If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
How do websites know if you're coming through a VPN?
I've seen various websites who forbid access to their website if they
detect that you're coming through a VPN server? How do they figure this out? Examples of websites that can figure this out a http://www.sevenforums.com/ http://www.eightforums.com/ http://www.tenforums.com/ http://www.cpu-world.com/ Also Netflix and PrimeVideo. Yousuf Khan |
Ads |
#2
|
|||
|
|||
How do websites know if you're coming through a VPN?
Yousuf Khan wrote:
I've seen various websites who forbid access to their website if they detect that you're coming through a VPN server? How do they figure this out? Examples of websites that can figure this out a http://www.sevenforums.com/ http://www.eightforums.com/ http://www.tenforums.com/ http://www.cpu-world.com/ Also Netflix and PrimeVideo. The servers' addresses? I appreciate the fact Eternal September doesn't care. Voobly gaming server doesn't care either. Google tries to discourage VPN use, probably because it messes up their analytics. I'm no expert, others can correct if necessary. |
#3
|
|||
|
|||
How do websites know if you're coming through a VPN?
In article , Yousuf Khan
wrote: I've seen various websites who forbid access to their website if they detect that you're coming through a VPN server? How do they figure this out? they know the ip blocks vpns use. another way is if the time zones don't match. |
#4
|
|||
|
|||
How do websites know if you're coming through a VPN?
Yousuf Khan wrote:
I've seen various websites who forbid access to their website if they detect that you're coming through a VPN server? How do they figure this out? presume they have a list of IP addrs that VPNs use in their datacentres? When mobile operators were hot on blocking phone tethering, they used to detect altered TTL on packets to catch users out, it's possible the website operators could use a similar trick to detect VPN users e.g. if the VPN servers are generally linux and non-VPN clients are generally Windows they might see detect TTL values about 64 rather than about 128 Also since VPNs will be TCP/IP within TCP/IP they have to use smaller MTU packets, this might be a tell-tale, but I wouldn't expect such techniques to be 100% |
#5
|
|||
|
|||
How do websites know if you're coming through a VPN?
In article , Andy Burns
wrote: I've seen various websites who forbid access to their website if they detect that you're coming through a VPN server? How do they figure this out? presume they have a list of IP addrs that VPNs use in their datacentres? yep. When mobile operators were hot on blocking phone tethering, they used to detect altered TTL on packets to catch users out, it's possible the website operators could use a similar trick to detect VPN users e.g. if the VPN servers are generally linux and non-VPN clients are generally Windows they might see detect TTL values about 64 rather than about 128 tethering was not detected by ttl, nor is vpn. Also since VPNs will be TCP/IP within TCP/IP they have to use smaller MTU packets, this might be a tell-tale, but I wouldn't expect such techniques to be 100% vpns can use udp. |
#6
|
|||
|
|||
How do websites know if you're coming through a VPN?
Yousuf Khan wrote:
I've seen various websites who forbid access to their website if they detect that you're coming through a VPN server? How do they figure this out? Examples of websites that can figure this out a http://www.sevenforums.com/ http://www.eightforums.com/ http://www.tenforums.com/ http://www.cpu-world.com/ Also Netflix and PrimeVideo. Every host knows the IP address of the other host that connects to it. VPNs do not secrete their exit nodes. There are lists of VPN exit nodes. Even Tor exit nodes have been mapped. Same for public proxies. |
#7
|
|||
|
|||
How do websites know if you're coming through a VPN?
On 7/1/2020 7:17 AM, John Doe wrote:
The servers' addresses? That seems like a brute force approach, where you just store server addresses of all servers of all VPN providers throughout the world. Isn't there something more elegant they are doing, like deep packet inspection? Also I've found that Netflix can sometimes be fooled into not knowing whether it is a VPN or not, but Primevideo is absolutely spot-on almost everytime. I say "almost" because I haven't tried every possible VPN server available to me yet. I assume that's because Primevideo has access to all of Amazon's own AWS server info, and perhaps a lot of these VPN's are making use of Amazon AWS? Just a guess. Yousuf Khan |
#8
|
|||
|
|||
How do websites know if you're coming through a VPN?
