Mailing List Archive

geosupport@netflix.com has been very responsive for us. Best of luck,
Netflix is always a hassle.

Phin

On Fri, Aug 13, 2021 at 8:13 PM John Alcock <john@alcock.org> wrote:

> Well,
>
> It happened. I have multiple subscribers calling in. They can not access
> Netflix.
>
> Any contacts on list for Netflix that I can use to get my up blocks
> whitelisted?
>
> John
>

https://thebrotherswisp.com/index.php/geo-and-vpn/




-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

----- Original Message -----

From: "John Alcock" <john@alcock.org>
To: nanog@nanog.org
Sent: Friday, August 13, 2021 2:11:16 PM
Subject: The great Netflix vpn debacle!

Well,


It happened. I have multiple subscribers calling in. They can not access Netflix.


Any contacts on list for Netflix that I can use to get my up blocks whitelisted?


John

Is there some new DB that major CDNs are using?

We've been getting several reports of prefixes of ours being blocked,
claiming to be VPNs, even though we've been using those subnets without
incident for years.

HBO, Netflix, and Hulu appear to be common denominators. I have to
wonder if they're all siphoning misinformation off of some new DB
somewhere ...


On 8/14/21 1:45 AM, Mike Hammett wrote:
> https://thebrotherswisp.com/index.php/geo-and-vpn/
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> ------------------------------------------------------------------------
> *From: *"John Alcock" <john@alcock.org>
> *To: *nanog@nanog.org
> *Sent: *Friday, August 13, 2021 2:11:16 PM
> *Subject: *The great Netflix vpn debacle!
>
> Well,
>
> It happened. I have multiple subscribers calling in. They can not access
> Netflix.
>
> Any contacts on list for Netflix that I can use to get my up blocks
> whitelisted?
>
> John
>

+1 on Bryan's message.


TL;DR

It seems lots of ISPs are struggling to figure out the why and the where of many IP addresses or blocks that are suddenly being blacklisted or flagged as VPNs or as out of service area.




I would really love to find, as Bryan said, if there is one particular IP reputation data provider who either got real aggressive recently or some (contaminated?) data was shared around. If there is I have no problem wading through their support processes to get it sorted but as it stands I just don't know who to call. It just has been very difficult to glean any actionable info and of course the normal support teams at the respective streaming providers mostly just are telling customers to call their ISP.... as if every random ISP has some special backdoor contact to every streaming provider where we can just get problems resolved quickly and easily while we all have a good laugh at people being able to watch their preferred movies and shows.


At least with email DNSBL filtering you usually get informed which DNSBL you are listed on and you can sort that out directly. In this case, the overall system of IP reputation based filtering seems still comparatively immature. The most I have gotten is after a very long phone call with someone at Hulu, they confirmed there is some issue affecting multiple networks and they are working on the issue and suggested I go through a whitelisting request process which may solve the problems but just for Hulu obviously.


I have published and tried to register our own geofeed data as defined in RFC8805 with as many IP geolocation providers as possible. I have checked around to as many IP geolocation and IP reputations sites as I can find and everything is either clean/accurate or there is no query method open to the public for troubleshooting that I can find. This is just yet another example to me of immaturity on dealing with geolocation problems: just spinning my wheels in the dark with mud spraying everywhere. There does not appear to be any consistency on handling issues by the content providers using IP geolocation and reputation to filter. If the content providers want to reject client connections they ought to provide more actionable information in their errors messages for ISPs since they are all just telling the users to call their ISPs. It just feels like a vicious circle.


So currently we are left with multiple video streaming providers that all started to flag many customers across many of our IP blocks all beginning earlier this month affecting customers, many of whom have been using the same IP address for years without issue until now. Do we try and decommission multiple IP subnets shuffle users over to new subnets and risk contaminating more subnets if this is an ongoing and regularly updated blacklist data set. This would further exacerbate the problem across yet more subnets that are getting scarcer. As a tangent, I am curious to see how IP geolocation and reputation systems are handling IPv6, I suppose they are just grouping larger and larger networks together into the same listings.


Someone who knows something concrete about this current issue, please throw us ISPs a bone.


With this email I feel like Leia recording a video plea for help addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my only hope.




________________________________
From: NANOG <nanog-bounces+jkrejci=usinternet.com@nanog.org> on behalf of Bryan Holloway <bryan@shout.net>
Sent: Friday, August 27, 2021 4:56 PM
To: Mike Hammett; John Alcock
Cc: nanog@nanog.org
Subject: Re: The great Netflix vpn debacle!

Is there some new DB that major CDNs are using?

We've been getting several reports of prefixes of ours being blocked,
claiming to be VPNs, even though we've been using those subnets without
incident for years.

HBO, Netflix, and Hulu appear to be common denominators. I have to
wonder if they're all siphoning misinformation off of some new DB
somewhere ...


On 8/14/21 1:45 AM, Mike Hammett wrote:
> https://thebrotherswisp.com/index.php/geo-and-vpn/
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> ------------------------------------------------------------------------
> *From: *"John Alcock" <john@alcock.org>
> *To: *nanog@nanog.org
> *Sent: *Friday, August 13, 2021 2:11:16 PM
> *Subject: *The great Netflix vpn debacle!
>
> Well,
>
> It happened. I have multiple subscribers calling in. They can not access
> Netflix.
>
> Any contacts on list for Netflix that I can use to get my up blocks
> whitelisted?
>
> John
>

So I've made some progress, but not on the HBO front. (Hulu and Netflix
have been responsive so far.)

Tried the e-mail address on Mike Hammett and Co.'s handy web-page, but
got no response after several days. Ironically we were able to get
through to the "closed-captioning" department, but this isn't
particularly useful.

Does anyone have another possible contact for HBO folks to get some
prefixes unflagged as "VPN"?

