Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | ... | 70
4025 posts

Uber Geek
+1 received by user: 1076

Trusted

  Reply # 1542417 26-Apr-2016 20:16
One person supports this post
Send private message

Just a heads up to anyone using these services and fighting the unblocking war, some of the guidance given by these services very much looks like taking a sledgehammer to a problem until the wall comes down with no precision at all.

 

For example Unlocator has given guidance to its users to block IP ranges. In the past this was just google, but someone asked me for assistance with setting up their latest attempt at defeating the unblocking-blockers and it involves blocking entire subnets owned Netflix and a few other affiliated networks (I assume), and using rules to block /30, /24 and even /16.

 

This wouldn't be a sledgehammer solution if they owned a whole /16, it would indeed be fitting. But checking on just three of these /16 (255.255.0.0) rules, they only needed to block a /18, a /17 and a /20. The latter is 4096 addresses, and their /16 null route subnetting rule is going to block 65536 addresses instead, of hundreds of unrelated networks.

 

Changing your DNS to a third party (and therefore trusting your device/entire network with them) is one thing, but trusting these guys who are suggesting to randomly disable entire chunks of the IPv4 space is very concerning, as it just screams ignorance of how networking actually works.

 

In fact a great target of a malicious actor would be going after one of these services, still yet to see that happen publicly at least anyway.


91 posts

Master Geek
+1 received by user: 13


  Reply # 1542579 27-Apr-2016 09:42
Send private message

eXDee:

 

Just a heads up to anyone using these services and fighting the unblocking war, some of the guidance given by these services very much looks like taking a sledgehammer to a problem until the wall comes down with no precision at all.

 

For example Unlocator has given guidance to its users to block IP ranges. In the past this was just google, but someone asked me for assistance with setting up their latest attempt at defeating the unblocking-blockers and it involves blocking entire subnets owned Netflix and a few other affiliated networks (I assume), and using rules to block /30, /24 and even /16.

 

This wouldn't be a sledgehammer solution if they owned a whole /16, it would indeed be fitting. But checking on just three of these /16 (255.255.0.0) rules, they only needed to block a /18, a /17 and a /20. The latter is 4096 addresses, and their /16 null route subnetting rule is going to block 65536 addresses instead, of hundreds of unrelated networks.

 

 

 

 

I do agree with what you are saying - the only issue is that to fully accurately describe the netflix range requires many blocks;

 

https://ipinfo.io/AS2906#blocks

 

I'll try the full range in on my er-lite sometime this week to see if it can handle it.

 

I was previously just blocking outbound TCP/UDP port 53 to the ranges you are referring to but last night for the first time, every piece of content on Netflix US on the Nvidia Shield TV was unplayable using unotelly Test region5 (all were giving a proxy detected message) - this is despite rewriting google and open dns.

 

It is getting to the stage where I can't really be bothered with it anymore and are considering just switching back to the NZ region or cancelling my netflix subscription all together.

 

 


4025 posts

Uber Geek
+1 received by user: 1076

Trusted

  Reply # 1542619 27-Apr-2016 10:24
Send private message

If i was doing this i'd probably grab a cheap virtual server (eg digitalocean), set up my own VPN solution on it, and put a particular streaming device on a separate VLAN with default gateway out the VPN, so the only path is through that. I haven't tested this but the concept seems sound enough. You lose the national caches but given how things have been going I wouldn't be surprised if that becomes no longer a possibility with a standard unblocker either.


74 posts

Master Geek
+1 received by user: 5


  Reply # 1542635 27-Apr-2016 10:57
Send private message

Good news! I think?

 

 

 

Haven't tried other regions on unotelly Netflix but I can now watch from US and Canada libraries. I try others when I get home tonight.


4411 posts

Uber Geek
+1 received by user: 1924

Trusted
Subscriber

  Reply # 1542662 27-Apr-2016 11:23
2 people support this post
Send private message

eXDee:

 

If i was doing this i'd probably grab a cheap virtual server (eg digitalocean), set up my own VPN solution on it, and put a particular streaming device on a separate VLAN with default gateway out the VPN, so the only path is through that. I haven't tested this but the concept seems sound enough. You lose the national caches but given how things have been going I wouldn't be surprised if that becomes no longer a possibility with a standard unblocker either.

 

 

This is a valid solution, but many/most hosting ranges are already blocked. If you want to discuss this option, get yourself onto the closed thread. :-)





iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


Webhead
2022 posts

Uber Geek
+1 received by user: 645

Moderator
Trusted
Lifetime subscriber

  Reply # 1542671 27-Apr-2016 11:38
Send private message

eXDee:

 

Just a heads up to anyone using these services and fighting the unblocking war, some of the guidance given by these services very much looks like taking a sledgehammer to a problem until the wall comes down with no precision at all.

