Slashdot Mirror
Comcast Gunning for NAT Users
phillymjs writes: "A co-worker of mine resigned today. His new job at Comcast: Hunting down 'abusers' of the service. More specifically, anyone using NAT to connect more than one computer to their cable modem to get Internet access- whether or not you're running servers or violating any other Acceptable Use Policies. Comcast has an entire department dedicated to eradicating NAT users from their network. We knew this was coming since this Slashdot article from two months ago, but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday, and I'll be cancelling my Comcast cable modem early next week." Earthlink and Comcast have both been advertising lately their single-household, multi-computer services (and additional fees) -- probably amusing to many thousands of broadband-router owners, at least until the cable companies really crack down.
So, what are the methods they use, and how can I make it more difficult for them to tell if I have a machine running NAT?
How much will they charge to setup my ReplayTV 4000, eh?
What about that new toaster I bought?
ÕÕ
How exactly are they going to do this?? I mean NAT isn't really something you can look at it. The same ip is beind used just by different systems behind the NAT server.
Does anyone have any info on exactly how they plan to do this?
How, pray tell, do they propose to determine whether a user has NAT?
Adelphia has it as part of their service agreement that you can have multiple devices on the network and the cable modem install techs will actually configure your linksys router for you when you sign up for the service.
If you choose not to decide, you still have made a choice. RUSH
How would they go about doing this, being that NAT makes all data coming in and out look as if it was coming from a single IP? They could try to look at bandwidth, but you could easily make the case that you were just downloading a lot from one pc. What practical techniques can be used to detect NAT, and what can be done to avoid them?
Brandon Tallent
"We regret to inform you, Mr. Anderson, that you have three different people in your household using this computer to access the internet. Your bill will be adjusted accordingly."
This
This is not a story, let's not treat it as one. It'll be a story when somebody has copies of a letter explaining that their service was cut off, due to the use of NAT. In the meantime, I can tell you that the firewall on my comcast connection has received no new exploratory packets originating at comcast servers.
Fortunately, my Cable provider here in Montreal allows NAT private networks. However, they don't allow servers on common ports (21, 80, etc.) but you can run them off higher ports if you like. Frankly, me and my girl both pay for Internet Access, it's only fair that we should be able to use it on both of our computers!
Reminder: find a new sig
I had assumed that though like this was basically on the way out. Most ISPs will say "We support one computer. If you wanna rig something else up to use more, don't expect us to support it". That's sort of fair, mostly.
This is creepy. I'd personally sue them.
How do you even detect NAT?
There's this which describes a way to find webservers behind NAT, but what about the general case?
If you don't like it, don't sign up. If you try to cheat on the policy with your l33tness and get caught, don't complain.
Don't forget kids: those snazzy Linksys routers you bought will fall under this stipulation too! It's not just the retards with Linux boxes getting nailed, it's EVERYONE with any form of link duplication. Basically, if you have 2 boxes and pay for 1 to be connected THEY WANT YOUR ASS.
this sig limit is too small to put anything good h
The whole point of NAT is to obscure and hide the internals of the network, the outside only sees ONE computer. The only possible thing they can look for are signatures (like all connections coming from a source port in the 60,000's range -- Linux defaults to this for ipchains IIRC), but these are adjustable of course, and in no way are proof of NAT being used.
I'd really like to know since all the traffic comes from one MAC address. True, you'd need a properly configured firewall, but you should be able to make any linux system look like a windows one (hint: disable ports or use reject policy in your iptables) It seems to me NAT is impossible to detect.
Can anyone with more 411 clarify?
Thanks
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Seriously, when I signed up the agreement was that I would not provide service to anyone outside my residence, which is fair I guess. If they want to crack down on me doing something that is proper let them try, but I'm not going to back down from asserting my rights. Personally I don't see what options that have to crack down. Though I have heard that their switches remember your mac address now so if you change the computer/network card hooked up it takes a reset to get it working again :(
Well, I suppose I could have prepared, in advance, a rather whitty remark... But instead I chose to blither whatever came to mind. Patience is a virtue I do not posess.
Still #1 -- Lonely Gay Geek
They can take me to court if they want i'm not doing a damn thing wrong. I pay for my 1.5Mb and i'll use it on my laptop, desktop, or palmtop all at the same time if I want.
I can see a point in FOPing users that abuse the bandwidth or something, but just going after people for having more than one pc attached is ridiculous.
Do you remember wen it was "illegal" to plug in a splitter box on your cable so you could watch cable in the bedroom too? What is it with these guys. As if $30 in addition to my $50 a month cable bill was not enough.
If they want to be ubiquotous they should merge with an ISP or something. - Oh wait, n/m
what? what I thought we were in the trust tree in the nest, were we not?
And exactly how are they going to detect this evil traffic? By monitoring the origination ports of the network traffic? Presumably they're going to look at the port numbers and go "hm, that number's different from the one a few minutes ago. Must be a NAT!"
If that's the case, then I encourage any Comcast customer who uses a single computer, who has the know-how, to write a script that generates arbitrary originating port numbers on all the traffic. That would rule.
-- Mojo Tooth : exploring our world as only an idiot can.
The only way I can think of for them to detect NAT is if they see simultaneous activity on too many ports at once, indicating more than one person at the same time is using the Internet.
Obviously, the more people you have on the line, the more likely this is to occur.
Seems kind of silly to spend a lot of resources on this. I can kind of understand maybe charging people more for using more bandwidth than average.
Sometimes it's best to just let stupid people be stupid.
Look, I have my Road Runner connected to a firewall that routes my internal machine to it. Therefore I have more than one machine (technically) hooked up to Road Runner.
The firewall uses NAT for my internal box. My firewall is a custom Linux box I setup myself, but I imagine any firewall would behave similarly.
If they're basically saying you have to have just the one machine directly connected to their service...they're saying YOU ARE NOT ALLOWED TO RUN A FIREWALL.
How can they possibly suggest that I'm NOT ALLOWED to run a firewall? Especially seeing as how the freaking cable networks some of the worst offenders on portscans etc...
Freaking morons.
This is never going to happen of course, because this sort of service provision implies not only limits on the customer but also performance requirements on the part of the telco. I think we are stuck with "52 times faster than an ordinary modem" marketing and bad service forever.
What about setting up a linux machine and connect X-terminals to it, thus providing multiple users with internet access, but they are on the same machine. Or a windows terminal server. Or ssh in and run applications that are forwarded over X. Or port forwarding.
And, windows 98/ME does this automatically if you have a windows LAN with one computer connected to the internet, doesnt it?
Huh?
/.
I know it's a good idea to completely block the Comcast management subnet addresses (look at your firewall and see who is hitting NNTP every hour - that's them.
BUT: there are tools available that can partially see through many firewalls - for example nmap can gather some info through freesco (not enough to do any harm, but enough to positively ID the system).
Does anyone know what tools and techniques Comcast will be using, or what addresses they will source from?
I'm not looking for speculation - why help them out after all - just any hard info anyone might happen to have.
Thanx!
--Charlie
Yeah, if they really want to stop bandwidth hogs, why did they not just make the Cable modem also be a bandwidth limiter!!!!!
"No that would be too simple a solution! Besides it would cost the company millions!"
It's not like you can plug your computer into the cable system directly, you have to have a modem.
It's easy, all you need is a job where you are not supervised and have no real contact with any coworkers. You will soon find yourself coming to /. more often for some mediocre entertainment at the exepnse of some anonymous server's ram and bandwidth.
Still #1 -- Lonely Gay Geek
This is the best post yet.
