nanog mailing list archives
Re: Netflix VPN detection - actual engineer needed
From: Blair Trosper <blair.trosper () gmail com>
Date: Mon, 6 Jun 2016 20:27:26 -0700
Right, but I think we know what Netflix is implying when they say "proxy unblocker" or "VPN" -- they mean people are deliberately going around GeoIP. In this case, I don't know anyone who uses TunnelBroker that way. They're using it for V6. That is to say, everyone I know with this issue could simply solve it by disabling IPv6 (and TunnelBroker) -- meaning they're already in the US (or $region) -- and the IPv6 detection on the CDN/web is what's wrong. I think I will go further here and say that the message sort if implies the user is acting in bad faith, which may raise some animosity towards Netflix. On Mon, Jun 6, 2016 at 8:25 PM, Spencer Ryan <sryan () arbor net> wrote:
The tunnelbroker service acts exactly like a VPN. It allows you, from any arbitrary location in the world with an IPv4 address, to bring traffic out via one of HE's 4 POP's, while completely masking your actual location. *Spencer Ryan* | Senior Systems Administrator | sryan () arbor net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Mon, Jun 6, 2016 at 11:22 PM, Blair Trosper <blair.trosper () gmail com> wrote:It should be pointed out that -- the SPECIFIC accusation from Netflix -- is that people on TunnelBroker are on a VPN or proxy unblocker. The data does not bear that out. Hash tag just saying. </soapbox> On Mon, Jun 6, 2016 at 7:53 PM, Ricky Beam <jfbeam () gmail com> wrote:On Mon, 06 Jun 2016 19:41:14 -0400, Mark Andrews <marka () isc org> wrote:What lie? Truly who is lying here. Not the end user. Not HE. Thereisno requirement to report physical location.The general lie that is IP Geolocation. HE only has what I tell them(100%unverified), and what MaxMind (et.al.) tell them (~95% unverified.)Theyknow my IPv4 endpoint address, but that doesn't give them a concretestreetaddress -- they're guessing in exactly the same way everyone else does.Andmore to the point, HE doesn't share that information with anyone.(whois ispopulated with your account information. they don't ask where yourtunnelsare going.) Are they legally required to go to this level?Possibly, but Netflix isn't going to push this. Win or Lose, they still lose distribution rights. Netflix (and their licensees) know people are using HE tunnels to getaround region restrictions. Their hands are tied; they have to show they're doing something to limit this.No, they do not know. The purpose of HE tunnels is to get IPv6service.The fact that the endpoints are in different countries some of the time is incidental to that.YES. THEY. DO. There have been entire COMPANIES doing this. (which is likely what sparked this level of response.) Neither HE nor Netflix are naming names, but a short walk through the more colorful parts of the internet should be enlightening. Garbage. You have to establish the tunnel which requires registeringa account. It also requires a machine at the other end. Virtual or physical they don't move around the world in a DDNS update. The addresses associated with a tunnel don't change for the life of that tunnel.True. 'tho, you can list any nonsense address you want. They do nothingtovalidate it. (Use my favorite BS address: Independence MT -- pop: zero. It's a dirt road across a mountain in the middle of absolutely nowhere. Google it!) The tunnel endpoint (your IPv4 address) is known only to HE, and not exposed to ANYONE. That's not going to EVER change. Once your tunnel has been setup, that address ("Client IPv4 Address") is not set in stone. People have dynamic addresses, and HE recognizes this, so there are numerous methods to change the tunnel endpoint address. (tunnel configuration page, update through an http(s) request, etc.) THUS, atunnelcan move; it can be terminated anywhere, at anytime. Not only can one update the endpoint to a different address on the same box, but to a completely different box entirely. Furthermore, one account can have several tunnels through different servers that present addresses from different regions. Where I appearto bein the world, thus, depends on which tunnel I have enabled. (and inwhichcountries HE has prefixes, which currently appears to be 4)
Current thread:
- Re: Netflix VPN detection - actual engineer needed, (continued)
- Re: Netflix VPN detection - actual engineer needed Owen DeLong (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Matthew Huff (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Mark Felder (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Owen DeLong (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Mark Andrews (Jun 05)
- Re: Netflix VPN detection - actual engineer needed Ricky Beam (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Mark Andrews (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Ricky Beam (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Blair Trosper (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Spencer Ryan (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Blair Trosper (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Owen DeLong (Jun 06)
- Re[2]: Netflix VPN detection - actual engineer needed Matthew Kaufman (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Owen DeLong (Jun 06)
- Re: Netflix VPN detection - actual engineer needed Mark Felder (Jun 07)
- Re: Netflix VPN detection - actual engineer needed Cryptographrix (Jun 07)
- Re: Netflix VPN detection - actual engineer needed Mike Hammett (Jun 07)
- Re: Netflix VPN detection - actual engineer needed joel jaeggli (Jun 07)
- Re: Netflix VPN detection - actual engineer needed Ca By (Jun 07)
- Re: Netflix VPN detection - actual engineer needed Cryptographrix (Jun 07)
- Re: Netflix VPN detection - actual engineer needed Ca By (Jun 07)