On 2016-06-08 17:58, Nicholas Suan wrote:
On Wednesday, June 8, 2016, Baldur Norddahl <baldur.norddahl@gmail.com <mailto:baldur.norddahl@gmail.com>> wrote:
A start would be blocking 2620:108:700f::/64 as discovered by a simple DNS lookup on netflix.com <http://netflix.com>. I am not running a HE tunnel (I got native IPv6) and I am not blocked from accessing Netflix over IPv6 so can't really try it. I am curious however that none of the vocal HE tunnel users here appears to have tried even simple counter measures such as a simple firewall rule to drop traffic to that one /64 prefix.
That's a start but Netflix has a few more prefixes than that: http://bgp.he.net/AS2906#_prefixes6
They do but that is irrelevant. Blocking just that one /64 prefix works because that is where their tunnel detector apparently lives. I think we are at the point where we can say it would be nice if Netflix could just redirect users from IPv6 to IPv4 when a tunnel is suspected. They do deserve flames for being bad guys here when they have such an easy out. But you can also just fix the issue yourself with a simple firewall rule. Regards, Baldur