Also, use LINUX, dont use MICROSOFT.
...my DSL provider, PacBell Internet, actually wants to sell you a NAT router when you sign up for basic home DSL service.
Can someone publish a step by step how-to on how to masquerade a masq box? Is that a circumvention device?
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
The only way they have of telling if there's another system on your network is to send a request to an internal address (RoadRunner tends to check for 192.168.1.100)...the easiest way to fix this is to simply firewall the netbios port...
:)
I actually just use IPTables to keep anyone on my external port (eth0) from accessing any internal addresses directly. It sounds like the only ones they'll catch is the ones with the out-of-box routers and ppl who don't know better
They can catch the scumbags that get the cablemodem and then nat their entire apartment building, or the neighborhood but they will never catch a single family dwelling doing it. the ONLY way to detect it is to watch bandwidth and look for 60-70 connections coming out of that cablemodem. anything less will be false positives as just hitting some websites causes at least 10 connections to other servers for ad's popups, etc...
Besides, how is this going to fly with the AT&T policy of allowing it and even encouraging it? AT&T will gladly sell you a smc or linksys NAT/firewall... that constitutes encouraging it.
Do not look at laser with remaining good eye.
I told the guy I was using a router. He freaked. "OMG OMG HOW MANY COMPUTERS DO YOU HAVE?" he asked.
:) So, if they had a way to scan my system, there's only one machine up.
"Just one. I just trust hardware firewalls more than software ones. I don't want to get infected with a worm that would then lower ATTBI's bandwidth."
He then let me go on my way.
Now, this article is a case of "i know a friend of a friend who's doing this dispicable act!!!" so I'm not taking it to heart. And as for me, only my Linux box is on 24/7...My Windows box is a seperate box that's only up if I want to play EverQuest.
Is there a term for "vaporware" jobs?
If you're using a commercial broadband router (Linksys, Netgear, DLink, etc.) they may have a way that they can probe IPs for that specific type of device. It might have a web page on port 80, or something else open that identifies it as being a router. They wouldn't be able to identify a Linux box doing IP Masquerading, but they'd find all the Linksys routers easily, and since those are quite popular, they'd figure that was good enough.
Another consideration: How does the NAT box know where to send incoming replies? Isn't there something added to the IP header to indicate the internal source IP of the packet? I would think there would have to be. Could they scan packets for these identifying signatures?
A problem with this: some people use NAT routers as a firewall, with only a single computer connected, simply for security reasons. It's certainly more secure (and less problematic, from what I understand) than ZoneAlarm or BlackIce. How is the ISP going to know the difference?
If they're scanning IP packets, are they looking for multiple internal sources from the same external IP?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Let's face it. If the terms of service say you can't connect multiple computers to the cable modem service, then you can't do it (legally, at least). If you don't like it, don't sign up.
Unfortunately, many people won't follow that rule (they won't like it but they WILL sign up). They'll pay the $3/computer or whatever, and Comcast will get their way.
It's our job as technophiles to EDUCATE friends and family about alternatives (mainly DSL with an acceptable TOS policy, and then a basic home gateway with NAT). Here in the San Francisco Bay Area we have _so_ many options (cable, analog modem, or any of dozens of DSL providers), but most people just go with whoever mails them the most colorful flyer.
If we help teach others that they have choices, then they will make the right decision. The free market will work. Comcast and similar companies will realize that they're losing revenue, and they'll adjust their pricing models (as well as stop using inflammatory terms like "stealing bandwidth").
Here in Melbourne, Australia some of our "broadband" providers have similar policies, so I've always wondered how they might look at addressing NAT.
Although NAT masks all computers behind the firewall with it's external IP address, by examining the traffic, there are clues.
For example, let's say there are multiple instant messengers (eg ICQ, MSN) behind your firewall. If there are at least 2 of the same type, it generally means there are multiple users. Of course this isn't necessarily true though, if you have a *NIX computer this is easily done, or even Windows XP.
Let's say your firewall is a Linux/FreeBSD/whatever box. Nmapping or similar _may_ reveal this, and _may_ also determine its uptime. A long uptime is often an indicator of a firewall, since most people don't turn them off. Of course, lot's of people don't turn their PCs off either.
In general sniffing traffic might provide some clues as to what is going on at your end of the service.
These are just a few ideas, however none of them offer real proof of NAT, just some indicators. I'm sure there are legal implications (eg privacy) both in the US and in Australia on examining your network traffic.
--jquirke
I have to congratulate AT&T. I was in the mediaone (originally Highway1) beta in 1996. As they changed to RoadRunner and AT&T, customer service has definitely gone downhill. There are much longer waits on the phone, and there is greater difficulty in reaching knowledgeable support people.
Furthermore, outages are still too common, and performance is still too variable.
However, the basic service is good, and the attitude of AT&T (at least in Eastern MA) is still good. They tolerated NAT, looking the other way, and then (I think) supported it; they don't block ports; and they don't particularly seem to mind members who run servers, as long as those servers are reasonably secure; even though the service agreement disallows servers (last time I checked).
I read about dimwits like Comcast frequently on Slashdot, and I'm thankful that my provider is still reasonable.
AFIK my cable provider (Time-Warner, Columbus Ohio) isn't doing this yet. If they do I'll be quickly dropping the internet access along with their cable TV service (currently about $83/month) and will sign up for Ameritech/SBC DSL and will probably get a dish unless SBC is running a deal for cable TV. VOTE WITH YOUR WALLETS! If Comcast people have another option they should go with it.
As everybody else is wondering: how do they plan to ferret out NAT users? Go to everyone's home and count the number of computers? ComCast used to be such a nice service, it's a shame what they're doing to it. Lets count the ways they've made the service worse recently:
Still, even with all of these indiscresions, I'm inclined not to believe this story as is. There doesn't appear to be much actual evidence (has anyone been flagged for having a NAT yet?) to support the claims. Also, did the co-worker quit because the job is nigh-impossible? My hoax sense is tingling...
I read the internet for the articles.
Comcast doesn't really care one way or the other about you using NAT to connect multiple computers. They are just simply trying to do what so many other broadband companies have failed to do: stay in business and make a profit. They have seen what has happened to several other large broadband companies that have gone under, and they realized that they have to make a profit now!
Charging people a little extra to connect multiple computers can bring in a little more money to keep the company afloat. And tracking down violators will--hopefully--result in those people agreeing to pay the extra amount. Comcast is not trying to alienate customers, they are trying to keep customers happy by staying in business
I can't see Comcast winning in court anyway. It'll become readily apparent that bandwith is alotted on a per-modem basis and not on a per-computer, so the usage of bandwith over a number of machines does nothing to impose more strain on their network. In this sense, there's no way they could win in court, how would they justify cutting service to people who were using it within acceptable use? Either one computer can be hogging bandwith, or two can be sharing it... seems to make sense to me.
Furthermore, it seems like a forgotten waste of time for Comcast to try to pick up everyone who's using two computers (or more) over their service. They might pick up small businesses, or something, simply by paying attention to the fact that their bandwith is in use most of the time. One computer is more likely to have "down time" than two.
And how Exactly are they going to find us? I Don't think there is any NAT search tool type thing, is there? I did read the Article about the Cat and the NAT and such, and to my understanding you have to use their hardware for the CAT idea to work. So how was this person supose to find "Abusers"? Quietly break into their house and check the other end of the cable modem?
(Score:0, Interesting)
Since the switch from @Home to Comcast, Comcast hasn't even been supporting their multiple IP services, event though they're still charging for it, so many customers have been forced to create their own routing networks.
