Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - Netflix blocking Canadians who are NOT using a VPN/proxy/unblocker 1

kwzombie writes: http://www.adventuresinleanit....

For a couple of days my wife has been complaining Netflix hasn’t been working on our Nvidia Shield TV device (which I LOVE, by the way). So last night after she is going through full-on House-of-Cards withdrawal, I verify on the devices in our home that we are indeed being blocked because Netflix’ system claims we are using a proxy.

Backgrounder: as most of you know, I work in IT, as some of you may not: I started one of Ontario’s first Internet Service Providers in the mid 90s. I know a thing or two about the Internet, networking, proxies, VPNs, etc.

I phoned their support. They seem like nice folks but they are woefully underequipped to deal with and troubleshoot what happened to me. And they aren’t straightforward with any answers from a technical perspective. Although, the “supervisor” told me he was “Netflix certified” (congratulations by the way, I’m sure that will work out great on your resume). I was explaining that my wife was pretty p’d off, they had me try to stream on another device, and after it too said it was blocked they concluded without a doubt I was using a proxy. “Or my ISP was”. Huh? At this point, I’m furious and tell them to cancel the service. If Netflix is going to go all commando and start indiscriminately blocking people with no way to resolve “false positives” then it is a company I no longer want to deal with, there are alternatives.

So in postmortem I’m trying to decide what exactly had me flagged as using a proxy..

1) I’m using a static IP from my Internet service provider, the whois data shows that it is a Toronto registered IP range. However, it is a small ISP provider. The Netflix support bros balked at my suggestion it could be an IP address misclassification, and told me if it was I had no avenue to resolve this “except through my ISP”.

2) I know my ISP very well, in fact, I have admin access to the Ciscos they use for their L2TP tunnel termination from Bell Canada’s AGAS system (for providing DSL local loop access), and I’ve helped them re-implement their authentication system. I also know the datacentre they are located in at 151 Front Street, and the provider they use, and they are most definitely NOT using a proxy or any other kind of method to falsify the geographic location of their customers.

3) I DO have a VPN at home for my day job (I work from home) – however, it is behind a NAT firewall and only two devices are plugged into it: my work laptop, and my Cisco VoIP phone, and it has no wireless.

4) And this one is interesting, maybe. The reason I have a static IP address from my ISP is for an IPSEC tunnel to a nearby datacentre where I have a bunch of servers colocated. The tunnel provides me with connectivity to my private network at the site for management, and also to do things like offsite backups.

So there are two possibilities here (neither of which I can seem to put forward to them because they don’t appear to have a publicly listed email support address, and their phone support people are very ignorant, clearly). Possibility A) is that they have misclassified the IP address as a “colo IP” – since that’s where proxy services usually put their hardware, or possibility B) they run NMAP or some other scanner against the IPs their users connect from and look for VPN ports. In this case, it is probably that isakmp Port 500 UDP shows up on my static IP address.

In either case, to avoid false positives it would be prudent on their end to check to see how many UNIQUE users are authenticating from the same IP address. A lot? Yes, then it’s probably either a massive wifi hotspot with a lot of people using Netflix, or a proxy. We use one account here, maybe two if my daughter is visiting.

Feel free to comment below, and if any media wish to reach out to me for a demonstration or additional evidence, feel free. In my opinion it is fraud to cut someone off of a service they are in no way misusing by way of a baseless accusation that they will not provide an avenue of resolution for, and a service for which I’ve already paid up to May 5. I guess they are so big now they just feel they are beyond reproach. Time for them to be disrupted by someone else I guess.

Comment Re:My opinion on the matter. (Score 1) 826

I'm sure I'm feeding a troll now, your post seems intent on twisting things around in order to make your convoluted point.

The whole "under 1024 is safe" is generally regarded for connecting *to* ports under 1024, not receiving connections from them. Yes, some services (NFS in particular) want to trust incoming connections from 1024 but they're in the minority. The most common case is trusting a service listening on ports less than 1024 as being set up by the admin and not some random user. But you knew this.

You also know that if you've got admin access, you *are* root. This also is not news, but you seem to feel that I'm concerned that you can sudo from your own system and make it look like you're trustworthy on my network. If I was so inclined as to trust port numbers alone (and for the record, I don't trust incoming port numbers at all), you can bet I'd also be whitelisting IPs and MACs at the switch level (i.e. locking MACs to physical switch ports) and have alerting whenever a non-sanctioned connection was made.

