How to prevent being blocked when I use VPN?

  • Thread starter Thread starter yungman
  • Start date Start date
  • Tags Tags
    Block
Click For Summary

Discussion Overview

The discussion revolves around the challenges of accessing websites while using a VPN, particularly when users encounter blocks due to their VPN's IP address being flagged or blacklisted. Participants explore the reasons behind these blocks and potential strategies for maintaining VPN access.

Discussion Character

  • Debate/contested
  • Technical explanation
  • Conceptual clarification

Main Points Raised

  • One participant notes that using a VPN changes the TCP/IP address to one owned by the VPN provider, which may be blocked by the site.
  • Another participant draws an analogy comparing the use of a VPN to wearing a balaclava in a bank, suggesting that the association of VPNs with malicious activity leads to blocks.
  • Some participants indicate that it is common for organizations to blacklist IP addresses associated with malicious activity, with varying approaches to handling such addresses.
  • A participant describes their experience with IP blacklisting, detailing the challenges of getting off a blacklist and the complexities involved in managing IP addresses for security purposes.
  • There is mention of the dynamic nature of VPN IP addresses, which complicates the unblocking process as many addresses may need to be cleared.
  • One participant mentions that they drop entire Autonomous System Numbers (ASNs) associated with bad actors to reduce unwanted traffic.

Areas of Agreement / Disagreement

Participants express a range of views on the prevalence and implications of being blocked while using a VPN. There is no consensus on a definitive solution to the problem, and multiple competing perspectives on the effectiveness of various strategies remain.

Contextual Notes

Participants highlight the limitations of dynamic IP addresses provided by VPNs and the challenges of maintaining access to certain websites that may require stable IPs or registration for access.

yungman
Messages
5,741
Reaction score
291
I use Norton protection. They offer VPN. I try to use it. But I was blocked by a site after I use the VPN. I had to turn VPN off to get to the site.

Why? and what can I do to resolve this and still use VPN?

Thanks
 
Computer science news on Phys.org
the vpn changes your tcpip address to one of a large list of addresses that they own. if the site has blocked that new address then you get blocked.
 
yungman said:
Why? and what can I do to resolve this and still use VPN?
Because many spammers, hackers and other people with malicious intent use VPNs.

Or to look at it another way: "I wore a balaclava when I walked into a bank. They refused to serve me. I had to take the balaclava off before they served me. Why? And what can I do to get served while wearing a balaclava?"
 
So this is common?:frown:
 
pbuk said:
I wore a balaclava when I walked into a bank.
The pastry?
 
Reply
  • Haha
Likes   Reactions: FactChecker
You mean a biali?
 
yungman said:
So this is common?:frown:
Yes, it is not uncommon.

Some organizations are vigilant about this and will attempt to make contact and report the IP addresses associated with malicious activity back to the owners of the address space (e.g. via email to abuse@ownerorg.com). As the registered POC for a class B netblock, I would receive those emails from time to time. My hat is off to the folks generating those notices. Generally speaking, they provided source IPs, time stamps, log files and a general characterization of the attacks.

Other organizations will simply chuck the IP address (or the owner ASN) on some flavor of IP blacklist and consider the job done. My organization fell into that camp. We had a good number of blacklisted ASNs along with a few blacklisted IP ranges. From time to time, I would need to update whitelists to make exceptions within blacklisted ranges. [Customers get upset when they cannot visit our web sites or send us email].

[An ASN (Autonomous System Number) is a number associated with an organization that connects to the BGP routing backbone for the public Internet. As an ordinary customer of an ISP, you would not have an assigned ASN. Your ISP would probably have an ASN. Your VPN provider would have a different ASN.]

I was on the routing and switching side of things. Our primary goal was to blacklist IP ranges from which huge attack volumes were emanating. The security guys had trouble keeping their firewalls up under the resulting load. So we took care of the bulk of the attack volume for them. We used blackhole routes and an RPF check -- that sort of thing is easy for a router but hard for a firewall.

As I said, I wore a routing hat. Our security guys certainly had the ability to subscribe to an IP block service. But since I was not directly involved, I have no good idea about how widely deployed such services are. For instance, the Imperva WAF (Web Access Filter) documents their capability. We ran a WAF, among other components, but I do not think we subscribed to an IP block list.

Getting yourself off of an IP blacklist can be a time consuming and thankless task. The hardest part is finding someone who cares enough to try to help. Then you have to pray that they can navigate their way to someone who has the ability to help. The level of individual and organizational competence that you encounter can sometimes be mind boggling. Often our security guys would need to skip all that and handle it from our end, switching to a different egress IP (we ran Cisco WCCP and transparent proxies for outbound traffic) or getting us router guys to use traffic engineering to a different egress point of presence entirely.

Some target web sites (mostly military) are opt-in. You have to register your IP in order to gain access. This can be troublesome when your egress IP can dynamicly change due to the use of VPN, outbound transparent proxy or an ISP that does not provide their customers with long term stable IP addresses. [My company's egress IPs were short term stable (days or weeks) but not long term stable (months or years)]
 
Last edited:
Vanadium 50 said:
The pastry?
balaclava, not baklava. :-)
And definitely not a bearaclava:
1691786075062.png
 
Reply
  • Like
  • Haha
Likes   Reactions: Tom.G and Mark44
jbriggs444 said:
Getting yourself off of an IP blacklist can be a time consuming and thankless task.
And unlikely to work in this case, as the VPN address is usually dynamic, so thousands will need to be unblocked, and some of those are likely used by bad actors.
 
Reply
  • Like
Likes   Reactions: jbriggs444
  • #10
And FWIW, when I see a bad actor, I drop the entire ASIN now, not just the IP block. And things are much quieter.
 
Reply
  • Like
Likes   Reactions: jbriggs444

Similar threads

Is a VPN required for a WiFi hotspot meant only for a home?
  • · Replies 1 ·
Replies
1
Views
2K
Who Limits My Internet Speed, and How Do They Do It?
  • · Replies 15 ·
Replies
15
Views
4K
Hardware VPN uses / detectability
  • · Replies 5 ·
Replies
5
Views
4K
How does a virtual private network work (basics)
  • · Replies 4 ·
Replies
4
Views
3K
Anonimity: Time to take the internet back.
  • · Replies 3 ·
Replies
3
Views
4K
Cannot type "/ etc / hosts" (without the spaces)
  • · Replies 11 ·
Replies
11
Views
2K
Chemical Forums down, or how I learned what slowloris is
  • · Replies 8 ·
Replies
8
Views
1K
Yahoo mail blocked me from sending a program I wrote, what can I do?
  • · Replies 42 ·
2
Replies
42
Views
5K
Bug Thread with python and sqlalchemy code is being blocked by Cloudflare
  • · Replies 1 ·
Replies
1
Views
2K
How to make raspberry pi connect with window7 (no internet)?
  • · Replies 3 ·
Replies
3
Views
2K