I'm assuming you can verify this? You can verify that this is ligitimate, can't you? Hello? timothy? Hello?...
Once again slashdolt is the shining star disinformation and ignorance. You should all be buggered.
I only have one computer connected to my cable modem. It's an old NT box. It happens to have two nics in it, though, and it serves the rest of the house. But I do in fact only have one computer connected to the cable modem. What I do with my own internal network is my business!
The bandwidth sucks.
The latency sucks.
The support sucks.
They encourage NAT and show you how to do it in their manual.
Thank you Bell!
Do you feel the same way about Microsoft? Most cable providers in the US enjoy a monopoly. Comcast may be the only option for broadband access for a large number of people who aren't close enough to their exchange to get dsl. One could argue that broadband is a "perk", and doesn't deserve protection but I don't agree.
As a side note, hooking up a cable/dsl router doesn't really qualify as l33tness in my book.
The ISPs aren't losing anything; if users are sucking up too much bandwidth, limit them. A lot of NAT users aren't major bandwidth hogs, anyway. They're just people with a simple gateway (for instance, an Apple Airport) who happen to have a couple of computers in the house. Oftentimes, they're using the thing primarily as a firewall. I suppose there may be a handful of business customers abusing the privilege, but those people aren't likely to turn around and buy "business" versions of your Cable modem service. They're just as likely to get DSL (and maybe their employees will too.)
It strikes me that this is just an extension of the "rent a cable box for every room in the house" Cable strategy, only one that's less likely to bring in revenue.
The easiest way to catch a large portion of NAT users is to just scan for a web interface. I have limited experience with the Linksys Router sold at Best Buy etc...but I think the web interface remains 'enabled'. This would catch all the 'inexperienced' NAT users which is probably who this policy is targeted at anyways. It is sort of like security policies at most companies. They take the precautions necessary to keep the low-level crackers/kiddies out.
You'll find more about my experience with Comcast broadband services on my company's web site, if you are interested.
-- Dave Aiello
Some comments:
They don't have to send out any exploratory packets to gleen evidence of multi-pc usage. Overlapping traffic with browser headers indicating Linux, Mac, and Windows would raise a flag (not proof, but strong evidence). That's just a simple example, lots of other services could be sampled as well.
These turkeys are coming from a cable mindset (one cable = one TV) which is absurd for data connectivity. This situation is much more like the power company (as many appliances/plugs as you want - just pay for the power) or the phone company (lots 'o' phones - you can even have several people on the same call at the same time).
Vote with your wallet and dump them.
On a somewhat related topic: One of Sweden's bigger and first broadband companies, Bredbandsbolaget (translates to "the broadband company") are scanning all their traffic for pirated software, music and movies. The funny thing is that they are offering 10Mb in both directions, when most around here only offer 0.5 - 2.5Mb, and that is incoming traffic only... so you can guess which connection all warez dudez are running if they have the possibility...
:)
One of my friends have been heavily into trading stuff since he had a 33.6 and a P100 machine - and was the coolest kid in town with that. Now he has shut down his ftp server and probably sits at home shaking from withdrawal. Thankfully, I never was much into warez, I have a few mp3's on my conscience, but that is pretty much about it. And I have another provider, if the urge should set in.
I think this is something we will see more of in the future, although so far I don't think any of the other companies have followed.
Scanning for warez may be more in line though, considering the terms of use, but on what level should the companies control what we do with the access? Forbidding several computers on one connection just to charge more money is just plain cheap, although many do already have clauses about not allowing servers on your home connection.
I'd like to gun down the evil censoring Slashdot editors!
You have to sniff the packets going to their IP. If you see traffic coming from www.yahoo.com:80 and going to the IP at a high numbered port then they are most likely using NAT.
Some people (like me) have NAT running at their homes. I have 3 boxes running. I file server, an MP3 appliance (audiotron) and my desktop machine.
All three are behind a NAT deivce/Firewall.
Two of them RARELY connect to anything outside of my local network.
Is comacast gonna charge me for 3 computers?
Let's find out how quickly I shut off my cable. (Hi, directv!)
Yeah, if they really want to stop bandwidth hogs, why did they not just make the Cable modem also be a bandwidth limiter!!!!!
THEY DID!
Many users of cable systems are bandwidth limited, also called "capping," on at least their outbound traffic, and many also have their inbound traffic limited as well. Where I live RoadRunner has outbound speeds limited from 15k to 30k/s outgoing, depending on which loop you are on. Incoming is limited to 250k/s, though this is almost never achieved, even when the packets are originating at a major university, essentially, across the street, with only 4 hops between one box and the other.
Consider this - a submission of the FoaF kind, no real evidence, but very much bound to bring an uproar among the /. regulars... The result - a pretty good list of things that can and cannot be done to accomplish the alledged NAT detection.
In other words, we are doing Comcast's R&D for them...
So now it occurs to me that the CableModem providers may be rabid about creative ways to use more bandwidth because their infrastructure is more fundamentally shared: their peak BW is higher, but users have to share the cable to the CO. In DSL, they can clamp my line if they want to.
Thus "nothing more than the bandwidth for which they are paying" may be the crux of the issue. DSL providers actually can limit you to your paid BW, but CableModem operators have a much harder time doing that.
Not that I actually support an ISP that wants to ban my NAT box. I would immediately switch to an alternate provider who lets me do what I want with my bits. Oh wait, I already did :-)
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Anyone who would continue on with Comcast under such circumstances is a fool. But maybe a fool
makes for a good customer. Aside from the help
desk costs, a company can pretty much get away
with murder with their foolish customers.
And this may be illegal anyway. It'd be like requiring someone who buys dirt from you to use
one of your shovels. Don't let Comcast push you
around like this. Tell them you're not gonna take
this bullshit. Tell them to go fuck themselves.
We happen to use ICS on a *gasp* Windows 2000 Box. I'm currently thinking of an option and would appreciate some advice (other than linux, the dsl card is incompatible). Will zonealarm tackle it or are the packets themselves tainted? Perhaps the bandwidth of four college students is enough evidence alone.
There actually are some indirect ways of telling if someone is behind an NAT box.
:)
I can VERY easily tell if anyone on my LICQ list is behind NAT, just look at the person's info, and it will tell you their external IP, and the IP behind the NAT.
But, i'm guessing that's not how their going to do it
My guess is.. nmap OS fingerprinting. I do this all the time to ppl. The NAT boxes, like any other machine run an OS, that has a TCP fingerprint. I can very easily identify not only that its an NAT box, but usually what brand; D-link, Linksys, etc...
BUT, one way around it is to use a linux bux with ip forwarding, or even *cough**hack* Win98SE or newer with internet connection sharing.. i'll bet there's a way to sniff that out too.. but not sure(its gotta be in the packet headers i'd think.. but haven't looked)
With writ of pen, you are deemed a thief.
We should be getting used to this, considering the series of precedents we have accepted:
Why is it that I can sign for service from a provider, that provider can change the rules of the game by sending me a letter saying "these are our new rules...by continuing to use...you agree...", and then call me a thief when I continue to use the service in the manner which was acceptable to them when I first subscribed? A typical /bot will retort "if you don't like it, switch providers", but all the other providers are doing the same thing. It reeks of bait-and-switch coupled with universal collusion. As usual, we have no choice but to comply and allow greater control of our lives by faceless third parties.
"What is the sound of one belly slapping?"
I run WinNT using Checkpoint Firewall-1 as the PC connected directly to the Internet. I watch my own packet logs pretty closely since I was the victim of a pretty talented hacker last year. From my logs it just looks like one PC always connected to the Internet, not the 5 behind it.
