nanog mailing list archives

Re: Netflix VPN detection - actual engineer needed

From: Nicholas Suan <nsuan () nonexiste net>
Date: Wed, 8 Jun 2016 11:58:23 -0400

On Wednesday, June 8, 2016, Baldur Norddahl <baldur.norddahl () gmail com>
wrote:



On 2016-06-08 07:27, Mark Andrews wrote:

In message <20160608070525.06fd5995 () echo ms redpill-linpro com>, Tore
Anderson writes:

* Davide Davini <diotonante () gmail com>

Blocking access to Netflix via the tunnel seems like an obvious
solution to me, for what it's worth.

And which set of prefixes is that?  How often do they change? etc.

A start would be blocking 2620:108:700f::/64 as discovered by a simple DNS
lookup on netflix.com. I am not running a HE tunnel (I got native IPv6)
and I am not blocked from accessing Netflix over IPv6 so can't really try
it. I am curious however that none of the vocal HE tunnel users here
appears to have tried even simple counter measures such as a simple
firewall rule to drop traffic to that one /64 prefix.


That's a start but Netflix has a few more prefixes than that:
http://bgp.he.net/AS2906#_prefixes6

Current thread:

Re: Netflix VPN detection - actual engineer needed, (continued)
- - - Re: Netflix VPN detection - actual engineer needed Eric Kuhnke (Jun 03)
    - Re: Netflix VPN detection - actual engineer needed Alex Buie (Jun 03)
    - Re: Netflix VPN detection - actual engineer needed Mikael Abrahamsson (Jun 03)
    - Re: Netflix VPN detection - actual engineer needed Owen DeLong (Jun 04)
    - Re: Netflix VPN detection - actual engineer needed Mikael Abrahamsson (Jun 04)
    - Re: Netflix VPN detection - actual engineer needed Davide Davini (Jun 07)
    - Re: Netflix VPN detection - actual engineer needed Tore Anderson (Jun 07)
    - Re: Netflix VPN detection - actual engineer needed Mark Andrews (Jun 07)
    - Re: Netflix VPN detection - actual engineer needed Baldur Norddahl (Jun 08)
    - Re: Netflix VPN detection - actual engineer needed Steve Atkins (Jun 08)
    - Re: Netflix VPN detection - actual engineer needed Nicholas Suan (Jun 08)
    - Re: Netflix VPN detection - actual engineer needed Baldur Norddahl (Jun 08)
    - Message not available
    - Re: Netflix VPN detection - actual engineer needed Baldur Norddahl (Jun 08)
    - Re: Netflix VPN detection - actual engineer needed Antonio Querubin (Jun 09)
    - Re: Netflix VPN detection - actual engineer needed Antonio Querubin (Jun 09)
    - Re: Netflix VPN detection - actual engineer needed Mikael Abrahamsson (Jun 07)
    - Message not available
    - Re: Netflix VPN detection - actual engineer needed Owen DeLong (Jun 08)
    - Re: Netflix VPN detection - actual engineer needed Davide Davini (Jun 14)
    - Re: Netflix VPN detection - actual engineer needed Blair Trosper (Jun 03)
    - Re: Netflix VPN detection - actual engineer needed Spencer Ryan (Jun 03)
    - RE: Netflix VPN detection - actual engineer needed Naslund, Steve (Jun 03)

(Thread continues...)