Netflix VPN detection - actual engineer needed
Steve Atkins
steve at blighty.com
Wed Jun 8 15:30:40 UTC 2016
> On Jun 8, 2016, at 8:13 AM, Baldur Norddahl <baldur.norddahl at gmail.com> wrote:
>
>
>
> On 2016-06-08 07:27, Mark Andrews wrote:
>> In message <20160608070525.06fd5995 at echo.ms.redpill-linpro.com>, Tore Anderson writes:
>>> * Davide Davini <diotonante at gmail.com>
>>>
>>> Blocking access to Netflix via the tunnel seems like an obvious
>>> solution to me, for what it's worth.
>> And which set of prefixes is that? How often do they change? etc.
>>
>
> A start would be blocking 2620:108:700f::/64 as discovered by a simple DNS lookup on netflix.com. I am not running a HE tunnel (I got native IPv6) and I am not blocked from accessing Netflix over IPv6 so can't really try it. I am curious however that none of the vocal HE tunnel users here appears to have tried even simple counter measures such as a simple firewall rule to drop traffic to that one /64 prefix.
>
> It might be that more needs to be blocked, but in that case it will be trivial to find the required prefixes by launching Wireshark and observe the IPv6 traffic generated when accessing netflix.com. Maybe someone could do that and post the results, as it is apparent that many people are in need of a solution.
I don't think that "getting to Netflix over an HE tunnel" is something that people here need a solution to, rather it's "stopping Netflix from discouraging IPv6 usage" or perhaps "encouraging Netflix to stop breaking service to IPv6 users, including their lack of support for IPv4 fallback".
The connection to NANOG isn't that NANOG users want to reach Netflix, it's that NANOG users have an interest in the broader health of the IPv6 ecosystem.
Given the number of pieces of off-the-shelf packaged software that are designed to allow the end-user, with no technical expertise required, to proxy through an HE tunnel so as to avoid Netflix geolocation[1] I don't blame Netflix for blocking HE tunnels, but I do blame them for doing so badly.
Cheers,
Steve
[1] e.g. https://github.com/ab77/netflix-proxy
More information about the NANOG
mailing list