Now I can't even get in from the outside, how the hell are they planning on doing it?
Are they going to break into my house?
"You are not a beautiful and unique snowflake."...Tyler Durden
Can I use the service on more than one computer? link
Yes, customers with home networks may order additional network addresses in order to connect several computers to the service through one cable modem.
You must first subscribe to the basic Comcast High-Speed Internet Service.
Once you become a subscriber, you can sign up for a second and third address.
You will need to have access to network expertise because Comcast High-Speed Internet Service neither installs nor supports networks.
The cost is $6.95 per month for each additional outlet. Customers can have two additional addresses, for a total of three.
Comcast will install the network card and software on a second and third computer for a change of $49 for each computer.
Hammer of Truth
What do they do if I have one computer running VMware with multiple instance of a system at once?
To avoid this, get the MAC address from an old NIC, or a machine that will never be connected to the subnet on the cable-modem system, and (assuming your NAT box supports MAC spoofing) configure your NAT box to use that IP address.
More likely than not, the providers are too stupid to do the necessary research, and will look at the high bandwidth users and do a packet sniff to see what their activity looks like.
instead of just selling an extra IP address to those without a router then maybe more people would be interested in buying the extra IP addresses.
I know I would, especially if they would allow servers, I know my FTP site gets pounded when my band releases our new songs, the fans that we have jump on my server so hard that it's almost painfull to surf from my other boxen.
MASQ works by rewriting port source port numbers into the upper 16,000 which looks fishy to network types who aren't familiar with it. Our firewall software at work goes berserk when it sees source packets above 32k and automatically generates alert spam, I assume comcast is seeing the same, and rather than tolerating the crap is just pulling the plug. Using a decent NAT solution keeps the source ports in sane range and doesn't raise red flags. Don't blame Comcast, blame Linux.
I mean, it's all a pretty grey area isn't it? Do they want to dissalow any kind of internal networking in people's homes? That just seems bizzare. And as long as theres some kind of network there will be a way for people to use the internet if one of them is connected (VNC/Xwindows/terminal server/ as well as NAT).
I mean, it's not like having multiple machines behind a firewall is going to cause any extra resources to be consumed, the only reason for them doing this is to sell you back the right to do it. That's a nice bussness model. Ban stuff and then sell you the rights they took away...
autopr0n is like, down and stuff.
that's spelled "witty", you illiterate freak
The installer wanted the MAC addr for my nic card. I asked him if I could just give him the MAC addr of my router. He said no sweat, he was seeing alot of people with their own router hardware. I think this story is a fabrication. --Alex
The Surfboard SB3100 already has NAT suppoort built into it so EVERYONE will be in violation. Go look it up for yourself, if you're on comcast then click this link which should show you some general info about your cablemodem. The cablemodem supports NAT on the 192.168.100.X network.
da w00t. mtfnpy?
Assuming this is true, how long have they been doing this? I seem to remember when the cable guy came to hook us up and all, he told us we could use a router to connect multiple computers. Also, I don't think I know of anyone who has cable or DSL with 2 computers that doesn't use a router.
I have a lot of sympathy for the ISP (hell, I am one, about to go under...). The problem is that the industry still hasn't figured out how to charge its users in a fair way AND make a buck. Is it REALLY fair to charge a flat fee, which means divide total cost usage by total users and then charge that to each user (plus a markup -don't forget that this is NOT a charity, but a business-)? If so, then what happens is that those that hardly use it are heavily subsidizing the big users.
If there are no limits, what stops you from getting yourself a cable/DSL access and then wiring up your whole neighbourhood through you? Hand them out instructions on how to create a hotmail-type email, and off you go. For those that say "sure, but then you are lowering the experience of each one", they should actually look at average usage, and you would see that up to around 50 users or so, you are unlikely to step on each others toes except under exceptional circumstances (not more than 4 or 5 are likely to be on at the same time, and of them, they are statistically going to have more unused b/w during their usage than used).
Unfortunately, during the dot-com boom pricing and billing of ISP service went nuts (along with the rest of the industry), and we still have to recover from this idea that b/w should be somehow GIVEN by the ISP at no charge to EVERYONE. Sure, I love universal service as everyone else, but the big question that we should all be asking ourselves: "for internet service, WHO should pay?" Please note, that links, routers, equipment, staff, electricity, etc... are NOT free.
If an ISP has unlimited access which it is calculating on the basis of an average SINGLE user with a SINGLE machine, and it states it clearly in its contract that you are paying for a single-user/single-machine, then anyone putting more than that on their link is in breach of their contract. They have calculated their prices based on their assumption. Of course you may think -and might even be right- that their prices are too high, but does that morally allow you to be in breach of contract? In the same way, we all feel that MS-whatever licenses are way too high, but are we morally allowed therefore to install each program on 10 machines (certainly not legally).
John.
How about setting up a bandwidth protest by saturating comcast's lines from your home? Get everyone on your network segment to download Red Hat ISO's 24/7.
pr0n - keeping monitor glass spotless since 1981.
Only use of NAT to provide access to computers that are not on your property
Simply put, they are going after situations where one person buys the internet access and lets all his neighbors connect thru it.
It doesn't appear they care one whit that you have multiple computers in your home connected.
Here is the analogy: they don't care how many TVs you have, just don't share your cable with your neighbors.
e to the i pi equals negative one
but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday
Here's the thing. $49.95 or whatever it is you pay really doesn't cover the cost of all that bandwidth if EVERYONE uses it. It's called oversubscribtion and the $19.95 dial-up ISPs are alive because of it. The ISP (in this case Comcast) can't offer that service at that price if everyone uses it. Even T1 services are oversubscribed to some extent. But with a T1 you ARE paying for the bandwidth you're getting. Your DSL service is no better, if lots of customers start using all downstream bandwidth all the time, the ISP would have to discontinue the service at that price.
...save the obvious one: that they can possibly eek (sp??) out a few extra dollars from a few uninformed consumers.
I never really learned how to spell "eek."
I am very small, utmostly microscopic.
My service was bought by Comcast so I am now one of their subscirbers. First the sent a letter with a broken CD that said run the CD by the end of the year of lose internet access. I got this in the mail as I was leaving for Christmas vacation and wasn't going to be back until January. No explaination of what was on the CD or the settings that need to be changed for email and whatever else. I also recieved a new email address that I will never remember. And when I got back, I got a letter informing me that due to all the new services (I'm not sure what those are) my rates are going up!
And now this? If they call me about my router (unless the kittens are surfing while I'm at work, I'm the only one that uses the access), I need to find another provider. Anybody have any recommendatiosn for a provider in the Detroit area?
At COX cable they provide residential with up to 8 dhcp addresses at 512Kbps down and 128Kbps up. If you have just one machine connected they bump your speed up to 1.5Mbps down, and for each other machine you want at 1.5Mbps its 5$ more a month. My room-mate and were previsouly jacked into a hub each at 512Kbps, I recently purchased a SpeedStream 100/10 2 port router for 30$ on sale. I called up the cable modem support, told them I was reducing the number of machines connected to one, and had them bump me to 1.5Mbps. They didn't seem to have a problem with it, for now.
How will this affect all those users who are using the built-in Internet Sharing that's been shipping with Windows ever since SE?
I'm sure a novice user won't appreciate having their connection cut off because they have IS enabled, possibly accidentally.
I always thought that NAT and IP Masq'ing are two different things, NAT being used for a larger number of users and multiple IP addresses, while IP masq'ing is for a few computers going through one IP address.