On 7/1/2020 7:26 AM, nospam wrote:
another way is if the time zones don't match. How would they know what time zone my personal machine is on? Besides I could easily just use a VPN that's in my time zone. Yousuf Khan |
#9
|
|||
|
|||
How do websites know if you're coming through a VPN?
On 7/1/2020 7:30 AM, Andy Burns wrote:
presume they have a list of IP addrs that VPNs use in their datacentres? Yeah, that's the first thing I came up with, but that seemed a bit brute-forcey. When mobile operators were hot on blocking phone tethering, they used to detect altered TTL on packets to catch users out, it's possible the website operators could use a similar trick to detect VPN users e.g. if the VPN servers are generally linux and non-VPN clients are generally Windows they might see detect TTL values about 64 rather than about 128 The VPN server just acts like a default router to a client. A large proportion of routers on the Internet would be running Linux with Windows clients behind them, whether they are VPN servers or not. Plus the host operating system is not really part of the standard TCP/IP specs, various high-level protocols running over TCP/IP might identify the host OS specs, but in general the basic TCP/IP is OS-agnostic. Also since VPNs will be TCP/IP within TCP/IP they have to use smaller MTU packets, this might be a tell-tale, but I wouldn't expect such techniques to be 100% This one I don't think is likely, because the VPN TCP/IP packets are compressed and encrypted, and then tunnelled through the carrier TCP/IP packets. The VPN packets would have all kinds of variable lengths depending on the level of compression and encryption. The carrier TCP/IP wouldn't even know what kind of data is flowing over it, nor care. Yousuf Khan |
#10
|
|||
|
|||
How do websites know if you're coming through a VPN?
In article , Yousuf Khan
wrote: another way is if the time zones don't match. How would they know what time zone my personal machine is on? easily, along with a *lot* more. https://www.w3schools.com/jsref/jsref_gettimezoneoffset.asp Besides I could easily just use a VPN that's in my time zone. you could, but if you don't, there will be a mismatch. another method is if you suddenly 'move' farther than is physically possible. for example, if you connect to a site from new york city and an hour later, you connect from london, something is going on. even concorde couldn't fly that fast. |
#11
|
|||
|
|||
How do websites know if you're coming through a VPN?
In article , Yousuf Khan
wrote: The servers' addresses? That seems like a brute force approach, where you just store server addresses of all servers of all VPN providers throughout the world. Isn't there something more elegant they are doing, like deep packet inspection? all they need to do is keep a list of the ip blocks used by vpns and also residential/commercial classification. it's very easy. a new vpn might be able to slip through for a while, but at some point, it will be added. Also I've found that Netflix can sometimes be fooled into not knowing whether it is a VPN or not, but Primevideo is absolutely spot-on almost everytime. I say "almost" because I haven't tried every possible VPN server available to me yet. I assume that's because Primevideo has access to all of Amazon's own AWS server info, and perhaps a lot of these VPN's are making use of Amazon AWS? Just a guess. that just means netflix isn't as strict. some vpns even claim they work with netflix. |
#12
|
|||
|
|||
How do websites know if you're coming through a VPN?
nospam wrote:
Also since VPNs will be TCP/IP within TCP/IP they have to use smaller MTU packets, this might be a tell-tale, but I wouldn't expect such techniques to be 100% vpns can use udp. They can, and I tend to configure openVPN for both TCP on port 443 and UDP on port 1194, the latter is "better" as you've not two levels of TCP fighting to retransmit any dropped packets, but port 443 far more likely to make it through corporate firewalls and proxies. But you still can't get full-fat 1500 byte MTU through a VPN. |
#13
|
|||
|
|||
How do websites know if you're coming through a VPN?
Yousuf Khan wrote:
The VPN packets would have all kinds of variable lengths depending on the level of compression and encryption. The carrier TCP/IP wouldn't even know what kind of data is flowing over it, nor care. The carriers don't care, but it sounds like netflix etc do care, and if they never see 1500 byte frames from you, even in a bulk transfer, you're using a VPN |
#14
|
|||
|
|||
How do websites know if you're coming through a VPN?
