are tied; they have to show
> >>> they're doing something to limit this.
> >>>
> >>
> >> No, they do not know.  The purpose of HE tunnels is to get IPv6 service.
> >> The fact that the endpoints are in different countries some of the time
> >> is incidental to that.
> >>
> >
> > YES. THEY. DO. There have been entire COMPANIES doing this. (which is
> > likely what sparked this level of response.) Neither HE nor Netflix are
> > naming names, but a short walk through the more colorful parts of the
> > internet should be enlightening.
> >
> > Garbage.  You have to establish the tunnel which requires registering
> >> a account.  It also requires a machine at the other end.  Virtual
> >> or physical they don't move around the world in a DDNS update. The
> >> addresses associated with a tunnel don't change for the life of
> >> that tunnel.
> >>
> >
> > True. 'tho, you can list any nonsense address you want. They do nothing
> to
> > validate it. (Use my favorite BS address: Independence MT -- pop: zero.
> > It's a dirt road across a mountain in the middle of absolutely nowhere.
> > Google it!)
> >
> > The tunnel endpoint (your IPv4 address) is known only to HE, and not
> > exposed to ANYONE. That's not going to EVER change. Once your tunnel has
> > been setup, that address ("Client IPv4 Address") is not set in stone.
> > People have dynamic addresses, and HE recognizes this, so there are
> > numerous methods to change the tunnel endpoint address. (tunnel
> > configuration page, update through an http(s) request, etc.) THUS, a
> tunnel
> > can move; it can be terminated anywhere, at anytime. Not only can one
> > update the endpoint to a different address on the same box, but to a
> > completely different box entirely.
> >
> > Furthermore, one account can have several tunnels through different
> > servers that present addresses from different regions. Where I appear to
> be
> > in the world, thus, depends on which tunnel I have enabled. (and in which
> > countries HE has prefixes, which currently appears to be 4)
> >
>