So are they targeting NAT specifically, or are they going after all multi-computer households?
Sig (appended to the end of comments you post, 120 chars)
I hereby declare the "how can they detect this" question redundant, since it has already been asked here and here and here and here and here and here.
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
(ring ring ring)
a)Hello?
b)We're with Comcast. We found that you are using multiple computer over your connection via NAT. Comcast is fining you for TOS violation and your new rate is now $150/mo
c) But i'm not
d) We have blah blah blah proof that you are
e) No, I just run virtual machines on my one system. It the same computer, just running different operating systems at the same time. I was running my completely-approved MacOS with Virtual-PC open to Win98 which was running VMWare with Linux as a kind of side project to see how running a virtual machine in an emulator affects performance.
f) oh
(click)
They can't differentiate if you have multiple machines or one machine with multiple OS's unless you NAT a LOT of machines....
just my thoughts, any feedback welcome
- Sig
The fool part about things like this is that no one ever tries to think logically about it. Every user that gets slapped by this is going to be one less client (if DSL is available) for them. The fewer clients they have, the less money they make to make up for badwidth costs. The less money they have, the more draconian they become. They should really think about tacking on an extra five dollars a month and start advertising that they ALLOW people to set up servers. As long as they have honest pricing and limit bandwidth accordingly, they won't eventually go under.
"Your superior intellect is no match for our puny weapons!"
But don't the packets have a Time To Live in them, and that is not something that a neophyte can change without some knowledge.
That being that case they could just pick out the suspect os finger print, sniff the packets from the first hop. Than walla you have your answer.
Forgive if I am totally off here. Just a quick 1/2 dazed guess.
Neck_of_the_Woods
#/usr/local/surf/glassy/overhead
I'm going to get 3 offices around town. Lease a T-3 to each (maybe just 2 T-1's b/c cost) setup a 802.11b access point and give access to anyone for 5.95/month. If they are bright enough to hack around it then they get it for free. What the fuck happened to people with a conscience. God I fucking hate Big Business(aka the Grand Old Party).
My Linksys router acts as a firewall against, among other things, viruses that would seek to infect my computers, which, if infected, could increase bandwidth on their network.
And I'm sure my bandwidth usage and network footprint in general is more palatable to them than the guy connecting his Windows XP computer directly to the cable modem and running filesharing clients with their multi-GB MP3 collections.
Greedy MFs. Sell us a pipe and be done with it!
Since the bastards have taken over their own servers, I can no longer access my ip remotely. This has been cripling- and I will be jumping ship to dsl as soon as it is available in my area. I called them to complain, i was promised they were going to fix the problem. It has now been over a month. Their support sucks, and you get different stories each time you call. In two weeks of time- i was down for ten days. Screw Comcast! In my house as well the modem goes into a computer- a second nic is serving my internal network, and yes I have 15 machines- but only TWO USERS!!! Are they going to try to charge me 15 x $5.00 - i dont think so. Purchasing multiple private ip's is ridiculous and anybody who know anything with a computer isnt going to do it.
no god is good
Comcast Guy #1 We need to get computers off the network that are stealing our bandwidth!
Comcast Guy #2 Gee, guy 1, How are we gonna go about doing that?
Comcast Guy #3 Hmm. Ok, I have an idea Lets make up a story and post it to Slashdot, we'll tell them we are going to find them out,they are all evil bandwidth stealers, they will wonder how we are going to go about doing this, and in the process they will tell us EXACTLY what to do to find them out. Good thing for them or we'd have no clue whatsoever. Now we can spend more time making useless content that we can charge them money for
Don't Tread on Me
What if I only have one computer online at a time? I go to work every day, but my wife works from home. Sometimes she's online on her Mac, other times on her PC. When I come home, she's watching TV while I'm on my linux box. How is that a problem?
this is getting old and so are you
blog
A common way to find out what's behind a NAT is by examining the time stamps on the packets. You need to run NTP or similar to prevent this.
Could you get around all of these detection techniques if you used an ssh-tunnel to a box on the outside, and only used your comcast connection as an uplink to that?
True most people don't have 31337 friends who will help them out with access to their well-connected box, but most people wouldn't try to run a home-nat either.
Slashdot 's editors are dickheads
I just hooked up with them. Their tech installed my cable to ethernet modem, and told me where to enter the domain name on my Linksys router config page. After a brief discussion on the relative merits of D-Link and Linksys routers, he was on his way.
Is it a violation of the EULA if you only have one machine NATed behind a linux firewall. Really then you just have one machine accessing the internet and machine protecting that machine.
Windows should never go by itself onto the internet...
I like traffic lights
Can someone please expalin to me how Comcast will be able to determine this. I mean, short of Comcast employees barging into client's home or client side scripting, how is it possible?
There is no free market. The "invisible hand" is the CEOs of the media companies, arms manufacturers, PACs, tobacco companies, biotech firms, and private foundations gathering at Bohemian Club, Bildeberger, WTO, etc... to "not discuss business". The whole world is run through collusion.
The other companies will adopt Comcast's policy, because it guarantees the highest profit.
"What is the sound of one belly slapping?"
He will be missed
Show me That Smile:
Show me that smile again.
Ooh show me that smile.
Don't waste another minute on your crying.
We're nowhere near the end.
We're nowhere near.
The best is ready to begin.
As long as we got each other
We got the world
Sitting right in our hands.
Baby rain or shine;
All the time.
We got each other
Sharing the laughter and love.
Alan Thicke's Journal
My Slashdot ads say "
Does Comcast block VPN's as activly as Cox does? With new IP's every four hours, it can be tough to set up firewall permissions for VPN's. At my college, some admins were angry at the new dynamic IP's and the headaches it brought.
You know who I think is crazy? All my ex-girlfriends!
I'm on RoadRunner and in their information they promoted the use of NAT, so not all cable companies are doing this.
Good luck finding NAT users though. What will they say, no firewalls? Yeah, that's a lawsuit when you can't protect yourself.
How much packet inspection can they do, legally? I realize that they can inspect headers, etc, to their hearts content, but can the ISP really monitor the _contents_ of my packet stream without already having clear evidence of an AUP violation? (I haven't read their AUP, so I don't know).
If they can, then it follows that they may read my email (again, without prior evidence of wrongdoing) in order to enforce their business practices - this seems like a pretty clear violation of privacy.
NOTE - I don't really think that my email is private, nor do I believe that IP traffic is secure - the question I'm asking isn't about the capabilities of the ISP. Rather, I'm curious as to whether or not they have the legal _right_ to monitor my traffic (payload, not headers) without a complaint (or a warrant).
I don't know what tag you're using to detect "supporting the M$ monopoly", but whatever it is shows up in konqueror as well. Just FYI.
Everyone who gets extorted by this should file in small claims court. You pay for service, you don't abuse the service, they have no defense.
FUck em, HARD!
-Billco, Fnarg.com
As far as I can tell, they only charge more if you buy their home networking kit for $149. Then they want you to pay $9.95 a month more. If you buy someone else's home networking kit, they don't charge you any more money (according to their FAQ, you're allowed to set up your own home network, they won't support it though.) I guess the $9.95/mo is for support then, still it doesn't make too much sense to me.
Could be possible if Comcast's client software bundle contains some sort of spyware. That would be illegal though, wouldn't it?
He will be missed
Show me That Smile:
Show me that smile again.
Ooh show me that smile.
Don't waste another minute on your crying.
We're nowhere near the end.
We're nowhere near.
The best is ready to begin.
As long as we got each other
We got the world
Sitting right in our hands.
