master lfc6 asked:
Guys I have multiple servers with OpenVPN installed on them and they are all getting suspended left and right due to abuse reports from PlayStation network . Now , I’m assuming that my VPN clients are trying to crack PlayStation accounts , right ? What I’m trying to do is to block VPN traffic to all PlayStation URLs . The problem is that there is no specific IPs to block ! They use GeoDNS which serves data from different IPs based on user’s location . What can I do here ? Is there a full list of PlayStation IPs to block ? Or can I block access to these URLs ?
auth.api.sonyentertainmentnetwork.com native-ps3.np.ac.playstation.net account.sonyentertainmentnetwork.com auth.np.ac.playstation.net accounts.api.playstation.com native.np.ac.playstation.net
A third party Linux kernel module xt_tls provides the capability to match the hostname in a TLS Server Name Indication field, thus you can interrupt https connections to specific hostnames.
iptables -I FORWARD -p tcp --dport 443 -m tls --tls-host "auth.api.sonyentertainmentnetwork.com" -j REJECT --reject-with tcp-reset ip6tables -I FORWARD -p tcp --dport 443 -m tls --tls-host "auth.api.sonyentertainmentnetwork.com" -j REJECT --reject-with tcp-reset
See the module’s documentation if you need to block a large list of hosts.
Note that Encrypted SNI will eventually become widespread and this will no longer work.
You could also match on DNS traffic that passes through and block that. Eventually DNSSEC or some alternative will become widespread and that will no longer work either.
Note also that you should dump such customers as soon as you discover them. Also choose service providers that will work with you with respect to abuse complaints rather than just dropping you instantly.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.