To be clear, this is not a geolocate issue. At least according to the
error our users are getting.

Thanks, all!


On 8/28/21 1:51 AM, Justin Krejci wrote:
> +1 on Bryan's?message.
>
>
> TL;DR
>
> It seems lots?of ISPs are struggling to figure out the why and the where
> of many IP addresses or?blocks that are suddenly being blacklisted or
> flagged as VPNs or as out of service area.
>
>
>
>
> I would really love to find, as Bryan said, if there is one particular
> IP reputation data provider who either got real aggressive recently or
> some (contaminated?) data was shared around. If there is?I have no
> problem wading through their support processes to get it sorted but as
> it stands I just don't know who to call. It just has been very difficult
> to glean anyactionable info and of course the normal support teams at
> the respective streaming providers mostly just are telling customers to
> call their ISP.... as if every random ISP has some special backdoor
> contact to every streaming provider where we can just get problems
> resolved quickly and easily while we all have a good laugh at people
> being able to watch their preferred movies and shows.
>
>
> At least with email DNSBL filtering?you usually get informed which DNSBL
> you are listed on and you can sort that out directly. In this case, the
> overall?system of IP reputation based?filtering seems still
> comparatively immature. The most I have gotten is after a very long
> phone call with someone at Hulu, they confirmed there is some issue
> affecting multiple networks and they are working on the issue?and
> suggested I go through a whitelisting request process which may solve
> the problems but just?for Hulu obviously.
>
>
> I have published and tried to register our own geofeed data as defined
> in RFC8805 with as many IP geolocation providers as possible. I have
> checked around to as many IP geolocation and IP reputations sites as I
> can find and everything is either clean/accurate or there is no query
> method open to the public for troubleshooting that I can find. This is
> just yet another example to me?of immaturity on dealing with geolocation
> problems: just spinning my wheels in the dark with mud spraying
> everywhere. There does not appear to be any?consistency on handling
> issues by the content providers using IP geolocation and reputation to
> filter. If the content providers want to reject client connections they
> ought to provide more actionable information in their errors messages
> for ISPs since they are all just telling the users to call their ISPs.
> It just feels like a vicious circle.
>
>
> So currently we are left with multiple video streaming providers that
> all started to flag many customers across many of our?IP blocks all
> beginning earlier this month affecting customers, many of whom have been
> using the same IP address for years without issue until now. Do we try
> and decommission?multiple IP subnets shuffle users over to new subnets
> and risk contaminating more subnets if this is an ongoing and
> regularly?updated blacklist data?set. This would further exacerbate the
> problem across yet?more subnets that are getting scarcer.?As a tangent,
> I am curious to see how IP geolocation and reputation systems are
> handling IPv6, I suppose they are?just?grouping?larger and larger
> networks together into the same listings.
>
>
> Someone who knows something concrete?about this current issue, please
> throw us ISPs?a bone.
>
>
> With this email?I feel like Leia recording a video plea?for help
> addressed?to Obi-Wan Kenobi.... help me Nanog Community... you're my
> only hope.
>
>
>
>
>
> ------------------------------------------------------------------------
> *From:* NANOG <nanog-bounces+jkrejci=usinternet.com@nanog.org> on behalf
> of Bryan Holloway <bryan@shout.net>
> *Sent:* Friday, August 27, 2021 4:56 PM
> *To:* Mike Hammett; John Alcock
> *Cc:* nanog@nanog.org
> *Subject:* Re: The great Netflix vpn debacle!
> Is there some new DB that major CDNs are using?
>
> We've been getting several reports of prefixes of ours being blocked,
> claiming to be VPNs, even though we've been using those subnets without
> incident for years.
>
> HBO, Netflix, and Hulu appear to be common denominators. I have to
> wonder if they're all siphoning misinformation off of some new DB
> somewhere ...
>
>
> On 8/14/21 1:45 AM, Mike Hammett wrote:
>> https://thebrotherswisp.com/index.php/geo-and-vpn/
> <https://thebrotherswisp.com/index.php/geo-and-vpn/>
>>
>>
>>
>> -----
>> Mike Hammett
>> Intelligent Computing Solutions <http://www.ics-il.com/ <http://www.ics-il.com/>>
>> <*MailScanner has detected a possible fraud attempt from
> "www.facebook.com" claiming to be*
> https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>>
>> Midwest Internet Exchange <http://www.midwest-ix.com/ <http://www.midwest-ix.com/>>
>> <*MailScanner has detected a possible fraud attempt from
> "www.facebook.com" claiming to be*
> https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>>
>> The Brothers WISP <http://www.thebrotherswisp.com/ <http://www.thebrotherswisp.com/>>
>> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg
> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>>
>> ------------------------------------------------------------------------
>> *From: *"John Alcock" <john@alcock.org>
>> *To: *nanog@nanog.org
>> *Sent: *Friday, August 13, 2021 2:11:16 PM
>> *Subject: *The great Netflix vpn debacle!
>>
>> Well,
>>
>> It happened. I have multiple subscribers calling in. They can not access
>> Netflix.
>>
>> Any contacts on list for Netflix that I can use to get my up blocks
>> whitelisted?
>>
>> John
>>

On Fri, Aug 27, 2021 at 7:54 PM Justin Krejci <JKrejci@usinternet.com>
wrote:

