A Question on VPNs

[K0MP4CT]

Hi there! I'm a moderator on a game forum. We have reason to believe one of the users are running a cracked version of the game, and are using a VPN to pretend they are from Iran. US sanctions mean Steam is not available in Iran. As a forum for this particular game franchise, and one that is active in communicating with the game devs, we hold a strict policy to not offer support for those running illegitimate versions of the game. We've asked him to prove he owns a legitimate copy of the game, and expected him to be able to show us a Steam library to prove this. Of course, he can't. However, this game is largely available on disc, even today!

 

The website of course logs IPs from users. Nothing malicious, simply the IP itself and nothing more. Users have the choice to state their location on the forum. I checked, and the IP is linked to a legitimate ISP in Iran, however, is it possible for a VPN to guise itself as a legit ISP address? I know this question seems to be worded weirdly, but I hope it makes sense!

[Sir Asvald]

Well, in most cases VPN services will have different servers in multiple countries. If that is the case, whatever VPN is the person is using, they have servers in Iran. 

You could take the IP address and see who is using it.

 

EDIT: to clarify, in terms of the IP, which VPN service providing it.

 

[K0MP4CT]

6 minutes ago, Abdul201588 said:

Well, in most cases VPN services will have different servers in multiple countries. If that is the case, whatever VPN is the person is using, they have servers in Iran. 

You could take the IP address and see who is using it.

 

EDIT: to clarify, in terms of the IP, which VPN service providing it.

 

When I checked the IP address provided, it was linked to a legitimate ISP. However, I thought that a VPN would be able to mask itself as a legitimate ISP address regardless?

[Sir Asvald]

1 minute ago, K0MP4CT said:

When I checked the IP address provided, it was linked to a legitimate ISP. However, I thought that a VPN would be able to mask itself as a legitimate ISP address regardless?

I think you're thinking when you connect. For example, this case. The person is intentionally hiding his/her IP address. When connecting the person is connecting the server which is in Iran. 

[K0MP4CT]

1 minute ago, Abdul201588 said:

I think you're thinking when you connect. For example, this case. The person is intentionally hiding his/her IP address. When connecting the person is connecting the server which is in Iran. 

To clarify, I'm not certain whether the user is in fact masking their IP address, but if I can better understand how VPNs function, I can at least limit the possibilities!

[Sir Asvald]

8 minutes ago, K0MP4CT said:

To clarify, I'm not certain whether the user is in fact masking their IP address, but if I can better understand how VPNs function, I can at least limit the possibilities!

How VPN works, you connect to a server, once you've connected all the traffic is encrypted to the server then to and back out the internet. For example. Person 1 has an IP of 23.3.1.3 and he cannot access certain sites because they are blocked. Now, he will connect to the server within the country and will use the IP address of the given server such 44.133.9.4. Now the person can access anything.

 

 

 

 

[beersykins]

12 minutes ago, K0MP4CT said:

However, I thought that a VPN would be able to mask itself as a legitimate ISP address regardless?

Depends entirely upon the IP space provided to the remote end.  Some things like PIA have their own AS number so when you look up on ARIN or RIPE it gives you the VPN provider information, some VPN providers just leverage provider-provided IP space which could be anything.

 

What ISP did it resolve to?   I'd say it's possible but improbable.

[K0MP4CT]

18 minutes ago, beersykins said:

Depends entirely upon the IP space provided to the remote end.  Some things like PIA have their own AS number so when you look up on ARIN or RIPE it gives you the VPN provider information, some VPN providers just leverage provider-provided IP space which could be anything.

 

What ISP did it resolve to?   I'd say it's possible but improbable.

It came back as Shatel.ir, a quick Google search tells me it's one of the biggest ISPs in Iran. Which of course could be plausible as to why he has a service with them, but also makes it an obvious choice to mask as.

[Sir Asvald]

20 minutes ago, K0MP4CT said:

It came back as Shatel.ir, a quick Google search tells me it's one of the biggest ISPs in Iran. Which of course could be plausible as to why he has a service with them, but also makes it an obvious choice to mask as.

May I ask what game it is? Is it an online game? I'm sure you can ban his account

[K0MP4CT]

1 hour ago, Abdul201588 said:

May I ask what game it is? Is it an online game? I'm sure you can ban his account

We definitely can! The forum works on a warning system. He has already been temp-banned previously for private message abuse where he was attempting to get help to crack the game. We are certain he's up to no good once more. However, we don't want to ban him for simply asking a question. Of course, if the question turns out to be related to cracking the game again, we will ban him. For now, I'm trying to find errors in his story.

[jj9987]

ISPs also serve businesses, who could be hosting VPN services. Therefore determining ISP from IP address does not help much. VPN IP addresses are not public either. You can block the IP address, but unless we know what kind of connection the game uses, there is not much options.

 

He could be using VPN only for the game and real IP for the forum.