top | item 46270966

(no title)

tallytarik | 2 months ago

There are plenty of VPN and proxy detection services, either as a service (API) or downloadable database, which are surprisingly comprehensive. Disclaimer: I’ve run one since 2017. Years on, our primary data source is literally holding dozens of subscriptions to every commercial provider we can find, and enumerating the exit node IP addresses they use.

There are also other methods, like using zmap/zgrab to probe for servers that respond to VPN software handshakes, which can in theory be run against the entire IP space. (this also highlights non-commercial VPNs which are not generally the target of our detection, so we use this sparingly)

It will never cover every VPN or proxy in existence, but it gets pretty close.

discuss

acka|2 months ago

> Years on, our primary data source is literally holding dozens of subscriptions to every commercial provider we can find, and enumerating the exit node IP addresses they use.

Assuming your VPN identification service operates commercially, I trust that you are in full compliance with all contractual agreements and Terms of Service for the services you utilize. Many of these agreements specifically prohibit commercial use, which could encompass the harvesting of exit node IP addresses and the subsequent sale of such information.

infecto|2 months ago

TOS are pretty meaningless in cases like this. It amounts to getting rejected as a customer and your account canceled.

fourside|2 months ago

Maybe the tables could be turned and we can build a service with dozens of subscriptions to every VPN detection service and report them for ToS violations ;)

MangoToupe|2 months ago

> I trust that you are in full compliance with all contractual agreements and Terms of Service

Why? It's not like there's any real moral (or, likely, legal) reason to care beyond avoiding the service's ban hammer.

immibis|2 months ago

There's a little secret that most of the business world knows but individuals do not know: You don't have to follow Terms of Service. In most cases, the maximum penalty the company can impose for a ToS violation is a termination of your account. And it's not illegal to make a new account. They can legally ban you from making a new account, and you can legally evade the ban.

Unless you're the one-in-a-million unlucky user who gets prosecuted under the CFAA's very generic "unauthorized access to a protected computer" clause, like Aaron Swartz. It seems the general consensus is this doesn't apply to breaking a website ToS, and Aaron was only in so much trouble because he broke into a network closet, as well as for copyright violation. But consult a lawyer if unsure. (That's another difference: A business will ask a lawyer if it wants to do something shady, while an individual will simply avoid doing it)

addandsubtract|2 months ago

Tangent: if you hold access to all VPN providers, have you thought about also releasing benchmarks for them? I would be interested in knowing which ones offer the best bandwidth / peering (ping).

0xdeadbeefbabe|2 months ago

> which are surprisingly comprehensive

How does the buyer even know what the precision and recall rates might be?

recursive|2 months ago

Probably contrary to the stealth aspect.

ranger_danger|2 months ago

This will also cause problems with anyone that happens to (even accidentally/unknowingly) use apps that integrate services from companies such as BrightData/Luminati/HolaVPN/etc. where they sell idle time on your device/connection to their VPN/proxy customers.

The legitimate end-user will then no longer be able to use e.g. SoundCloud.

blibble|2 months ago

I fail to see the problem if people that allow their internet connection used by scammers/AI crawlers are banned from every service

rdsubhas|2 months ago

Interesting. I assumed all VPNs switched to IPv6 by now, making detection much harder.

bombcar|2 months ago

IPv6 isn't magically unrouteable, it just routes much larger blocks of "end IP addresses."

You just track and block /24 or /16 as necessary.

tallytarik|2 months ago

Much of the internet still does not support IPv6, so most providers will give you an IPv4 address. In fact only a few providers even support IPv6 at all.

Even with IPv6 it's not a huge problem. With a few samples we can know that a provider is operating in a given /64 or /48 or even /32 space, and can assign a confidence level that the range is used for VPNs.

tux3|2 months ago

Many websites including Soundcloud are still only accessible through IPv4, so this is moot, even if VPNs support IPv6 it's enough to block their V4 exit nodes for Soundcloud.

vb-8448|2 months ago

just out of curiosity: if i'm located in spain and i setup an ec2 or digital ocean instance in germany and use it as a socks proxy over ssh, do you will detect me?

kube-system|2 months ago

It is even easier to block hosting providers. They typically publish official lists. Here's the full list for both of those providers:

https://ip-ranges.amazonaws.com/ip-ranges.json

https://digitalocean.com/geo/google.csv

(And even if they don't publish them, you can just look up the ranges owned by any autonomous network with the appropriate registry.)

tallytarik|2 months ago

It won’t end up in our proxy detection database, but we track hosting provider ranges separately: https://www.iplocate.io/data/hosting-providers/

dizhn|2 months ago

That's a hosting service IP block. Some sites block them already. Netflix for instance.

unknown|2 months ago

[deleted]

unknown|2 months ago

[deleted]

m00dy|2 months ago

who's buying your service ?

cons0le|2 months ago

Sounds like snitching as a service