> +1 on Bryan's message.
>
>
> TL;DR
>
> It seems lots of ISPs are struggling to figure out the why and the where
> of many IP addresses or blocks that are suddenly being blacklisted or
> flagged as VPNs or as out of service area.
>
>
>
>
> I would really love to find, as Bryan said, if there is one particular IP
> reputation data provider who either got real aggressive recently or some
> (contaminated?) data was shared around. If there is I have no problem
> wading through their support processes to get it sorted but as it stands I
> just don't know who to call. It just has been very difficult to glean any
> actionable info and of course the normal support teams at the respective
> streaming providers mostly just are telling customers to call their ISP....
> as if every random ISP has some special backdoor contact to every
> streaming provider where we can just get problems resolved quickly and
> easily while we all have a good laugh at people being able to watch their
> preferred movies and shows.
>
>
> At least with email DNSBL filtering you usually get informed which DNSBL
> you are listed on and you can sort that out directly. In this case, the
> overall system of IP reputation based filtering seems still comparatively
> immature. The most I have gotten is after a very long phone call with
> someone at Hulu, they confirmed there is some issue affecting multiple
> networks and they are working on the issue and suggested I go through a
> whitelisting request process which may solve the problems but just for Hulu
> obviously.
>
>
> I have published and tried to register our own geofeed data as defined in
> RFC8805 with as many IP geolocation providers as possible.
>

So, RFC8805 is great and all, but it sure is annoying that you have to find
webforms for a whole heap-o-geolocation providers, and figure out how to
tell them where your geofeed file lives, etc.

Introducing RFC9092 - "Finding and Using Geofeed Data" (
https://datatracker.ietf.org/doc/rfc9092/ ). It slices, it dices...it even
makes Julienne fries!...
Actually, nope, it just allows you to publish, in IRR records, the location
of the RFC8805 format file. e.g:
$ whois -h whois.ripe.net 31.130.224.0 | egrep "inetnum|netname|remarks"
inetnum: 31.130.224.0 - 31.130.239.255
netname: ietf-meeting-network
remarks: Geofeed https://noc.ietf.org/geo/google.csv

The RFC has more examples, and also suggests an optional signature to
strongly authenticate the data in the geofeed files...

W
Disclaimer: author



> I have checked around to as many IP geolocation and IP reputations sites
> as I can find and everything is either clean/accurate or there is no query
> method open to the public for troubleshooting that I can find. This is just
> yet another example to me of immaturity on dealing with geolocation
> problems: just spinning my wheels in the dark with mud spraying everywhere.
> There does not appear to be any consistency on handling issues by the
> content providers using IP geolocation and reputation to filter. If the
> content providers want to reject client connections they ought to provide
> more actionable information in their errors messages for ISPs since they
> are all just telling the users to call their ISPs. It just feels like a
> vicious circle.
>
>
> So currently we are left with multiple video streaming providers that all
> started to flag many customers across many of our IP blocks all beginning
> earlier this month affecting customers, many of whom have been using the
> same IP address for years without issue until now. Do we try and
> decommission multiple IP subnets shuffle users over to new subnets and risk
> contaminating more subnets if this is an ongoing and regularly updated
> blacklist data set. This would further exacerbate the problem across
> yet more subnets that are getting scarcer. As a tangent, I am curious to
> see how IP geolocation and reputation systems are handling IPv6, I suppose
> they are just grouping larger and larger networks together into the same
> listings.
>
>
> Someone who knows something concrete about this current issue, please throw
> us ISPs a bone.
>
>
> With this email I feel like Leia recording a video plea for help
> addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my only
> hope.
>
>
>
>
>
> ------------------------------
> *From:* NANOG <nanog-bounces+jkrejci=usinternet.com@nanog.org> on behalf
> of Bryan Holloway <bryan@shout.net>
> *Sent:* Friday, August 27, 2021 4:56 PM
> *To:* Mike Hammett; John Alcock
> *Cc:* nanog@nanog.org
> *Subject:* Re: The great Netflix vpn debacle!
>
> Is there some new DB that major CDNs are using?
>
> We've been getting several reports of prefixes of ours being blocked,
> claiming to be VPNs, even though we've been using those subnets without
> incident for years.
>
> HBO, Netflix, and Hulu appear to be common denominators. I have to
> wonder if they're all siphoning misinformation off of some new DB
> somewhere ...
>
>
> On 8/14/21 1:45 AM, Mike Hammett wrote:
> > https://thebrotherswisp.com/index.php/geo-and-vpn/
> >
> >
> >
> > -----
> > Mike Hammett
> > Intelligent Computing Solutions <http://www.ics-il.com/>
> > <
> https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL
> <https://www.facebook.com/ICSIL%3E%3Chttps://plus.google.com/+IntelligentComputingSolutionsDeKalb%3E%3Chttps://www.linkedin.com/company/intelligent-computing-solutions%3E%3Chttps://twitter.com/ICSIL>
> >
> > Midwest Internet Exchange <http://www.midwest-ix.com/>
> > <
> https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix
> >
> > The Brothers WISP <http://www.thebrotherswisp.com/>
> > <
> https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg
> >
> > ------------------------------------------------------------------------
> > *From: *"John Alcock" <john@alcock.org>
> > *To: *nanog@nanog.org
> > *Sent: *Friday, August 13, 2021 2:11:16 PM
> > *Subject: *The great Netflix vpn debacle!
> >
> > Well,
> >
> > It happened. I have multiple subscribers calling in. They can not access
> > Netflix.
> >
> > Any contacts on list for Netflix that I can use to get my up blocks
> > whitelisted?
> >
> > John
> >
>


--
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
-- E. W. Dijkstra

> On Aug 31, 2021, at 11:16 , Bryan Holloway <bryan@shout.net> wrote:
>
> So I've made some progress, but not on the HBO front. (Hulu and Netflix have been responsive so far.)
>
> Tried the e-mail address on Mike Hammett and Co.'s handy web-page, but got no response after several days. Ironically we were able to get through to the "closed-captioning" department, but this isn't particularly useful.
>
> Does anyone have another possible contact for HBO folks to get some prefixes unflagged as "VPN"?

Try insulting them on Facebook. I did that several years ago in regards to wanting to be able to purchase HBO on-line without having to subscribe to it through a cable operator and shortly after, they launched a service to do just that.