 

For example Unlocator has given guidance to its users to block IP ranges. In the past this was just google, but someone asked me for assistance with setting up their latest attempt at defeating the unblocking-blockers and it involves blocking entire subnets owned Netflix and a few other affiliated networks (I assume), and using rules to block /30, /24 and even /16.

 

 

Unotelly is suggesting the same thing. They suggest/suggested (can't find the UnoTelly post on this anymore) blocking huge chunks of IP ranges.





91 posts

Master Geek
+1 received by user: 13


  Reply # 1542724 27-Apr-2016 12:40
Send private message

jarledb:

 

eXDee:

 

Just a heads up to anyone using these services and fighting the unblocking war, some of the guidance given by these services very much looks like taking a sledgehammer to a problem until the wall comes down with no precision at all.

 

For example Unlocator has given guidance to its users to block IP ranges. In the past this was just google, but someone asked me for assistance with setting up their latest attempt at defeating the unblocking-blockers and it involves blocking entire subnets owned Netflix and a few other affiliated networks (I assume), and using rules to block /30, /24 and even /16.

 

 

Unotelly is suggesting the same thing. They suggest/suggested (can't find the UnoTelly post on this anymore) blocking huge chunks of IP ranges.

 

 

There are still support notes on Unotelly's site detailing similar ranges;

 

http://help.unotelly.com/support/solutions/articles/192836-why-do-i-need-to-block-public-dns-lookups-

 

 

 

For my setup I've specified the full AS2906 ranges in entiriety on my er-lite and blocking outbound UDP/TCP port 53 to them so I'll check tonight to see how this goes - it was a pain putting in the following though ;-)

 

I'm sure anyone with Ubiquity kit will recongnise the syntax ;-)

 

address-group NetflixAS2906 {
address 23.246.0.0/18
address 23.246.2.0/24
address 23.246.3.0/24
address 23.246.4.0/24
address 23.246.5.0/24
address 23.246.6.0/24
address 23.246.7.0/24
address 23.246.8.0/24
address 23.246.9.0/24
address 23.246.10.0/24
address 23.246.11.0/24
address 23.246.12.0/24
address 23.246.13.0/24
address 23.246.14.0/24
address 23.246.15.0/24
address 23.246.16.0/24
address 23.246.17.0/24
address 23.246.18.0/24
address 23.246.20.0/24
address 23.246.22.0/24
address 23.246.23.0/24
address 23.246.24.0/24
address 23.246.25.0/24
address 23.246.26.0/24
address 23.246.27.0/24
address 23.246.28.0/22
address 23.246.28.0/24
address 23.246.29.0/24
address 23.246.30.0/24
address 23.246.31.0/24
address 23.246.36.0/24
address 23.246.37.0/24
address 23.246.38.0/24
address 23.246.39.0/24
address 23.246.40.0/24
address 23.246.41.0/24
address 23.246.42.0/24
address 23.246.44.0/24
address 23.246.46.0/24
address 23.246.47.0/24
address 23.246.48.0/24
address 23.246.49.0/24
address 23.246.50.0/24
address 23.246.51.0/24
address 23.246.54.0/24
address 23.246.55.0/24
address 23.246.56.0/24
address 23.246.57.0/24
address 23.246.58.0/24
address 23.246.59.0/24
address 23.246.62.0/24
address 23.246.63.0/24
address 37.77.184.0/24
address 37.77.185.0/24
address 37.77.186.0/24
address 37.77.187.0/24
address 37.77.188.0/24
address 37.77.189.0/24
address 37.77.190.0/24
address 37.77.191.0/24
address 45.57.0.0/17
address 45.57.2.0/24
address 45.57.3.0/24
address 45.57.4.0/24
address 45.57.5.0/24
address 45.57.6.0/24
address 64.120.128.0/17
address 66.197.128.0/17
address 108.175.32.0/24
address 108.175.33.0/24
address 108.175.34.0/24
address 108.175.35.0/24
address 108.175.38.0/24
address 108.175.39.0/24
address 108.175.40.0/24
address 108.175.41.0/24
address 108.175.42.0/24
address 108.175.43.0/24
address 108.175.44.0/24
address 108.175.46.0/24
address 108.175.47.0/24
address 185.2.220.0/24
address 185.2.221.0/24
address 185.2.222.0/24
address 185.2.223,0/24
address 185.9.188.0/24
address 185.9.190.0/23
address 192.173.64.0/20
address 192.173.64.0/24
address 192.173.80.0/20
address 192.173.96.0/20
address 192.173.112.0/20
address 198.38.96.0/24
address 198.38.97.0/24
address 198.38.98.0/24
address 198.38.99.0/24
address 198.38.102.0/24
address 198.38.108.0/24
address 198.38.109.0/24
address 198.38.110.0/24
address 198.38.111.0/24
address 198.38.112.0/24
address 198.38.113.0/24
address 198.38.114.0/24
address 198.38.115.0/24
address 198.38.116.0/24
address 198.38.117.0/24
address 198.38.118.0/24
address 198.38.119.0/24
address 198.38.120.0/24
address 198.38.121.0/24
address 198.38.122.0/24
address 198.38.123.0/24
address 198.38.124.0/24
address 198.38.125.0/24
address 198.45.48.0/24
address 198.45.49.0/24
address 198.45.52.0/24
address 198.45.53.0/24
address 198.45.54.0/24
address 198.45.55.0/24
address 198.45.56.0/24
address 198.45.57.0/24
address 198.45.58.0/24
address 198.45.61.0/24
address 198.45.62.0/24
address 198.45.63.0/24
address 208.75.79.0/24
}

