Re: Netflix VPN detection - actual engineer needed

[Baldur Norddahl <baldur.norddahl () gmail com>]

On 2016-06-08 17:58, Nicholas Suan wrote:
> On Wednesday, June 8, 2016, Baldur Norddahl <baldur.norddahl () gmail com 
> <mailto:baldur.norddahl () gmail com>> wrote:
>
>
>     A start would be blocking 2620:108:700f::/64 as discovered by a
>     simple DNS lookup on netflix.com <http://netflix.com>. I am not
>     running a HE tunnel (I got native IPv6) and I am not blocked from
>     accessing Netflix over IPv6 so can't really try it. I am curious
>     however that none of the vocal HE tunnel users here appears to
>     have tried even simple counter measures such as a simple firewall
>     rule to drop traffic to that one /64 prefix.
>
>
> That's a start but Netflix has a few more prefixes than that: 
> http://bgp.he.net/AS2906#_prefixes6

They do but that is irrelevant. Blocking just that one /64 prefix works 
because that is where their tunnel detector apparently lives.

I think we are at the point where we can say it would be nice if Netflix 
could just redirect users from IPv6 to IPv4 when a tunnel is suspected. 
They do deserve flames for being bad guys here when they have such an 
easy out.

But you can also just fix the issue yourself with a simple firewall rule.

Regards,

Baldur