(No, I’m not convinced that my insulting them on facebook had a causal effect, but it’s at least an amusing thought).

> To be clear, this is not a geolocate issue. At least according to the error our users are getting.

Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other.

Owen

* warren@kumari.net (Warren Kumari) [Tue 31 Aug 2021, 21:04 CEST]:
>So, RFC8805 is great and all, but it sure is annoying that you have to find
>webforms for a whole heap-o-geolocation providers, and figure out how to
>tell them where your geofeed file lives, etc.
>
>Introducing RFC9092 - "Finding and Using Geofeed Data" (
[..]

This won't help at all against geolocation vendors marking proxies and
VPN endpoints as such.


-- Niels.

Indeed.

Let me be 100% clear:

We are having issues with prefixes flagged as VPNs. They are not.

We are NOT having issues with prefixes and geolocation.



On 8/31/21 9:24 PM, Niels Bakker wrote:
> * warren@kumari.net (Warren Kumari) [Tue 31 Aug 2021, 21:04 CEST]:
>> So, RFC8805 is great and all, but it sure is annoying that you have to
>> find
>> webforms for a whole heap-o-geolocation providers, and figure out how to
>> tell them where your geofeed file lives, etc.
>>
>> Introducing RFC9092 - "Finding and Using Geofeed Data" (
> [..]
>
> This won't help at all against geolocation vendors marking proxies and
> VPN endpoints as such.
>
>
>     -- Niels.

On Tue, Aug 31, 2021 at 2:19 PM Bryan Holloway <bryan@shout.net> wrote:

> So I've made some progress, but not on the HBO front. (Hulu and Netflix
> have been responsive so far.)
>
> Tried the e-mail address on Mike Hammett and Co.'s handy web-page, but
> got no response after several days. Ironically we were able to get
> through to the "closed-captioning" department, but this isn't
> particularly useful.
>
> Does anyone have another possible contact for HBO folks to get some
> prefixes unflagged as "VPN"?
>

I see a CDN at least in the path of their web server:


> To be clear, this is not a geolocate issue. At least according to the
> error our users are getting.
>
> Thanks, all!
>
>
> On 8/28/21 1:51 AM, Justin Krejci wrote:
> > +1 on Bryan's message.
> >
> >
> > TL;DR
> >
> > It seems lots of ISPs are struggling to figure out the why and the where
> > of many IP addresses or blocks that are suddenly being blacklisted or
> > flagged as VPNs or as out of service area.
> >
> >
> >
> >
> > I would really love to find, as Bryan said, if there is one particular
> > IP reputation data provider who either got real aggressive recently or
> > some (contaminated?) data was shared around. If there is I have no
> > problem wading through their support processes to get it sorted but as
> > it stands I just don't know who to call. It just has been very difficult
> > to glean anyactionable info and of course the normal support teams at
> > the respective streaming providers mostly just are telling customers to
> > call their ISP.... as if every random ISP has some special backdoor
> > contact to every streaming provider where we can just get problems
> > resolved quickly and easily while we all have a good laugh at people
> > being able to watch their preferred movies and shows.
> >
> >
> > At least with email DNSBL filtering you usually get informed which DNSBL
> > you are listed on and you can sort that out directly. In this case, the
> > overall system of IP reputation based filtering seems still
> > comparatively immature. The most I have gotten is after a very long
> > phone call with someone at Hulu, they confirmed there is some issue
> > affecting multiple networks and they are working on the issue and
> > suggested I go through a whitelisting request process which may solve
> > the problems but just for Hulu obviously.
> >
> >
> > I have published and tried to register our own geofeed data as defined
> > in RFC8805 with as many IP geolocation providers as possible. I have
> > checked around to as many IP geolocation and IP reputations sites as I
> > can find and everything is either clean/accurate or there is no query
> > method open to the public for troubleshooting that I can find. This is
> > just yet another example to me of immaturity on dealing with geolocation
> > problems: just spinning my wheels in the dark with mud spraying
> > everywhere. There does not appear to be any consistency on handling
> > issues by the content providers using IP geolocation and reputation to
> > filter. If the content providers want to reject client connections they
> > ought to provide more actionable information in their errors messages
> > for ISPs since they are all just telling the users to call their ISPs.
> > It just feels like a vicious circle.
> >
> >
> > So currently we are left with multiple video streaming providers that
> > all started to flag many customers across many of our IP blocks all
> > beginning earlier this month affecting customers, many of whom have been
> > using the same IP address for years without issue until now. Do we try
> > and decommission multiple IP subnets shuffle users over to new subnets
> > and risk contaminating more subnets if this is an ongoing and
> > regularly updated blacklist data set. This would further exacerbate the
> > problem across yet more subnets that are getting scarcer. As a tangent,
> > I am curious to see how IP geolocation and reputation systems are
> > handling IPv6, I suppose they are just grouping larger and larger
> > networks together into the same listings.
> >
> >
> > Someone who knows something concrete about this current issue, please
> > throw us ISPs a bone.
> >
> >
> > With this email I feel like Leia recording a video plea for help
> > addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my
> > only hope.
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> > *From:* NANOG <nanog-bounces+jkrejci=usinternet.com@nanog.org> on
> behalf
> > of Bryan Holloway <bryan@shout.net>
> > *Sent:* Friday, August 27, 2021 4:56 PM
> > *To:* Mike Hammett; John Alcock
> > *Cc:* nanog@nanog.org
> > *Subject:* Re: The great Netflix vpn debacle!
> > Is there some new DB that major CDNs are using?
> >
> > We've been getting several reports of prefixes of ours being blocked,
> > claiming to be VPNs, even though we've been using those subnets without
> > incident for years.
> >
> > HBO, Netflix, and Hulu appear to be common denominators. I have to
> > wonder if they're all siphoning misinformation off of some new DB
> > somewhere ...
> >
> >
> > On 8/14/21 1:45 AM, Mike Hammett wrote:
> >> https://thebrotherswisp.com/index.php/geo-and-vpn/
> > <https://thebrotherswisp.com/index.php/geo-and-vpn/>
> >>
> >>
> >>
> >> -----
> >> Mike Hammett
> >> Intelligent Computing Solutions <http://www.ics-il.com/ <
> http://www.ics-il.com/>>
> >> <*MailScanner has detected a possible fraud attempt from
> > "www.facebook.com" claiming to be*
> > https://www.facebook.com/ICSIL><
> https://plus.google.com/+IntelligentComputingSolutionsDeKalb><
> https://www.linkedin.com/company/intelligent-computing-solutions><
> https://twitter.com/ICSIL
> > <https://www.facebook.com/ICSIL><
> https://plus.google.com/+IntelligentComputingSolutionsDeKalb><
> https://www.linkedin.com/company/intelligent-computing-solutions><
> https://twitter.com/ICSIL>>
> >> Midwest Internet Exchange <http://www.midwest-ix.com/ <
> http://www.midwest-ix.com/>>
> >> <*MailScanner has detected a possible fraud attempt from
> > "www.facebook.com" claiming to be*
> > https://www.facebook.com/mdwestix><
> https://www.linkedin.com/company/midwest-internet-exchange><
> https://twitter.com/mdwestix
> > <https://www.facebook.com/mdwestix><
> https://www.linkedin.com/company/midwest-internet-exchange><
> https://twitter.com/mdwestix>>
> >> The Brothers WISP <http://www.thebrotherswisp.com/ <
> http://www.thebrotherswisp.com/>>
> >> <https://www.facebook.com/thebrotherswisp><
> https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg
> > <https://www.facebook.com/thebrotherswisp><
> https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>>
> >> ------------------------------------------------------------------------
> >> *From: *"John Alcock" <john@alcock.org>
> >> *To: *nanog@nanog.org
> >> *Sent: *Friday, August 13, 2021 2:11:16 PM
> >> *Subject: *The great Netflix vpn debacle!
> >>
> >> Well,
> >>
> >> It happened. I have multiple subscribers calling in. They can not
> access
> >> Netflix.
> >>
> >> Any contacts on list for Netflix that I can use to get my up blocks
> >> whitelisted?
> >>
> >> John
> >>
>

