On Fri, Aug 27, 2021 at 7:54 PM Justin Krejci <JKrejci@usinternet.com> wrote:

+1 on Bryan's message. 


TL;DR

It seems lots of ISPs are struggling to figure out the why and the where of many IP addresses or blocks that are suddenly being blacklisted or flagged as VPNs or as out of service area.




I would really love to find, as Bryan said, if there is one particular IP reputation data provider who either got real aggressive recently or some (contaminated?) data was shared around. If there is I have no problem wading through their support processes to get it sorted but as it stands I just don't know who to call. It just has been very difficult to glean any actionable info and of course the normal support teams at the respective streaming providers mostly just are telling customers to call their ISP.... as if every random ISP has some special backdoor contact to every streaming provider where we can just get problems resolved quickly and easily while we all have a good laugh at people being able to watch their preferred movies and shows


At least with email DNSBL filtering you usually get informed which DNSBL you are listed on and you can sort that out directly. In this case, the overall system of IP reputation based filtering seems still comparatively immature. The most I have gotten is after a very long phone call with someone at Hulu, they confirmed there is some issue affecting multiple networks and they are working on the issue and suggested I go through a whitelisting request process which may solve the problems but just for Hulu obviously.


I have published and tried to register our own geofeed data as defined in RFC8805 with as many IP geolocation providers as possible. 


So, RFC8805 is great and all, but it sure is annoying that you have to find webforms for a whole heap-o-geolocation providers, and figure out how to tell them where your geofeed file lives, etc.

Introducing RFC9092 - "Finding and Using Geofeed Data" ( https://datatracker.ietf.org/doc/rfc9092/ ). It slices, it dices...it even makes Julienne fries!... 
Actually, nope, it just allows you to publish, in IRR records, the location of the RFC8805 format file. e.g:
$ whois -h whois.ripe.net 31.130.224.0 | egrep "inetnum|netname|remarks"
inetnum:        31.130.224.0 - 31.130.239.255
netname:        ietf-meeting-network
remarks:        Geofeed https://noc.ietf.org/geo/google.csv

The RFC has more examples, and also suggests an optional signature to strongly authenticate the data in the geofeed files...

W
Disclaimer: author

 

I have checked around to as many IP geolocation and IP reputations sites as I can find and everything is either clean/accurate or there is no query method open to the public for troubleshooting that I can find. This is just yet another example to me of immaturity on dealing with geolocation problems: just spinning my wheels in the dark with mud spraying everywhere. There does not appear to be any consistency on handling issues by the content providers using IP geolocation and reputation to filter. If the content providers want to reject client connections they ought to provide more actionable information in their errors messages for ISPs since they are all just telling the users to call their ISPs. It just feels like a vicious circle.


So currently we are left with multiple video streaming providers that all started to flag many customers across many of our IP blocks all beginning earlier this month affecting customers, many of whom have been using the same IP address for years without issue until now. Do we try and decommission multiple IP subnets shuffle users over to new subnets and risk contaminating more subnets if this is an ongoing and regularly updated blacklist data set. This would further exacerbate the problem across yet more subnets that are getting scarcer. As a tangent, I am curious to see how IP geolocation and reputation systems are handling IPv6, I suppose they are just grouping larger and larger networks together into the same listings.


Someone who knows something concrete about this current issue, please throw us ISPs a bone.


With this email I feel like Leia recording a video plea for help addressed to Obi-Wan Kenobi.... help me Nanog Community... you're my only hope.






From: NANOG <nanog-bounces+jkrejci=usinternet.com@nanog.org> on behalf of Bryan Holloway <bryan@shout.net>
Sent: Friday, August 27, 2021 4:56 PM
To: Mike Hammett; John Alcock
Cc: nanog@nanog.org
Subject: Re: The great Netflix vpn debacle!
 
Is there some new DB that major CDNs are using?

We've been getting several reports of prefixes of ours being blocked,
claiming to be VPNs, even though we've been using those subnets without
incident for years.

HBO, Netflix, and Hulu appear to be common denominators. I have to
wonder if they're all siphoning misinformation off of some new DB
somewhere ...


On 8/14/21 1:45 AM, Mike Hammett wrote:
> https://thebrotherswisp.com/index.php/geo-and-vpn/
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> ------------------------------------------------------------------------
> *From: *"John Alcock" <john@alcock.org>
> *To: *nanog@nanog.org
> *Sent: *Friday, August 13, 2021 2:11:16 PM
> *Subject: *The great Netflix vpn debacle!
>
> Well,
>
> It happened. I have multiple subscribers calling in. They can not access
> Netflix.
>
> Any contacts on list for Netflix that I can use to get my up blocks
> whitelisted?
>
> John
>


--
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
  -- E. W. Dijkstra