Re: The great Netflix vpn debacle!

[Warren Kumari <warren () kumari net>]

On Fri, Aug 27, 2021 at 7:54 PM Justin Krejci <JKrejci () usinternet com>
wrote:

> +1 on Bryan's message.
>
>
> TL;DR
>
> It seems lots of ISPs are struggling to figure out the why and the where
> of many IP addresses or blocks that are suddenly being blacklisted or
> flagged as VPNs or as out of service area.
>
>
>
>
> I would really love to find, as Bryan said, if there is one particular IP
> reputation data provider who either got real aggressive recently or some
> (contaminated?) data was shared around. If there is I have no problem
> wading through their support processes to get it sorted but as it stands I
> just don't know who to call. It just has been very difficult to glean any
> actionable info and of course the normal support teams at the respective
> streaming providers mostly just are telling customers to call their ISP....
> as if every random ISP has some special backdoor contact to every
> streaming provider where we can just get problems resolved quickly and
> easily while we all have a good laugh at people being able to watch their
> preferred movies and shows.
>
>
> At least with email DNSBL filtering you usually get informed which DNSBL
> you are listed on and you can sort that out directly. In this case, the
> overall system of IP reputation based filtering seems still comparatively
> immature. The most I have gotten is after a very long phone call with
> someone at Hulu, they confirmed there is some issue affecting multiple
> networks and they are working on the issue and suggested I go through a
> whitelisting request process which may solve the problems but just for Hulu
> obviously.
>
>
> I have published and tried to register our own geofeed data as defined in
> RFC8805 with as many IP geolocation providers as possible.

So, RFC8805 is great and all, but it sure is annoying that you have to find
webforms for a whole heap-o-geolocation providers, and figure out how to
tell them where your geofeed file lives, etc.

Introducing RFC9092 - "Finding and Using Geofeed Data" (
https://datatracker.ietf.org/doc/rfc9092/ ). It slices, it dices...it even
makes Julienne fries!...
Actually, nope, it just allows you to publish, in IRR records, the location
of the RFC8805 format file. e.g:
$ whois -h whois.ripe.net 31.130.224.0 | egrep "inetnum|netname|remarks"
inetnum:        31.130.224.0 - 31.130.239.255
netname:        ietf-meeting-network
remarks:        Geofeed https://noc.ietf.org/geo/google.csv

The RFC has more examples, and also suggests an optional signature to
strongly authenticate the data in the geofeed files...

W
Disclaimer: author



> I have checked around to as many IP geolocation and IP reputations sites
> as I can find and everything is either clean/accurate or there is no query
> method open to the public for troubleshooting that I can find. This is just
> yet another example to me of immaturity on dealing with geolocation
> problems: just spinning my wheels in the dark with mud spraying everywhere.
> There does not appear to be any consistency on handling issues by the
> content providers using IP geolocation and reputation to filter. If the
> content providers want to reject client connections they ought to provide
> more actionable information in their errors messages for ISPs since they
> are all just telling the users to call their ISPs. It just feels like a
> vicious circle.
>
>
> So currently we are left with multiple video streaming providers that all
> started to flag many customers across many of our IP blocks all beginning
> earlier this month affecting customers, many of whom have been using the
> same IP address for years without issue until now. Do we try and
> decommission multiple IP subnets shuffle users over to new subnets and risk
> contaminating more subnets if this is an ongoing and regularly updated
> blacklist data set. This would further exacerbate the problem across
> yet more subnets that are getting scarcer. As a tangent, I am curious to
> see how IP geolocation and reputation systems are handling IPv6, I suppose
> they are just grouping larger and larger networks together into the same
> listings.
>
>
> Someone who knows something concrete about this current issue, please throw
> us ISPs a bone.
>
>
> With this email I feel like Leia recording a video plea for help
> addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my only
> hope.
>
>
>
>
>
> ------------------------------
> *From:* NANOG <nanog-bounces+jkrejci=usinternet.com () nanog org> on behalf
> of Bryan Holloway <bryan () shout net>
> *Sent:* Friday, August 27, 2021 4:56 PM
> *To:* Mike Hammett; John Alcock
> *Cc:* nanog () nanog org
> *Subject:* Re: The great Netflix vpn debacle!
>
> Is there some new DB that major CDNs are using?
>
> We've been getting several reports of prefixes of ours being blocked,
> claiming to be VPNs, even though we've been using those subnets without
> incident for years.
>
> HBO, Netflix, and Hulu appear to be common denominators. I have to
> wonder if they're all siphoning misinformation off of some new DB
> somewhere ...
>
>
> On 8/14/21 1:45 AM, Mike Hammett wrote:
> > https://thebrotherswisp.com/index.php/geo-and-vpn/
> >
> >
> >
> > -----
> > Mike Hammett
> > Intelligent Computing Solutions <http://www.ics-il.com/>
> > <
> https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL
> <https://www.facebook.com/ICSIL%3E%3Chttps://plus.google.com/+IntelligentComputingSolutionsDeKalb%3E%3Chttps://www.linkedin.com/company/intelligent-computing-solutions%3E%3Chttps://twitter.com/ICSIL>
> > Midwest Internet Exchange <http://www.midwest-ix.com/>
> > <
> https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix
> > The Brothers WISP <http://www.thebrotherswisp.com/>
> > <
> https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg
> > ------------------------------------------------------------------------
> > *From: *"John Alcock" <john () alcock org>
> > *To: *nanog () nanog org
> > *Sent: *Friday, August 13, 2021 2:11:16 PM
> > *Subject: *The great Netflix vpn debacle!
> >
> > Well,
> >
> > It happened. I have multiple subscribers calling in. They can not access
> > Netflix.
> >
> > Any contacts on list for Netflix that I can use to get my up blocks
> > whitelisted?
> >
> > John


-- 
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
  -- E. W. Dijkstra