Thanks, Owen ... good point.

Now hearing reports for these same prefixes with Disney+ too.

So the common denominators are:

HBO
Hulu
Netflix
Amazon Prime
Disney+

... there has _got_ to be some new-fangled DB somewhere. This all
started in the last month or so.

All of our RR objects, whois, DNS is solid ... dehr?

Fun times.


On 8/31/21 9:16 PM, Owen DeLong wrote:

[snip]

>
> Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other.
>
> Owen
>
>

I have customer subnet that does not work with Disney+ (pages never fully
load), other streaming services are ok.

Sent multiple emails to Disney over the last few months using info on the
Brothers WISP page. I got a response to the first email saying they would
“pass it along for investigation” and silence since then.

What else can any of us do?



On Tue, Aug 31, 2021 at 4:36 PM Bryan Holloway <bryan@shout.net> wrote:

> Thanks, Owen ... good point.
>
> Now hearing reports for these same prefixes with Disney+ too.
>
> So the common denominators are:
>
> HBO
> Hulu
> Netflix
> Amazon Prime
> Disney+
>
> ... there has _got_ to be some new-fangled DB somewhere. This all
> started in the last month or so.
>
> All of our RR objects, whois, DNS is solid ... dehr?
>
> Fun times.
>
>
> On 8/31/21 9:16 PM, Owen DeLong wrote:
>
> [snip]
>
> >
> > Geolocate and VPN or Not are often kind of tied to the same kinds of
> reporting services and it may well be that whatever provider HBO is using
> for one is also being used for the other.
> >
> > Owen
> >
> >
>
--
Jim Troutman,
jamesltroutman@gmail.com
Pronouns: he/him/his
207-514-5676 (cell)

Force the traffic to these companies to use IPv6. Advise your customers that
you are doing this, why you are doing this and what steps they need to take
to enable IPv6 on their equipment. Your customers can’t be in a worse position.

"Dear customer,
if you want to reach … you will need to enable IPv6 support in
your home network. The world ran out of enough IPv4 for everyone several years
back and we have been sharing IPv4 between customers to allow you to reach IPv4
only sites. The afore mentioned companies are now blocking IPv4 connections from
ISPs that have to share IPv4 addresses. To give you a better service we are
blocking IPv4 connections to these companies so you will get a more reliable service
over IPv6.

For instructions on how to enable IPv6 connectivity on you home router see this
page ….

If your home router does not support IPv6 you will need to upgrade it to one that does."

> On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
>
> Thanks, Owen ... good point.
>
> Now hearing reports for these same prefixes with Disney+ too.
>
> So the common denominators are:
>
> HBO
> Hulu
> Netflix
> Amazon Prime
> Disney+
>
> ... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
>
> All of our RR objects, whois, DNS is solid ... dehr?
>
> Fun times.
>
>
> On 8/31/21 9:16 PM, Owen DeLong wrote:
>
> [snip]
>
>> Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other.
>> Owen

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

You just broke 99% of the smart television sets in people’s homes, unfortunately.

That will resolve itself over time, of course, as sets are replaced, but anyone with
a set that is more than ~3 years old is mostly unlikely to have IPv6 support in it and
the vendors are ALL universally terrible about updating firmware.

As much as I like the idea (and that if a sufficient number of providers were willing
to do so, it might just serve as a forcing function to get firmware updates done),
I wouldn’t hold my breath and I suspect where there are competitive alternatives,
such a notice would be a boon to the competition.