 

 

 

 


Meow
7517 posts

Uber Geek
+1 received by user: 3631

Moderator
Trusted
Lifetime subscriber

  Reply # 1542863 27-Apr-2016 15:40
Send private message

Ugh. You can do this with a single rule on the EdgeRouter (dst-nat port 53 redirect). Doing it that way makes no sense. DM me if you want access to the private forums.




91 posts

Master Geek
+1 received by user: 13


  Reply # 1542924 27-Apr-2016 16:57
Send private message

michaelmurfy: Ugh. You can do this with a single rule on the EdgeRouter (dst-nat port 53 redirect). Doing it that way makes no sense. DM me if you want access to the private forums.

 

nah not quite - a dst-nat 53 rdirect chucks all the dns traffic and not just the traffic relating to the netflix ranges.

 

I don't believe private forums are the way to go on this stuff - the subject is widely discussed on the whirlpool forums and about every other reference to be honest - the answer will always be in the public domain.

 

Something that works today is unlikely to work next week/year etc, the DNS providers are testament to that.

 

The golden days of having netflix US etc from anywhere are over. It's likely HBO et al will follow suit (why wouldn't they).

 

To be honest there is more interesting content on Freeview and BBC iplayer.

 

Anyhow each to their own.

 

Netflix hasn't even started on what they could do to further disrupt people...

 

 


70 posts

Master Geek
+1 received by user: 53


  Reply # 1542981 27-Apr-2016 19:25
One person supports this post
Send private message

eXDee:

 

Just a heads up to anyone using these services and fighting the unblocking war, some of the guidance given by these services very much looks like taking a sledgehammer to a problem until the wall comes down with no precision at all.

 

For example Unlocator has given guidance to its users to block IP ranges. In the past this was just google, but someone asked me for assistance with setting up their latest attempt at defeating the unblocking-blockers and it involves blocking entire subnets owned Netflix and a few other affiliated networks (I assume), and using rules to block /30, /24 and even /16.

 

This wouldn't be a sledgehammer solution if they owned a whole /16, it would indeed be fitting. But checking on just three of these /16 (255.255.0.0) rules, they only needed to block a /18, a /17 and a /20. The latter is 4096 addresses, and their /16 null route subnetting rule is going to block 65536 addresses instead, of hundreds of unrelated networks.

 

Changing your DNS to a third party (and therefore trusting your device/entire network with them) is one thing, but trusting these guys who are suggesting to randomly disable entire chunks of the IPv4 space is very concerning, as it just screams ignorance of how networking actually works.

 

In fact a great target of a malicious actor would be going after one of these services, still yet to see that happen publicly at least anyway.

 

 

 

 

Unlocator are only suggesting that if you still have issues getting US netflix with thier beta. I work with a couple of people using them without having to resort to blocking any IP's. I'm also using a vpn that got around the Netflix block as well. I think we are seeing the unblockers adapt to Netflix's new measures. It is probably always going to be a game of cat and mouse from now on - if anything this has taught me is its definitely easier to do this if you are using a media tv vs a smart tv, chromecast, apple tv, console etc. If I owned a computer shop, I would be doing a hard sell on cheap media pc's, they are fantastic and can turn a normal tv into a very smart and easy to use tv.


Meow
7517 posts

Uber Geek
+1 received by user: 3631

Moderator
Trusted
Lifetime subscriber

  Reply # 1543139 28-Apr-2016 00:54
One person supports this post
Send private message

watsonash:

 

michaelmurfy: Ugh. You can do this with a single rule on the EdgeRouter (dst-nat port 53 redirect). Doing it that way makes no sense. DM me if you want access to the private forums.

