Map Background

How to Identify a VPN IP Address

Many businesses and online services are currently looking for solutions to help bring in organic users and at the same time protect themselves from malicious users. There are times where a VPN can be a nuisance to your business, such as affecting your website analytics or allowing malicous users to hide behind a different IP address that does not belong to them, which promotes fraud, spam, and attacks. Having a VPN also allows a user to spoof their actual location, where the software or website will believe that the VPN's server location is the true location of the user, which allows users to bypass geo-blocking or geo-fencing techniques. In this article, we will provide a solution that will make these issues a thing of the past.

VPN Detection Techniques for IP Addresses

Find VPN Servers Based on their Open Ports

A VPN server will typically have ports open in order for a user to connect to a VPN server. Without these ports open, there is no way for the user to connect to the VPN server. What you can do is detect the common ports that are used based on what VPN protocol that they are using. Provided below are the common ports that are usually open based on the VPN protocol:

OpenVPN:

TCP Ports: 1194, 1197, 1198, 8080, 9201

UDP Ports: 1194, 502, 501, 443, 110, 80

PPTP:

Ports: 1723 (TCP)

SSTP:

Ports: 443 (TCP)

L2TP:

Ports: 500 (UDP), 1701 (TCP), 4500 (UDP)

IKEv2:

Ports: 500 (UDP), 4500 (UDP)

IPSec:

Ports: 500 (UDP), 4500 (UDP)

However, scanning for ports are typically frowned upon by many people and could even break your hosting provider's Terms of Service. Instead of scanning the ports yourself, you can use services such as shodan.io, which has a database of the IP address's open ports.

Identify the owner of the VPN Server

Allowing to find the owner or the hosting provider of a VPN can be a dead giveaway. When company's purchase an IP address, they must report the IP addresses that they have owned to their regional Internet registry. This allows the Internet registry to create a whois database on the person or entity that owns that IP address. This information is typically free and can be searched online. What many VPN detection software do is identify the owner of the IP address and check to see if the IP address is a owned by a hosting provider. Though, there are downsides to this method. Denying multiple hosting providers can create many false positives, such as an internet service provider serving internet connections to residential users and providing hosting services to businesses. Also, there are times where cooperate networks will be labeled as a VPN due to it's affliation to VPN providers or datacenters.

Look at Blacklisted Lists on IP Addresses

Checking out Blacklisted IP addresses can also prevent your website or business from getting attacks or becoming a victim of fraud. Nowadays, there are hundreds of websites that provide free IP address lists that are typically blacklisted on other sites. These IP addresses can be banned from the site due to many reasons, ranging from spam to DDoS attacks. Applying those IP addresses to your firewall list can reduce your chances of getting an ill-natured users on your website or service. Not only that, but theses IP addresses can also be a proxy server's IP address, which can (almost) kill two birds with one stone. Nevertheless, there are also some downfalls with this method as well. While some blacklisted lists may be reliable sources, there are some lists that may not be as reliable or may ban users unexpectly or with no good reasons, especially since these lists are self-reported. Furthermore, some of these reported IP addresses can also contain legitimate IP addresses, where no VPN or proxy servers were used at all, but can be banned due to unfortunate reasons, such as spam or fraud. Now, you might say that this is a good thing, but banning a bunch of residential or mobile carrier IP addresses are typically a bad idea. These addresses can be rotated pretty often, where the offender can request a new IP address from it's carrier or internet provider, where the blacklisted IP address can be repurposed to a potential user or buyer who has no intention to cause any harm to your website or service.

Attempt to use Reverse DNS Lookups

Either using websites, CLI, or scripts, you can identify if an IP address is a VPN based on looking at their hostname. With the hostname, this allows you to identify if the VPN is using a hostname that is related to a VPN provider. Like all of the methods above, there are flaws to this technique. This method doesn't work too often, due to the fact that many IP addresses will not have a hostname or will not have a hostname that links themselves to the VPN provider's networks.

Consider using a VPN Detection API

While all of the previous VPN blocking techniques have their issues, the best method is to leave VPN detection to the professionals, where they do all the heavy lifting for your website or company. Although, there are many proxy and VPN IP address blockers out there today, none of them offers the special features and detection algorithms that we use.

Our API service not only identifies proxy servers and VPN servers, but also Tor Nodes as well. Not only that, but our API also offers location information that can detect what city a user is in and the network information of an IP address, which can show you the entity that owns that IP address.

Not only that, but we also have crawlers and bots working around the clock searching online for information about the status and the uses of each IP address. Our detection algorithm took months for us to create, which uses data science and deep learning to identify if an IP address is a threat (either VPN, proxy, and/or Tor Node.) On top of that, we obtain our data from dozens of sources, which our algorithm also verifies the data and see if there are any discrepancies. Though, rest assure, our algorithm does not do all of the data validations on VPNAPI.io, we also have manual review of our data as well, where we would manually comfirm and verify the our data.

If you are interested in our VPN Detection API, please check out our homepage, where you can find more information about our services and test our detection algorithm: vpnapi.io

Icon