Owen


> On Aug 31, 2021, at 15:15 , Mark Andrews <marka@isc.org> wrote:
>
> Force the traffic to these companies to use IPv6. Advise your customers that
> you are doing this, why you are doing this and what steps they need to take
> to enable IPv6 on their equipment. Your customers can’t be in a worse position.
>
> "Dear customer,
> if you want to reach … you will need to enable IPv6 support in
> your home network. The world ran out of enough IPv4 for everyone several years
> back and we have been sharing IPv4 between customers to allow you to reach IPv4
> only sites. The afore mentioned companies are now blocking IPv4 connections from
> ISPs that have to share IPv4 addresses. To give you a better service we are
> blocking IPv4 connections to these companies so you will get a more reliable service
> over IPv6.
>
> For instructions on how to enable IPv6 connectivity on you home router see this
> page ….
>
> If your home router does not support IPv6 you will need to upgrade it to one that does."
>
>> On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
>>
>> Thanks, Owen ... good point.
>>
>> Now hearing reports for these same prefixes with Disney+ too.
>>
>> So the common denominators are:
>>
>> HBO
>> Hulu
>> Netflix
>> Amazon Prime
>> Disney+
>>
>> ... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
>>
>> All of our RR objects, whois, DNS is solid ... dehr?
>>
>> Fun times.
>>
>>
>> On 8/31/21 9:16 PM, Owen DeLong wrote:
>>
>> [snip]
>>
>>> Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other.
>>> Owen
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
>

On 2021-09-01 01:13, Owen DeLong via NANOG wrote:
> You just broke 99% of the smart television sets in people’s homes, unfortunately.

If only everybody would not get a separate box, be that a AppleTV, a
Playstation, a XBox, Chromecast, ... or many other options.

Fun part being that it is hard to get a Dumb TV... though that is
primarily simply because of all the tracking non-sense in them that
makes them 'cheaper'... (still wonder how well that tracking stuff
complies with GDPR, I am thinking it does not ... Schrems anyone? :) )

> That will resolve itself over time, of course, as sets are replaced, but anyone with
> a set that is more than ~3 years old is mostly unlikely to have IPv6 support in it and
> the vendors are ALL universally terrible about updating firmware.

Quite a bit of Android TV out there too.... and we all know how well
that supports DHCPv6... ;)


Btw, geofeeds are getting fetched by some entities.

I've seen at least Dataprovider.com and DB-IP, others that fetch the CSV
don't bother to set UA to something unique, thus one sees curl + axios
coming by for instance, which does not tell much; but apparently we have
to give up on UAs anyway, even though they are great for things like
bots where one can have a wee bit of contact details in the line.

For instance DB-IP does regular updates of their code (rXXXX) and
fetches quite often:

2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:32:09 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6499"
2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:02:14 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6499"
2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:11:11 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6500"
2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:42:15 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6500"
2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:21:59:46 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501"
2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:01:24:28 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501"
2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:04:43:01 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501"
2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:05:11:05 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501"
2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:05:23:18 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6502"
2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:02:49:59 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6502"
2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:22:23 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6504"
2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:55:04 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6504"
2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:21:26 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6507"
2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:51:20 +0000] "GET
/geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6507"

and looking up the IPs in DB-IP.com indeed nicely shows the locations
configured in the geofeed, thus that is succesful.

But I am fairly sure that they will mark things as VPN if they get a
sniff of that; though "VPN" seems to mean "Virtual Public Network", not
the Private of days gone...

Greets,
Jeroen

"on you home router"

Is that still common anymore?




-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

----- Original Message -----

From: "Mark Andrews" <marka@isc.org>
To: "Bryan Holloway" <bryan@shout.net>
Cc: nanog@nanog.org
Sent: Tuesday, August 31, 2021 5:15:18 PM
Subject: Re: The great Netflix vpn debacle!

Force the traffic to these companies to use IPv6. Advise your customers that
you are doing this, why you are doing this and what steps they need to take
to enable IPv6 on their equipment. Your customers can’t be in a worse position.

"Dear customer,
if you want to reach … you will need to enable IPv6 support in
your home network. The world ran out of enough IPv4 for everyone several years
back and we have been sharing IPv4 between customers to allow you to reach IPv4
only sites. The afore mentioned companies are now blocking IPv4 connections from
ISPs that have to share IPv4 addresses. To give you a better service we are
blocking IPv4 connections to these companies so you will get a more reliable service
over IPv6.

For instructions on how to enable IPv6 connectivity on you home router see this
page ….

If your home router does not support IPv6 you will need to upgrade it to one that does."

> On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
>
> Thanks, Owen ... good point.
>
> Now hearing reports for these same prefixes with Disney+ too.
>
> So the common denominators are:
>
> HBO
> Hulu
> Netflix
> Amazon Prime
> Disney+
>
> ... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
>
> All of our RR objects, whois, DNS is solid ... dehr?
>
> Fun times.
>
>
> On 8/31/21 9:16 PM, Owen DeLong wrote:
>
> [snip]
>
>> Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other.
>> Owen

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

> On Aug 31, 2021, at 16:32 , Jeroen Massar <jeroen@massar.ch> wrote:
>
> On 2021-09-01 01:13, Owen DeLong via NANOG wrote:
>> You just broke 99% of the smart television sets in people’s homes, unfortunately.
>
> If only everybody would not get a separate box, be that a AppleTV, a Playstation, a XBox, Chromecast, ... or many other options.
>
> Fun part being that it is hard to get a Dumb TV... though that is primarily simply because of all the tracking non-sense in them that makes them 'cheaper'... (still wonder how well that tracking stuff complies with GDPR, I am thinking it does not ... Schrems anyone? :) )

Interestingly, no, it’s easy to get a “dumb TV” these days… We just call them “monitors”. I have two of them (one on either side) of my iMAC as I write this. (Makes for great X-Plane flying visuals.

