How do you detect a VPN or Proxy connection?

2019-01-23 15:17发布

问题:

I would like to block all connections to my server that use a VPN or Proxy. Is there anyway to detect that a VPN or proxy connection is being used? If not, is there anyway that I can check the likelihood that a VPN or proxy is being used? Lastly, is there anything that I can query or prompt the user with to check if they are using a VPN or Proxy so that if anyone does get through, I can try and perform additional verification? I do not need any information from the user such as location, true IP, or anything like that. I just want to entirely bar connections from VPNs or Proxies.

Edit: I've been thinking that I could potentially run a test to see if there is consistent discrepancies between ping to the VPN IP and the detectable latency of the client, but that sounds pretty unreliable.

Edit2: A proxy or VPN server would likely have many more ports open than a standard home connection so I could use the number of ports open to help gauge the likelihood of a connection coming from a VPN by running a port scan of the person connecting.

回答1:

Unfortunately, there's is no proper technical way to get the information you want. You might invent some tests, but those will have a very low correlation with the reality. So either you'll not catch those you want, or you'll have a larger number of false positives. Neither can be considered to make sense.

Generating any kind of traffic backwards from an Internet server in response to an incoming client (a port scan, or even a simple ping) is generally frowned upon. Or, in the case of a port scan, it may be even worse for you, eg when the client lives behind a central corporate firewall, the worst of which is when the client comes from behind the central government network firewall pool...

Frankly, IP-based bans (or actually, any kind of limiting focusing on people who do not exclusively possess their public IP address: proxy servers, VPNs, NAT devices, etc) have been unrealistic for a long time, and as the IPv4 pools have been getting depleted in many parts of the world, ISPs are putting more and more clients behind large NAT pools (it's this week's news in my country that the largest ISP, a subsidiary of Deutsche Telekom, has started handing out private IPv4 addresses as a standard way of business to its customers, and people have to ask the provider explicitly to get a public IP address), so there's even less and less point in doing so. If you want to ban clients, you should ban them based on identity (account), and not based on IP address.



回答2:

The simplest way to do this is to use an external service like an API to block VPN or proxy users.

MaxMind and GetIPIntel both offer it via API, you might want to give it a try. GetIPIntel provides free API service so I suggest you try that first.

For OpenVPN, someone used unique MSS values to identify VPN connections but the setup is complicated and it might be "patched" now.

The strategies you've mentioned in your edits don't seem like a very good idea because you'll run into many false positives. Sending out port scans whenever they connect to your service is going to take a lot of time and resources before you get the results.



回答3:

You can use web API's that keep track of IP addresses for you such as: http://xioax.com/host-blocker/

There even is Java Library: https://github.com/HiddenMotives/Java-VPNDetection



回答4:

You can see that :

Detecting VPN connection

But the short answer is no, you can't.



回答5:

You can download a list of known proxy IP addresses and lookup locally to see if it is VPN, open proxy etcs.

There are several commercial products in the market. IP2Proxy LITE is a free one you can try immediately.



回答6:

Yes, you can detect whether an IP belongs to a VPN/ proxy using Shodan. The following Python code shows how to do it:

import shodan

# Setup the API wrapper
api = shodan.Shodan('YOUR API KEY') # Free API key from https://account.shodan.io

# Lookup the list of services an IP runs
ipinfo = api.host(VISITOR_IP)

# Check whether the IP runs a VPN service by looking for the "vpn" tag
if 'tags' in ipinfo and 'vpn' in ipinfo['tags']:
    print('{} is connecting from a VPN'.format(VISITOR_IP))

You can also look at the list of ports to determine the likelihood that the visitor is connecting from a HTTP proxy:

if 8080 in ipinfo['ports']:
    print('{} is running a web server on a common proxy port'.format(VISITOR_IP))


回答7:

  • Get (somehow) list of IP of proxy servers.
  • Measure round trip ping time to user. Helps in online websocket games. Games are playable with ping under 50ms, so you can disconnect users with ping about 100ms and greater with a message "Sorry, too large ping".


标签: proxy vpn