On Wed, 01 Jul 2020 08:21:15 -0400, nospam wrote:
How would they know what time zone my personal machine is on? easily, along with a *lot* more. If anyone wants a random timzone changer, here's a timezone randomizer: @echo off rem tzrandom.bat randomly sets the Windows system timezone rem by Herbert Kleebauer, 20200415, alt.msdos.batch setlocal EnableDelayedExpansion :loop set /a n=137*%random%/32768*3+1 for /f "tokens=*" %%i in ('tzutil /l^|more +%n%') do set a=%%i& goto :l1 :l1 echo. echo. echo setting time zone to: %a% tzutil.exe /s "%a%" :: wait 6-24h set /a n=20864+(%random%*2) set /a h=%n%/3600 set /a m=(n-(%h%*3600))/60 echo waiting %h% hours, %m% minutes timeout %n% goto :loop exit 0 To the OP, they already know the VPN IP addresses _before_ you even connected to them, as they're not hidden from public purview (AFAIK). As for the time zone (and a whole lot more), go he o https://panopticlick.eff.org/ Then press the "Test Me" button: o https://panopticlick.eff.org/kcarter?aat=1 Then, press the "Show full results for fingerprinting" button: o Let us know what they know about you. -- HINT: Fingerprinting is one reason why you need a browser strategy. o Discussion of two different privacy-related browser philosophies https://groups.google.com/forum/#!topic/alt.comp.freeware/H4694--5znY |
#15
|
|||
|
|||
How do websites know if you're coming through a VPN?
Now it's pretending like it knew the answer already,
but it said NOTHING about that in its original post... -- Yousuf Khan wrote: Path: eternal-september.org!reader01.eternal-september.org!feeder.eternal-september.org!aioe.org!peer02.ams4!peer.am4.highwi nds-media.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!border1.nntp.dca1.giganews.com!nntp.giga news.com!buffer1.nntp.dca1.giganews.com!news.gigan ews.com.POSTED!not-for-mail NNTP-Posting-Date: Wed, 01 Jul 2020 07:09:30 -0500 Subject: How do websites know if you're coming through a VPN? Newsgroups: alt.comp.os.windows-10,alt.windows7.general References: From: Yousuf Khan Date: Wed, 1 Jul 2020 08:09:31 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Message-ID: Lines: 30 X-Usenet-Provider: http://www.giganews.com X-Trace: sv3-OhUfTJEZLr09TWxUYMbcmhmJ535a131Bqsi5uQctSdHF+LqAK0 r4f2rrCMIBpdrK15v0dd2PhOeBOuV!ll0qRQHCyGomzxvW4Pvl Ew9dQKbibFPfx/ygcKhWIT5NCOiszifoDVXZNG0FpIsZUaMv+EefhA== X-Complaints-To: X-DMCA-Notifications: http://www.giganews.com/info/dmca.html X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.40 X-Original-Bytes: 2828 X-Received-Bytes: 3040 X-Received-Body-CRC: 2018213113 Xref: reader01.eternal-september.org alt.comp.os.windows-10:121210 alt.windows7.general:190919 On 7/1/2020 7:30 AM, Andy Burns wrote: presume they have a list of IP addrs that VPNs use in their datacentres? Yeah, that's the first thing I came up with, but that seemed a bit brute-forcey. When mobile operators were hot on blocking phone tethering, they used to detect altered TTL on packets to catch users out, it's possible the website operators could use a similar trick to detect VPN users e.g. if the VPN servers are generally linux and non-VPN clients are generally Windows they might see detect TTL values about 64 rather than about 128 The VPN server just acts like a default router to a client. A large proportion of routers on the Internet would be running Linux with Windows clients behind them, whether they are VPN servers or not. Plus the host operating system is not really part of the standard TCP/IP specs, various high-level protocols running over TCP/IP might identify the host OS specs, but in general the basic TCP/IP is OS-agnostic. Also since VPNs will be TCP/IP within TCP/IP they have to use smaller MTU packets, this might be a tell-tale, but I wouldn't expect such techniques to be 100% This one I don't think is likely, because the VPN TCP/IP packets are compressed and encrypted, and then tunnelled through the carrier TCP/IP packets. The VPN packets would have all kinds of variable lengths depending on the level of compression and encryption. The carrier TCP/IP wouldn't even know what kind of data is flowing over it, nor care. Yousuf Khan |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|