On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).

>
>> That will resolve itself over time, of course, as sets are replaced, but anyone with
>> a set that is more than ~3 years old is mostly unlikely to have IPv6 support in it and
>> the vendors are ALL universally terrible about updating firmware.
>
> Quite a bit of Android TV out there too.... and we all know how well that supports DHCPv6... ;)

Does DHCPv6 really matter in a home? Really? I mean, I understand the NAC argument in the
corporate LAN environment, but the average household user can’t even spell NAC, let alone
implement an 802.1X stack.

> Btw, geofeeds are getting fetched by some entities.

I presume geofeeds are getting fetched by many entities, but I’m not sure what the point of that is.

> I've seen at least Dataprovider.com and DB-IP, others that fetch the CSV don't bother to set UA to something unique, thus one sees curl + axios coming by for instance, which does not tell much; but apparently we have to give up on UAs anyway, even though they are great for things like bots where one can have a wee bit of contact details in the line.

Yeah, Safari can now be trained to lie about it’s UA in developer mode easily. I presume this is true in Crome, Firefox, and just about anything else as well. It’s behind the drop-down panel to keep the adults out of the VCR, but it’s easily visible to any kid that would know how to program a VCR.


> For instance DB-IP does regular updates of their code (rXXXX) and fetches quite often:
>
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:32:09 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6499"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [23/Aug/2021:09:02:14 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6499"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:11:11 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6500"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:09:42:15 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6500"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [24/Aug/2021:21:59:46 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:01:24:28 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:04:43:01 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [25/Aug/2021:05:11:05 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6501"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:05:23:18 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6502"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [26/Aug/2021:02:49:59 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6502"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:22:23 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6504"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [27/Aug/2021:03:55:04 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6504"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:21:26 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6507"
> 2a00:18a8:6:40:dcad:beff:feef:100 - - [28/Aug/2021:03:51:20 +0000] "GET /geofeed.csv HTTP/1.0" 200 827 "-" "db-ip geofeed updater r6507"
>
> and looking up the IPs in DB-IP.com indeed nicely shows the locations configured in the geofeed, thus that is succesful.

I guess, but what do they do in terms of their “It’s a VPN” or “Not a VPN” service?

> But I am fairly sure that they will mark things as VPN if they get a sniff of that; though "VPN" seems to mean "Virtual Public Network", not the Private of days gone...

A little of both these days.

I’m still holding out for DOHOTOROUDPOIPOGREOIPSECOIP for name resolution.

(I’m really not, just my twisted brand of cynical disgust at the everything->HTTPs trend)


Owen

If Netflix, et al. are not accepting connections from CGNs they are ALREADY obsolete.

Yes, I know it sucks to have to tell your customers that they just bought obsolete
equipment. Plug in Chromecast, Apple TV, and they can get back that functionality
with a product that does actually get upgraded.

Mark

> On 1 Sep 2021, at 09:13, Owen DeLong <owen@delong.com> wrote:
>
> You just broke 99% of the smart television sets in people’s homes, unfortunately.
>
> That will resolve itself over time, of course, as sets are replaced, but anyone with
> a set that is more than ~3 years old is mostly unlikely to have IPv6 support in it and
> the vendors are ALL universally terrible about updating firmware.
>
> As much as I like the idea (and that if a sufficient number of providers were willing
> to do so, it might just serve as a forcing function to get firmware updates done),
> I wouldn’t hold my breath and I suspect where there are competitive alternatives,
> such a notice would be a boon to the competition.
>
> Owen
>
>
>> On Aug 31, 2021, at 15:15 , Mark Andrews <marka@isc.org> wrote:
>>
>> Force the traffic to these companies to use IPv6. Advise your customers that
>> you are doing this, why you are doing this and what steps they need to take
>> to enable IPv6 on their equipment. Your customers can’t be in a worse position.
>>
>> "Dear customer,
>> if you want to reach … you will need to enable IPv6 support in
>> your home network. The world ran out of enough IPv4 for everyone several years
>> back and we have been sharing IPv4 between customers to allow you to reach IPv4
>> only sites. The afore mentioned companies are now blocking IPv4 connections from
>> ISPs that have to share IPv4 addresses. To give you a better service we are
>> blocking IPv4 connections to these companies so you will get a more reliable service
>> over IPv6.
>>
>> For instructions on how to enable IPv6 connectivity on you home router see this
>> page ….
>>
>> If your home router does not support IPv6 you will need to upgrade it to one that does."
>>
>>> On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
>>>
>>> Thanks, Owen ... good point.
>>>
>>> Now hearing reports for these same prefixes with Disney+ too.
>>>
>>> So the common denominators are:
>>>
>>> HBO
>>> Hulu
>>> Netflix
>>> Amazon Prime
>>> Disney+
>>>
>>> ... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
>>>
>>> All of our RR objects, whois, DNS is solid ... dehr?
>>>
>>> Fun times.
>>>
>>>
>>> On 8/31/21 9:16 PM, Owen DeLong wrote:
>>>
>>> [snip]
>>>
>>>> Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other.
>>>> Owen
>>
>> --
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
>>
>

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

On 8/31/21 16:32, Jeroen Massar via NANOG wrote:

> Fun part being that it is hard to get a Dumb TV... though that is
> primarily simply because of all the tracking non-sense in them that
> makes them 'cheaper'... (still wonder how well that tracking stuff
> complies with GDPR, I am thinking it does not ... Schrems anyone? :) )

Just get a "smart" TV, don't connect it to the Internet, and use its
HDMI ports for your cable box, Apple TV, etc. and/or antenna input for
local off-air reception.

