[189824] in North American Network Operators' Group
Re: Netflix VPN detection - actual engineer needed
daemon@ATHENA.MIT.EDU (joel jaeggli)
Tue Jun 7 10:07:11 2016
X-Original-To: nanog@nanog.org
To: Cryptographrix <cryptographrix@gmail.com>, Mark Felder <feld@feld.me>,
"nanog@nanog.org" <nanog@nanog.org>
From: joel jaeggli <joelja@bogus.com>
Date: Tue, 7 Jun 2016 07:06:57 -0700
In-Reply-To: <CAPPYGuzx-WEcJrrZa3AP=h_Qgb=WBm37WYM317vUAOGCCY_25g@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--W5eEVHdhX7Eujm1sjSpXuNMrTxWuNR6jv
From: joel jaeggli <joelja@bogus.com>
To: Cryptographrix <cryptographrix@gmail.com>, Mark Felder <feld@feld.me>,
"nanog@nanog.org" <nanog@nanog.org>
Message-ID: <9f9d5ae6-788d-7bfb-e64e-f10c236262c5@bogus.com>
Subject: Re: Netflix VPN detection - actual engineer needed
References: <em67bcc237-1f5b-4fcd-a4f6-20cd797206fc@matthew-t5500>
<CAB4k-o87YjBevHXD2Pq87o7Uj0vjEJ0Ri_=iEO9vp-QAnGgCNw@mail.gmail.com>
<CAA5Ek4dJXoK_bmVRntt6DCFSTcubesAdG2=rR3WaCWcE1d=BSw@mail.gmail.com>
<bd68ef08ef6445c9a67a980b49105457@pur-vm-exch13n2.ox.com>
<7f4454ef-51df-b97b-4315-e5efd27771fb@heliacal.net>
<20160603212808.61A794AC8EC8@rock.dv.isc.org>
<9578293AE169674F9A048B2BC9A081B401E661A0BD@MUNPRDMBXA1.medline.com>
<CAPPYGuzFkDvHp_ofk7jFtf-adp2j7x58bq0aPT8Loo4JBes5gA@mail.gmail.com>
<9578293AE169674F9A048B2BC9A081B401E661A134@MUNPRDMBXA1.medline.com>
<CAPPYGuzWZLwJmb5_qAZjBpF-4iQbTT5tzgF_5AaZ8YDdRisGCA@mail.gmail.com>
<CAPPYGuwwSEfv06etnzdSMHwC2KToudYyPqTT3zbdFjkXtF=vnw@mail.gmail.com>
<CAPkb-7BE5HoAUPWffmHWgpNj0MsTZj5DzffVbYVR_2LQpEekVQ@mail.gmail.com>
<CAPkb-7B--KqgZmis1DuuUtyBJJXmCxvXUG-UCnfE1cjNcxmpFA@mail.gmail.com>
<CAPkb-7BeOs=jrkyTJ8J5+FHtDFS4fzzPPJ-GFMGtCDrfQwJRXw@mail.gmail.com>
<CAOZq8-idmdXK11uNnxcDubgBrQ2jEopNy7xjFuo3BVcQ4qXdyA@mail.gmail.com>
<CAOZq8-g_w1+y+K0eSrVtR+MyHP_JVFCvnpmeZFLMOYL6NEd=hg@mail.gmail.com>
<20160605233527.7A8574AD2CFC@rock.dv.isc.org>
<op.yinof8sotfhldh@rbeam.xactional.com>
<20160606234114.7A7904AE812D@rock.dv.isc.org>
<op.yin2b8x4tfhldh@rbeam.xactional.com>
<CAA5Ek4cGiDnbJ+mhJTcXH9wBsUgWMTU4dxX6QHZwotLwaiesPA@mail.gmail.com>
<CA+HzidTnQUBsVW1E9Ss5EJdkqRw3_NsDmCs8+A_6PZyMs67k-Q@mail.gmail.com>
<32FC6E7F-12E8-4B11-8416-C31FFEE340DA@feld.me>
<CAPPYGuzx-WEcJrrZa3AP=h_Qgb=WBm37WYM317vUAOGCCY_25g@mail.gmail.com>
In-Reply-To: <CAPPYGuzx-WEcJrrZa3AP=h_Qgb=WBm37WYM317vUAOGCCY_25g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 6/7/16 6:55 AM, Cryptographrix wrote:
> As I said to Netflix's tech support - if they advocate for people to tu=
rn
> off IPv6 on their end, maybe Netflix should stop supporting it on their=
end.
>=20
> It's in the air whether it's just an HE tunnel issue or an IPv6 issue a=
t
> the moment, and if their tech support is telling people to turn off IPv=
6,
> maybe they should just instead remove their AAAA records.
it clearly works with prefixes delegated from other isps.
=2E..
http://i.imgur.com/sJUM7tn.png
> (or fail back to ipv4 when v6 looks like a tunnel)
>=20
>=20
>=20
> On Tue, Jun 7, 2016 at 9:22 AM Mark Felder <feld@feld.me> wrote:
>=20
>>
>>> On Jun 6, 2016, at 22:25, Spencer Ryan <sryan@arbor.net> wrote:
>>>
>>> The tunnelbroker service acts exactly like a VPN. It allows you, from=
any
>>> arbitrary location in the world with an IPv4 address, to bring traffi=
c
>> out
>>> via one of HE's 4 POP's, while completely masking your actual locatio=
n.
>>>
>>
>> Perhaps Netflix should automatically block any connection that's not f=
rom
>> a known residential ISP or mobile ISP as anything else could be a serv=
er
>> someone is proxying through. It's very easy to get these subnets -- th=
e
>> spam filtering folks have these subnets well documented. /s
>>
>> --
>> Mark Felder
>> feld@feld.me
>>
>>
>=20
--W5eEVHdhX7Eujm1sjSpXuNMrTxWuNR6jv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAldW1QMACgkQ8AA1q7Z/VrJ9sQCfUGOwiKzV8OAJQ6YPGqnLLA9K
MqMAnjnn1k8hsqUBE+Z8IFd6ZB0jdg6J
=nOFh
-----END PGP SIGNATURE-----
--W5eEVHdhX7Eujm1sjSpXuNMrTxWuNR6jv--