Baby rain or shine;
All the time.
We got each other
Sharing the laughter and love.
Alan Thicke's Journal
My Slashdot ads say "
No where in the Comcast AUP or SA does it say that you cannot use a NAT based router or other such equipment. It does not say that you have to pay more to have more than one PC connected. This is all a bunch of BS. The dolts (aka slashdolts) who run this god forsaken site fell for a hoax submitted by some douche bag named "phillymjs". And those of you who have posted comments stating that they are just a big bad corprate bully and making other rallying cries to defend the homefront from nasty cable modem nazis have only proven your ignorance.
Comcast knows about this slashdolt post. I call them and asked. They said that they have already heard about this and that they could care less if you use a NAT router or a washing machine.
I anxiously await the day that slashdot catches fire and burns to the ground.
Wonder what they'll say when they see Linux and Windows traffic coming from my ip at different times. Technically I'm only ever using one at a time, they can suck a bag of if they think I'm paying for two ip's when only one machine can be running at a time. And if they are going to start enforcing this, they can give me back my damn static ip. Guess I'll be switching to DSL soon too.
I'm the big fish in the big pond bitch.
instead of looking for nat users maybe they should focus their attention on keeping the network up. my connection goes down about 24 hours a week ( it is every time i want to get on )or maybe they can hire some techs that know what todo everytime i call all they can say is " did you reboot, well i have to send this to someone else "
I've seen people bitch and moan about this, so i'd just like to leave my 2 cents.
You are right that IP packet contains no info about MAC. MAC is an ethernet frame thing. BUT that IP packet is encapsulated in an ethernet frame.
You see, ethernet is a point to point protocol. I can communicate with everyone 1 hop away from me via direct ethernet (so to speak..this is oversimplified). However I cannot go farther than that. IP allows us to reach destinations beyond that and so the IP packet is layered in an ethernet frame as the data the frame is carrying.
This is why Mac users can use Localtalk to get IP's... The Mac layers the IP packet in Localtalk (as opposed to ethernet) and then a Cayman Gatorbox or something (Linux can do this too, i think) accepts the Localtalk packet, unwraps the IP packet and rewraps it in ethernet. Or ARP. Or X.25. Whatever
It's also why ARP exists. keeps track of what MAC is connected to which IP in that one-hop area.
since ethernet is a point-to-point (one-hop), the router applies it's own Mac address when it MASQ-forwardes the IP insides on to the next router in line (your ISP's). Thus, it should still never see how many unique MAC's are coming from inside your LAN (there are some cases where they can, like using a virtual interface to fwd packets...you should assume the ISP can listen to ethernet frames promiscusly at the broadband modem...)
just my thoughts, please let me know if I am wrong
- Sig
As a comcast user switched over from the excite network, I have to say that I liked excite better. They didn't cap my upload and much less downtime.
I can tolerate the 128k upload cap from comcast, but if my internet connection is ever not working for any reason, I call 1-800-comcast and make sure they know. This is what every comcast user should do. If they don't want to be flooded with calls with people saying "your internet is broke", then they should put forth an effort to keep their servers up and running and more importanly, that they do NOT cut off someones service just because they use NAT.
And if I ever find out my service was shut off because I am using NAT (a linux box w/ iptables), then I will have a few four letter words with them. I never did (and probably never will) like comcast, but they are the only broadband provider in my area.
"the fax machine is nothing but a waffle iron with a phone attached to it." - Grandpa Simpson
This is why Mac users can use Localtalk to get IP's... The Mac layers the IP packet in Localtalk (as opposed to ethernet) and then a Cayman
Gatorbox or something (Linux can do this too, i think) accepts the Localtalk packet, unwraps the IP packet and rewraps it in ethernet. Or ARP. Or X.25. Whatever
Meant ATM instead of ARP in that last line, my bad
- Sig
..Im a complete n00b at networking. But why is it a crime to have more than 2 computers access a cable modem? Just that I have 4 hooked up in a LAN and all four share the one 56k modem.
The reason that broadband cable access is so cheap is because they don't exect you to use it all of the time.
I say that cable is cheap because you can get near T1 performance (~$600/mo) from a cable line. The companies don't want you online all of the time because it costs them more money for the extra bandwidth.
Its kind of like the 56k ISPs. You can have unlimited hours of use, but they don't want you connected if you're not using it. They don't want an idle connection wasting a phone line. Don't get me wrong though. I'm not on their side. I want to be able to run my network on a cable connection as well. We just need to compromise or something...
"A plan fiendishly clever in its intricacies"- Homer Simpson
yes I am waiting for them to call me so i can tell them to suck my cock.
These cable providers (att, formerly @home, cox, comcast) and even some satalite providers, are no longer selling people bandwith with ips and whatnot, they're selling "internet access".
I was on @home back when they first brought it to my area, they gave me a static, and there was no download/upload cap, and I recieved a static ip (i could have up to 3). They then started charging $2/mo or something for the statics, and later it's ALL dhcp. Then came caps, slower connections, horrible support, etc.
And so I switched to DSL. I'm paying for Buisiness DSL from pacbell (1.5/384 5IP) and it's a bit expensive (i got a deal at about $65-70), but i know what I'm getting. There's no "we switched you to a proxy" or "linux? no you have to use our windows software..." etc. And while they will yell at you for doing stupid things, there isn't a buch of suits sitting around in a room schemeing on ways to slow down the rate at which i download mp3s (i don't think), and thats rather comforting.
If someone puts you on a shitty network, takes away all the perks, and makes it so you can't even protect yourself from their insecure, poorly contsructed network (by installing a firewall), then the best way to deal with it is to switch.
Even non-technical friends who have @home-type connections are getting fed up and ordering DSL.
Let's turn this into a public relations nightmare for Comcast.
Of course I would advise everyone to switch providers, but unfortunatly in most cases this is not an option since Cable companies hold a monopolies in their local areas...
...richie - It is a good day to code.
I'm a Comcast customer. Before that, I was an @Home customer. Before that, I was a Rhythms customer. Before that, I was a Northpoint customer. All within the last calendar year. If you're reading this thread, I probably don't need to tell you why I'm no longer a customer of Rhythms or Northpoint.
Perhaps the Bay Area has benefitted from its status as a traditional technology hotbed, but in my upscale, densely-populated, northern NJ suburb (which is only 12 miles from NYC), the only other residential broadband game in town is Verizon. Their service levels are inferior, and their TOS is comparable.
Rock, hard place, etc. I've written to Covad and pleaded my town's (the same one that Jon Katz lives in, incidentally) case -- the area is filled with well-off technology hobbyists who would likely jump at DIY-oriented broadband service. But Covad doesn't have any plans to come here. My only hope is for a Verizon reseller like AceDSL to come across the river from NYC and provide a policy buffer that would let me use Verizon's bandwidth on my own terms.
Being on Comcast doesn't mean I don't know any better. It means I have no choice.
This is fascinating, considering AT&T Broadband currently allows use of NAT devices such as Linksys firewall routers, etc. In fact, they have a web page trying to SELL them to you. I hardly think AT&T can sell you something, and then tell you 12 months down the line that you aren't allowed to use it. And, they'll even sell you a wireless 802.11b WAP router too. Isn't that nice of them? Check the following link if you don't believe me:
_ st artup.asp
http://www.computers4sure.com/linksys/store/att
http://www.comcast.net/TermsofService/subagree.asp
I don't see anything mentioned about NAT, networks, etc. I have Comcast, I run a netgear gateway/router, and no one at Comcast has said I can't do that. @home... well, they said you can't. But Comcast's TOS doesn't say anything about it.
One way around this is use a SOCKS & http proxies and have socks clients on all the computers. Granted it's a pain to set up and use but it's harder to detect:
..
1) The TCP sequence number thingy is not a problem because your connection terminates at your proxy and then the proxy makes a connection out. All seuquence numbers are that of the proxy.
2) TTL is not an issue; the TTL will be that of the proxy.
3) OS fingerprinting will not be a problem because the fingerprint will be that of the proxy.
The only issue that I see is is port #s -- there's somthing a little fishy about the number of high port numbers used and of course content-relted stuff -- if a Javascript reports your IP.
So thus your "stealth NAT" is just a SOCKS proxy. It's just a pain to set up. .
At what point do these ISPs stop being 'Internet Providers', and start becoming 'Web Page Providers'? As early as a year ago, an 'Internet Connection' meant that my computer could talk to any other computer that is also on an 'Internet Connection.' Nowadays, though, ISP's are playing games with blocking off what you can do with this connection. It seems like companies like ATTBI really only want to provide you the ability to do what Internet Explorer allows you to do. Anything beyond that and they try to nix it.
They don't want me doing P2P, they don't want me to play games, they don't want me to have more than one computer hooked up, and they don't want me going wireless. How much more can they block off before its no longer really an Internet Connection?
It seems to me that if they are going to behave this way, then they shouldn't be considered Internet Service Providers anymore. They're not! You can't call it an ISP if they're telling you you can't do the things that makes the Internet the Internet. I have two computers on the net at home. One I use just as an email terminal (very low bandwidth), and the other is where I go cruising the web and do IM etc. Until they tell me that I can only use so much bandwidth, they have no business telling me I can't use more than one computer. They advertise "unlimited bandwidth, 24-7", and then they play these silly games with me. It really makes me want to sue for false advertising.
"Derp de derp."
That's the new XP feature, didn't you know that's why they put those fake user accounts in? Obviously if you and another person can share Word, you have two coppies and must pay subscriptions accordingly.
These greedy cable folks are going to be surprised when all of their customers drop their service. I know a faster browsing experience of an ever more comercial suck web is not worth $50/month to me.
Cox is forcing DHCP. I've had a fixed IP from at home for three years. For a short time I had DSL, but that died when I moved. Last week I got a cardboard toolbox with a letter and a CD in it. It warned me that I had to apply the software soon, using the authorization code printed in the letter, or lose service. The CD, needless to say, contained M$ and Mac binaries. Their web site had instructions that said, esentially DHCP, with forced swapping every 4 hours. It also says that they are going to discontinue the old equipment soon and a friend tells me the date is feb 15th.
WTF? They advertise "always on" IP. That means that they must have a 1:1 IP to cable box ratio, right? The only reason they are going this way is to twart people who want to actually use their connection for more than web mail, viewing the great corporate advert, and have their boxes broken by haxors.
So what do you think I'm going to do? That's right, I'm bailing. At home was just the first of these companies to go under. "Normal" people are neither going to trade their TVs for their computers nor pay $100/month for "entertainment". The rest of us expect more for $50/month than giant casino adds. No, I don't have cable TV, just the box. When it's over, Cox will be paying to maintian a line to my house that gives them zero revenue. If all I can do with the cable is surf, I'll reduce my monthly blead by $30/month and find a nice little dialup to do the same thing. Like normal people then, my wife will quit visiting sites that push huge adverts, and those places will lose out too. Poof, goodbye greedheads, I hope you all lose your shirts.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I just statically assign random IP from their dhcp scope
Honestly, I'm not that surprised. Broadband vendors have been overselling their networks and then calling their users names (like "bandwidth hog") when they simply use what they're paying for. Is this another attempt to drive down network utilization so they can oversell it even further?
It seems to me the FTC should crack down on broadband companies selling what they seem to be unable to supply. It'd be nice if there was at least some honest advertising. Maybe they could rename it "Comcast Partial Internet Service"?
Maybe they could run a special promotion: half price broadband if you agree to absolutely never use any bandwidth at all.
Maybe that's why so many people stay with dial-up. The broadband providers aren't offering full-function Internet service.
If you have an old 486 or Pentium, a couple of network cards, and a broadband connection you can build yourself a hardware firewall in about an hour with a *BSD OS. Here's the link
-- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994
I don't advocate supporting these guys in any way (such as playing them at their own game). Rather, I advocate making people aware that they are entitled to use internet access to the fullest extent of it's possibilities. That includes running servers, and staying connected for as long as you feel the need. Where did this idea of modem ratio acceptability come from, anyway?
As a matter of interest, though.. does anyone know the legal definition of a computer these days? Surely it could be argued that an entire LAN constitutes one computer system built for normal internet use if that consists of things like firewalls, etc? What about "fair use", ie multiple users, but not all in the same moment? How does it matter at all, if you don't exceed bandwidth limits?
When my cable modem was delivered, they actually recommended use of the Linksys boxes which perform the same way, but not as good as a pure linux box. It uses NAT to provide firewall type protection, does this mean linksys and other manufacturers may begin to lose business? I think they will first go by the amount of traffic generated and work their way down.
I went to vote in today's poll. Normally, I think my vote has been counted, but today I received this message:
slashdot login at company's proxy has already voted. (proxy for env.http_x_forwarded_for)
That's a shame, because all web access (for over 200 employees) at my company comes thru one proxy.
It looks like Slashdot's gunning for NAT users as well!
(Maybe CowboyNeal's trying to stop The Evil Empire rigging our polls too.)
I work at an ISP that sells DSL and dialup in a ComcastOnline region. Not 30 seconds after I read this topic and told my coworkers about it, someone called us to sign up for DSL because he just recieved a call from Comcast saying he'd have to shut down his NAT or lose service. So it's not just a rumor.
the AUP listed here:
http://www.comcast.net/TermsofService/aup.asp
says absolutely nothing about NATing, they're pushing it really hard by doing this I hope it costs them their customer base. dumbasses
use Signature::Witty;
As a result, I suspect firewall and kernel coders will change NAT's behaviour, making it harder to fingerprint (which makes it inherently more secure).
.. is that most ways to detect NAT, have some sort of 'privacy intruision' smell. This way,
a catched NAT-er might go to court??
When our segment was switched from @Home to comcast.net, I found my LinkSys could not obtain a DHCP lease.
I tested with one of my laptops and it worked fine, but not the LinkSys. I banged a valid Intel MAC address into the LinkSys (MAC alias setting) and it got a lease.
A call to tech support (well, several) confirmed that they are blocking some MAC addresses.
My complaint is if they won't let us run some sort of hardware firewall (like) device, are they going to nuke/filter/pursue all the script kiddies and infected IIS servers that are scanning my LinkSys 10, 15, 20+ times a night??
They say you can use multiple computers *if* you pay them money for extra IP addresses. They don't say you can use one IP addy from multiple machines, and they seem to imply you can't
Still, in my (admittedly quick) perusal of their service agreement I saw only wording indicating that you could not use a single connection to provide Internet access to multiple people. If you own all of the computers and only you use them, then this may be a loophole to get you off the hook, should they sue. (Though, of course, they'd still cut off service.)
Within the next 6 months Megapath is supposed to become a Verizon reseller. This is what they told me when I called them a couple of weeks ago, to try to get DSL from them.
They have even gone as far as to list Verizon as a CLEC they sell on dslreports.com: http://www.dslreports.com/reviews/495
Megapath would probably be a little more expensive AceDSL, but you wouldn't have a problem doing what you wanted to do, and they are very good.