That would be, however, a very special network topology and not something I'd personally admin. Nice straw man, though.

Comment Re:My opinion on the matter. (Score 1) 826

Wait: ejabberd wants my http and https ports in addition to running jabber on 5222? no thanks. It sounds like ejabberd breaks the entire UNIX concept as well. Give me some CGIs to run through my own damn httpd instead of inventing another one and get on with the business of running jabberd.

I know you didn't write it, but jeez... why not include a telnetd or sshd in the binary as well?

Comment Re: My opinion on the matter. (Score 1) 826

No, I'm serious, ask "why does this have to be the way it is" other than inertia? The age of booting a tiny root disk and attaching /usr from a network are long, long gone.

No, no they're not.

Thin clients and network booting are still very much alive and well. Test systems are largely virtualized now, but network booting still has its place in homogenous networks or office/classroom settings where you want a unified filesystem layout. A common /usr is an easy way to do this.

I don't know much about systemd at all, but I do recognize how bad an idea it is to make such huge changes quickly and without much apparent thought at being able to continue to do the things that could have easily been done before.

Comment From a non-driver perspective (Score 4, Insightful) 218

I stopped driving 2 years ago, voluntarily. My SUV cost me around $800 a month in replacement costs. Another $200 in maintenance. I was burning through $12,000 a year in gas. I spent an average of 1000 hours a year in the car, for work, for groceries, for fun. 999 of those hours were spent focused on the road. I hate talking on the phone while driving.

Consider my annual total: about $25,000 + 1000 hours of my time. For the "privilege" to sit in Chicago traffic.

I'm a consultant. I now use UberX every day. I also use public transportation when I'm not in a rush or when someone isn't paying me to swing by.

I spent about $5000 a year on UberX. $100 a week. While I am being driven around, I can respond to emails, make phone calls. I bill for that time. When a customer wants me to visit them, I pass the UberX fee on to them plus 50%. No one scoffs at it. Some customers will realize the cost of me visiting them is more expensive than just consulting over the phone.

I figure I'm $20,000 ahead in vehicle costs, plus I've literally gained another 600-700 hours of phone and email consulting time a year. Call it $40,000 ahead.

I don't take cabs, because they don't like to come to where my HQ is (ghetto neighborhood). UberX comes 24/7, within minutes.

My little sister had an emergency surgery a few months ago. I immediately hired an UberX driver, who took me from the office, to the hospital. He waited. We then took my sister to her apartment to get her cats and clothes, then he took us to the pharmacy. After, he drove us to our dad's house to drop her off, in the suburbs of Chicago. Then he drove me back to work. 3 hours, $90. I can't get a cab to wait even 10 minutes while I drop off a package at UPS. Forget about them taking credit cards.

UberX charges my Paypal account and they're off. If they're busy, they charge a surcharge. I can pick it or take public transportation.

I know why the Chicago Taxi authorities want Uber gone. But a guy like me is their best customer. Next year I'll budget $10,000 a year for UberX, and it will make my life so much more enjoyable and profitable.

Driving yourself around is dead. It's inefficient. Ridesharing is "libertarian" because it is truly freeing.

Comment Re: Almost first post! (Score 1) 114

I didn't think this was possible (as I run NoScript, Firefox and Linux), but apparently it might be, under IE on Windows, with WMI.

var locator = new ActiveXObject("WbemScripting.SWbemLocator");
var service = locator.ConnectServer(".");

// Get the info
var properties = service.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration");
var e = new Enumerator (properties);

Jesus, that looks horrible. I would hope that you have to add sites to your Local Intranet zone or whatever it's called these days before it'll work.

Comment Re:Redmine (Score 1) 170

I've set up my entire business around Redmine. There are some pretty impressive plugins to handle blogs, CMS, CRM and even a WYSIWIG editor to help "normal" people format tables, lists and text but who would normally be put off by trying to learn Textile. SCM and issue tracking is integrated, there are time trackers and forums, GANTT charting... it's a great resource.

Best of all, it's database agnostic and open-source.

Slashdot Top Deals

"355/113 -- Not the famous irrational number PI, but an incredible simulation!"

Working...