--
Jay Hennigan - jay@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

On 8/31/21 5:13 PM, Jay Hennigan wrote:
> On 8/31/21 16:32, Jeroen Massar via NANOG wrote:
>
>> Fun part being that it is hard to get a Dumb TV... though that is
>> primarily simply because of all the tracking non-sense in them that
>> makes them 'cheaper'... (still wonder how well that tracking stuff
>> complies with GDPR, I am thinking it does not ... Schrems anyone? :) )
>
> Just get a "smart" TV, don't connect it to the Internet, and use its
> HDMI ports for your cable box, Apple TV, etc. and/or antenna input for
> local off-air reception.
>

Yeah, until TV manufacturers actually start incorporating, oh say,
Google tv (which is just a form of Android) they are always going to be
inferior. Having the TV just be a monitor is a feature, not a bug. It's
a lot cheaper to upgrade a $50 hdmi based dongle than the whole TV,
doubly so since manufacturers have a bad reputation  for not supporting
upgrades beyond the sell date. I have no idea whether any of the
external ones support v6 though.

One thing that might be nice is for routers to internally number using
v6 in preference to v4 and NAT that (if needed). Then you can easily
tell what is still a laggard. My wifi cams might be poorly supported,
but they don't need to interoperate with much on the Internet.

Mike, Google TV has been pretty nice since the Amazon feud finally ended
though I hate that the protocol is still pretty proprietary

We don’t NAT IPv4 and we’ve had a few new issues with Netflix (had to fix it a few years ago too). They resolved it this time, thankfully!

> On Aug 31, 2021, at 18:15, Mark Andrews <marka@isc.org> wrote:
>
> ?Force the traffic to these companies to use IPv6. Advise your customers that
> you are doing this, why you are doing this and what steps they need to take
> to enable IPv6 on their equipment. Your customers can’t be in a worse position.
>
> "Dear customer,
> if you want to reach … you will need to enable IPv6 support in
> your home network. The world ran out of enough IPv4 for everyone several years
> back and we have been sharing IPv4 between customers to allow you to reach IPv4
> only sites. The afore mentioned companies are now blocking IPv4 connections from
> ISPs that have to share IPv4 addresses. To give you a better service we are
> blocking IPv4 connections to these companies so you will get a more reliable service
> over IPv6.
>
> For instructions on how to enable IPv6 connectivity on you home router see this
> page ….
>
> If your home router does not support IPv6 you will need to upgrade it to one that does."
>
>> On 1 Sep 2021, at 06:36, Bryan Holloway <bryan@shout.net> wrote:
>>
>> Thanks, Owen ... good point.
>>
>> Now hearing reports for these same prefixes with Disney+ too.
>>
>> So the common denominators are:
>>
>> HBO
>> Hulu
>> Netflix
>> Amazon Prime
>> Disney+
>>
>> ... there has _got_ to be some new-fangled DB somewhere. This all started in the last month or so.
>>
>> All of our RR objects, whois, DNS is solid ... dehr?
>>
>> Fun times.
>>
>>
>> On 8/31/21 9:16 PM, Owen DeLong wrote:
>>
>> [snip]
>>
>>> Geolocate and VPN or Not are often kind of tied to the same kinds of reporting services and it may well be that whatever provider HBO is using for one is also being used for the other.
>>> Owen
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
>

On 8/31/21 4:40 PM, Owen DeLong via NANOG wrote:
> On the other hand, the last time I went looking for a 27” monitor, I ended up buying a 44” smart television because it was a cheaper HDMI 4K monitor than the 27” alternatives that weren’t televisions. (It also ended up being cheaper than the 27” televisions which didn’t do 4K only 1080p, but I digress).

Back when 4k just came out and they were really expensive, I found a
"TV" by an obscure brand called Seiki which was super cheap. It was a
39" model. It's just a monitor to me, but I have gotten really used to
its size and not needing two different monitors (and the gfx card to
support it). What's distressing is that I was looking at what would
happen if I needed to replace it and there is this gigantic gap where
there are 30" monitors (= expensive) and 50" TV's which are relatively
cheap. The problem is that 40" is sort of Goldielocks with 4k where 50"
is way too big and 30" is too small. Thankfully it's going on 10 years
old and still working fine.

Mike

Also don't get a smart litterbox... ;-)

Yeah that's a thing and connects to the local Wi-Fi. Kinda want to DMZ that mutha and wait for a script kiddie to turn one of my cats upside down...

dubs litter-robot.com

--
J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.

> On Aug 31, 2021, at 19:16, Jay Hennigan <jay@west.net> wrote:
>
> ?On 8/31/21 16:32, Jeroen Massar via NANOG wrote:
>
>> Fun part being that it is hard to get a Dumb TV... though that is primarily simply because of all the tracking non-sense in them that makes them 'cheaper'... (still wonder how well that tracking stuff complies with GDPR, I am thinking it does not ... Schrems anyone? :) )
>
> Just get a "smart" TV, don't connect it to the Internet, and use its HDMI ports for your cable box, Apple TV, etc. and/or antenna input for local off-air reception.
>
> --
> Jay Hennigan - jay@west.net
> Network Engineering - CCIE #7880
> 503 897-8550 - WB6RDV

On 8/31/21 20:18, J. Hellenthal wrote:
> Also don't get a smart litterbox... ;-)
>
> Yeah that's a thing and connects to the local Wi-Fi. Kinda want to DMZ that mutha and wait for a script kiddie to turn one of my cats upside down...
>
> dubs litter-robot.com

I have one, the cat loves it and it's very easy to clean. No need to
enable the wi-fi. Front panel indicators are more than sufficient.
"Wi-fi enabled" on things that don't need wi-fi is a marketing gimmick
that's way over-used.

Rule 37.024 subsection 7: Cats are always on-topic.

--
Jay Hennigan - jay@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV