Re: The great Netflix vpn debacle!

[Martin Hannigan <hannigan () gmail com>]

On Tue, Aug 31, 2021 at 2:19 PM Bryan Holloway <bryan () shout net> wrote:

> So I've made some progress, but not on the HBO front. (Hulu and Netflix
> have been responsive so far.)
>
> Tried the e-mail address on Mike Hammett and Co.'s handy web-page, but
> got no response after several days. Ironically we were able to get
> through to the "closed-captioning" department, but this isn't
> particularly useful.
>
> Does anyone have another possible contact for HBO folks to get some
> prefixes unflagged as "VPN"?

I see a CDN at least in the path of their web server:


> To be clear, this is not a geolocate issue. At least according to the
> error our users are getting.
>
> Thanks, all!
>
>
> On 8/28/21 1:51 AM, Justin Krejci wrote:
> > +1 on Bryan's message.
> >
> >
> > TL;DR
> >
> > It seems lots of ISPs are struggling to figure out the why and the where
> > of many IP addresses or blocks that are suddenly being blacklisted or
> > flagged as VPNs or as out of service area.
> >
> >
> >
> >
> > I would really love to find, as Bryan said, if there is one particular
> > IP reputation data provider who either got real aggressive recently or
> > some (contaminated?) data was shared around. If there is I have no
> > problem wading through their support processes to get it sorted but as
> > it stands I just don't know who to call. It just has been very difficult
> > to glean anyactionable info and of course the normal support teams at
> > the respective streaming providers mostly just are telling customers to
> > call their ISP.... as if every random ISP has some special backdoor
> > contact to every streaming provider where we can just get problems
> > resolved quickly and easily while we all have a good laugh at people
> > being able to watch their preferred movies and shows.
> >
> >
> > At least with email DNSBL filtering you usually get informed which DNSBL
> > you are listed on and you can sort that out directly. In this case, the
> > overall system of IP reputation based filtering seems still
> > comparatively immature. The most I have gotten is after a very long
> > phone call with someone at Hulu, they confirmed there is some issue
> > affecting multiple networks and they are working on the issue and
> > suggested I go through a whitelisting request process which may solve
> > the problems but just for Hulu obviously.
> >
> >
> > I have published and tried to register our own geofeed data as defined
> > in RFC8805 with as many IP geolocation providers as possible. I have
> > checked around to as many IP geolocation and IP reputations sites as I
> > can find and everything is either clean/accurate or there is no query
> > method open to the public for troubleshooting that I can find. This is
> > just yet another example to me of immaturity on dealing with geolocation
> > problems: just spinning my wheels in the dark with mud spraying
> > everywhere. There does not appear to be any consistency on handling
> > issues by the content providers using IP geolocation and reputation to
> > filter. If the content providers want to reject client connections they
> > ought to provide more actionable information in their errors messages
> > for ISPs since they are all just telling the users to call their ISPs.
> > It just feels like a vicious circle.
> >
> >
> > So currently we are left with multiple video streaming providers that
> > all started to flag many customers across many of our IP blocks all
> > beginning earlier this month affecting customers, many of whom have been
> > using the same IP address for years without issue until now. Do we try
> > and decommission multiple IP subnets shuffle users over to new subnets
> > and risk contaminating more subnets if this is an ongoing and
> > regularly updated blacklist data set. This would further exacerbate the
> > problem across yet more subnets that are getting scarcer. As a tangent,
> > I am curious to see how IP geolocation and reputation systems are
> > handling IPv6, I suppose they are just grouping larger and larger
> > networks together into the same listings.
> >
> >
> > Someone who knows something concrete about this current issue, please
> > throw us ISPs a bone.
> >
> >
> > With this email I feel like Leia recording a video plea for help
> > addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my
> > only hope.
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> > *From:* NANOG <nanog-bounces+jkrejci=usinternet.com () nanog org> on
> behalf
> > of Bryan Holloway <bryan () shout net>
> > *Sent:* Friday, August 27, 2021 4:56 PM
> > *To:* Mike Hammett; John Alcock
> > *Cc:* nanog () nanog org
> > *Subject:* Re: The great Netflix vpn debacle!
> > Is there some new DB that major CDNs are using?
> >
> > We've been getting several reports of prefixes of ours being blocked,
> > claiming to be VPNs, even though we've been using those subnets without
> > incident for years.
> >
> > HBO, Netflix, and Hulu appear to be common denominators. I have to
> > wonder if they're all siphoning misinformation off of some new DB
> > somewhere ...
> >
> >
> > On 8/14/21 1:45 AM, Mike Hammett wrote:
> > > https://thebrotherswisp.com/index.php/geo-and-vpn/
> > <https://thebrotherswisp.com/index.php/geo-and-vpn/>
> > > -----
> > > Mike Hammett
> > > Intelligent Computing Solutions <http://www.ics-il.com/ <
> http://www.ics-il.com/>>
> > > <*MailScanner has detected a possible fraud attempt from
> > "www.facebook.com" claiming to be*
> > https://www.facebook.com/ICSIL><
> https://plus.google.com/+IntelligentComputingSolutionsDeKalb><
> https://www.linkedin.com/company/intelligent-computing-solutions><
> https://twitter.com/ICSIL
> > <https://www.facebook.com/ICSIL><
> https://plus.google.com/+IntelligentComputingSolutionsDeKalb><
> https://www.linkedin.com/company/intelligent-computing-solutions><
> https://twitter.com/ICSIL>>
> > > Midwest Internet Exchange <http://www.midwest-ix.com/ <
> http://www.midwest-ix.com/>>
> > > <*MailScanner has detected a possible fraud attempt from
> > "www.facebook.com" claiming to be*
> > https://www.facebook.com/mdwestix><
> https://www.linkedin.com/company/midwest-internet-exchange><
> https://twitter.com/mdwestix
> > <https://www.facebook.com/mdwestix><
> https://www.linkedin.com/company/midwest-internet-exchange><
> https://twitter.com/mdwestix>>
> > > The Brothers WISP <http://www.thebrotherswisp.com/ <
> http://www.thebrotherswisp.com/>>
> > > <https://www.facebook.com/thebrotherswisp><
> https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg
> > <https://www.facebook.com/thebrotherswisp><
> https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>>
> > > ------------------------------------------------------------------------
> > > *From: *"John Alcock" <john () alcock org>
> > > *To: *nanog () nanog org
> > > *Sent: *Friday, August 13, 2021 2:11:16 PM
> > > *Subject: *The great Netflix vpn debacle!
> > >
> > > Well,
> > >
> > > It happened. I have multiple subscribers calling in. They can not
> access
> > > Netflix.
> > >
> > > Any contacts on list for Netflix that I can use to get my up blocks
> > > whitelisted?
> > >
> > > John