 

nah not quite - a dst-nat 53 rdirect chucks all the dns traffic and not just the traffic relating to the netflix ranges.

 

I don't believe private forums are the way to go on this stuff - the subject is widely discussed on the whirlpool forums and about every other reference to be honest - the answer will always be in the public domain.

 

Something that works today is unlikely to work next week/year etc, the DNS providers are testament to that.

 

The golden days of having netflix US etc from anywhere are over. It's likely HBO et al will follow suit (why wouldn't they).

 

To be honest there is more interesting content on Freeview and BBC iplayer.

 

Anyhow each to their own.

 

Netflix hasn't even started on what they could do to further disrupt people...

 

Right... Guess you have not been following the Whirlpool forums too much then as there is so much incorrect information being posted on there. Since I use dnscrypt my rule is as follows to ensure DNS (port 53 traffic) doesn't leak my network from anything but some VM's:

 

00:45 mmurphy@charmander ~ $ show service dns
forwarding {
cache-size 10
listen-on eth1
listen-on eth2
name-server 192.168.2.8
name-server 192.168.2.10
}

 

00:45 mmurphy@charmander ~ $ show service nat rule 3
description "DNS Forward"
destination {
port 53
}
inbound-interface eth1
inside-address {
address 192.168.2.1
port 53
}
log disable
protocol tcp_udp
source {
address 192.168.2.20-192.168.2.254
}
type destination

 

Also, generally Google is showing mostly incorrect, misguided or incomplete information. As previously stated on here keep your solutions to yourself since Geekzone ranks very highly on Google and providers in general are trying to keep information behind closed doors for a reason. It has already been proven people (on here, other forums, reddit etc) talking about viable easy to follow solutions are just causing Big Red to block those solutions - honestly, seen it too many times now to count where I, or others have posted a solution then it stops working after a week (wonder why...).

 

As per your last suggestion "Netflix hasn't even started on what they could do to further disrupt people..." don't give them a way how - simple...





Infrastructure Geek
4056 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  Reply # 1543143 28-Apr-2016 01:21
Send private message

SaltyNZ:

 

eXDee:

 

If i was doing this i'd probably grab a cheap virtual server (eg digitalocean), set up my own VPN solution on it, and put a particular streaming device on a separate VLAN with default gateway out the VPN, so the only path is through that. I haven't tested this but the concept seems sound enough. You lose the national caches but given how things have been going I wouldn't be surprised if that becomes no longer a possibility with a standard unblocker either.

 

 

This is a valid solution, but many/most hosting ranges are already blocked. If you want to discuss this option, get yourself onto the closed thread. :-)

 

 

yeah, most public cloud hosting ranges blocked. best option is to find a friend in the US with a gig fibre connection that can host a vpn concentrator for you and wont notice the passthrough traffic :)

 

 





Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


20 posts

Geek
+1 received by user: 3


  Reply # 1544016 29-Apr-2016 13:51
Send private message

I was continuing with UnoTelly as I still got Netflix US on my android and PC, but when that stopped a few days ago I trialled dns4me (supposedly unaffected), which has returned service to those two devices but that's all.

 

I'm not sure how much fight I have left in me to keep chasing Netflix US, but can I get a invite/link to the private forum? If there are easy enough work arounds I'll try them


1418 posts

Uber Geek
+1 received by user: 137

Subscriber

  Reply # 1544034 29-Apr-2016 14:42
Send private message

eliema:

 

I was continuing with UnoTelly as I still got Netflix US on my android and PC, but when that stopped a few days ago I trialled dns4me (supposedly unaffected), which has returned service to those two devices but that's all.

 

I'm not sure how much fight I have left in me to keep chasing Netflix US, but can I get a invite/link to the private forum? If there are easy enough work arounds I'll try them

 



Did you follow the instructions on the dns4me website?  i.e. more than just changing your DNS address?


20 posts

Geek
+1 received by user: 3


  Reply # 1544156 29-Apr-2016 18:24
Send private message

timbosan:

 

eliema:

 

I was continuing with UnoTelly as I still got Netflix US on my android and PC, but when that stopped a few days ago I trialled dns4me (supposedly unaffected), which has returned service to those two devices but that's all.

 

I'm not sure how much fight I have left in me to keep chasing Netflix US, but can I get a invite/link to the private forum? If there are easy enough work arounds I'll try them

 



Did you follow the instructions on the dns4me website?  i.e. more than just changing your DNS address?

 

 

If you're talking about the instructions for static routes linked on their front page then yes, UnoTelly had the same thing going for a while


1 | ... | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | ... | 70
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.