How long will it be before we see one of these Internet service providers who use host MAC addresses for controlling network access filing suit against the vendors of so-ho NAT routers that permit users to assign an arbitrary MAC address to their WAN port?
Isn't that essentially a technology for circumventing network access controls?
--
jhw
I used to have cable through mediaone. THey used my MAC address for something, because when I switched computers I needed to call them and have them make some adjustment somewhere. I did this 3 or 4 times. Adelphia (current provider) doesn't do this. Any ideas on what mediaone was doing?
I asked: "I have a broadband router / basic firewall connected before my computer do you permit this? Or, do you not want one set up since multiple users can connect through one?"
and I quote: "We don't care, run the firewall, hook up a few computers, we don't really like servers on the network. Just be aware that when you call tech support we're going to ask you to remove the router so that we can test the connection."
If you're really concerned about it... don't run they're browser software... Don't go look at their homepages... I don't think I looked at Excite.com the entire 8 months I was a subscriber before they went down. Just pay your bill in the mail and enjoy the bandwidth when all the easily scared jump ship. If they do knock at your door, phone, e-mail... drop them... there's no contract involved and there are other ISP's out there. Hooray for capitalism!
My ISP's user policy states that only the subscriber and his direct relatives may use the account, thus excluding one's spouse or friend from using the Internet.
I got pretty fired up when I read the introduction to this story. Before I got to the end, I had decided that I would switch to DSL if Comcast came-a-knocking, even though DSL is more expensive in my area.
However, I read the linked article and my Comcast agreement.
I doubt most people here have done either.
The effort is clearly aimed at people who are sharing their connections outside their homes. The article even has a diagram showing multiple homes. Take a look at this excerpt:
For example: Neighbor Bob buys cable modem service and a wireless home network. Neighbors Carol, Ted and Alice don't buy cable modem service, but they go out and buy antennas compatible with Neighbor Bob's wireless network. Everybody agrees to share Neighbor Bob's connection.
If you have a problem with trying to stop this type of activity, then you also probably think it would be OK to run phone line from your house to your neighbor's house, since you "pay for the bandwidth and can do whatever you wish with it." You would probably think it's OK to run Cat 5 or fiber all over your neighborhood too.
If Comcast tries to make me pay extra for having three networked computers, I'll be as angry as the next geek. But sheez, let's tone down the hype until that actually happens.
Evil is the money of root.
Did I miss it? Is everyone here on Slashdot getting flustered because they wanted to become mini-ISP and now they can't?
Welcome to the net of 1000 lies. Upgrades are scheduled soon that should bring us to the 10,000 lies mark.
AT&T Broadband couldn't provide my roommates and me with more than 3 IPs, and since there are four of us and none of us terribly enjoy dealing with computer issues, the answer was simple: setup an OpenBSD NAT and let AT&T lose the the business they would've had if they could've provided what we needed.
Now what happens when they start to crack down? We're supposed to pay $10 more per month because they can't give us one extra IP and then deal with the BS of the cable modem handling and releasing IPs? I don't think so....
Correct me if I'm wrong here (and I know you will!!), but if you have, say, a 486 or Pentium box running a *nix, set up to NAT and with some proxy software (say, SQUID for web stuff), wouldn't the packets be seen as coming directly from the gateway (even if you take apart the packets and look for patterns, signatures, etc)??
I do realize proxies may not work with all apps, but for web surfing and possibly others, it might be an option...
Glenn
Comcast killed my static IP which I have had for so long. They forced me to go DHCP so I can't do my own web and mail stuff anymore. Here's the grievance with which I wrote them:
(Read to: The night before Christmas)
`Twas the night before last, when all through connah.net,
not a byte was transmitting, not even a packet.
The server was sitting on my desk with care,
it being MY server, why SHOULDN'T it be there?
The cables were nestled all snug in their ports,
while firewall rules kept watch o'er the fort.
My router's IP which never has changed,
enjoyed it's 32 bit mask, that's how it was arranged.
When out on the network, there arose such a setting,
which thrashed my server, without a relenting.
Away to the bit bucket my IP did flee,
as Comcast screamed, HA HA HA: DHCP!
My modem flashed at the new prospect,
but flashed only once, `cause it couldn't connect.
When what to my many packets did appear,
but a HOST UNREACHABLE, now isn't that weird?
When my network went down suddenly with a blast,
I knew in a moment: it must be COMCAST!
More rapid than telemarketers, their tech support I called,
calling them names, at this they were appalled:
"Now Dynamic! Now ARP! Now DNS and DHCP!
I don't care what you do, but I WANT MY STATIC IP!"
To the top of the chain, to the manager of the floor,
I whined and I begged, as I began to lose my war.
For tech support assured me it was gone,
and with it my mail server, all of it blown!
As I stopped my services, and changed my address,
I thought to myself, "Dynamic IPs! How pointless!"
With memories of my server deep in my heart,
I loaded 'netconf', for it was time to part.
As 'Adapter 1' was displayed to me,
I switched it from 'manual' to 'DHCP'.
Restarting the network knowing the danger,
'ifconfig' screamed, "Who is this stranger?!"
A new IP, one I have sure never seen,
came up with a flash, in the middle of my screen,
replacing my favorite: 24.10.7.14
Now with all love and respect that surely is due,
I bite my thumb at Comcast, for they haven't a clue.
They have rendered me serverless, what shall I do?
Connah
Course they can. They already made their money on the sale, right?
Liberty in your lifetime
isn't the definition of NAT that you DO only have ONE outside facing box? and this this one box should be the only concern of anybody (truthfully it should'nt be ANYBODIES concern).
I fail to see how anybody can dictate to you what you do with your (already throttled) bandwidth, let alone what you CAN and CANNOT have on the OTHER side of your internet connection.
What next? Starbucks will charge me $2 if I make a coffee using the water in my house?
Well, yes, they provide some guidence for how to get more than one computer on the service.
Quoth the FAQ:
Can I use the service on more than one computer?
Yes, customers with home networks may order additional network addresses in order to connect several computers to the service through one cable modem.
You must first subscribe to the basic Comcast High-Speed Internet Service.
Once you become a subscriber, you can sign up for a second and third address.
You will need to have access to network expertise because Comcast High-Speed Internet Service neither installs nor supports networks.
The cost is $6.95 per month for each additional outlet. Customers can have two additional addresses, for a total of three.
Comcast will install the network card and software on a second and third computer for a change of $49 for each computer.
Read that section very carefully. The language they use does not say that you can not run a router. It says that customers "may order". It does not say must. Also, if they say that only one computer can be on the service, then a router certainly is ONE compuer. It just happens to be that that one computer is connected to two networks, the Comcast network and your own internal network.
Beyond that, there was the decision years ago that said AT&T could not prohibit you from connecting a non-AT&T phone to their phone network, as long as it doesn't damage the phone network, of course. One could always argue that cable and cable modem services should be covered by that as well.
Actually, if you read through that store, they are selling switches, hubs, and cables... and specifically say that any additional computers will require additional computer services to be purchased. Interestingly enough, they say the same thing on the Wireless equipment page, even though the LinkSys Wireless Access Point is a hardware router/DHCP/NAT server all on its own...
OK, so much of what I've read here leads me to believe that many of us don't understand their protocols or network applications very well. Honestly, you'll have to find a friend who does understand the technology well enough. For now, here's some data that can help
MAC addresses are assigned to each company making network hardware. The only MAC address you need to worry about is your gateway/NAT box's. If this is clearly a MAC address belonging to, say, the Apple Airport, they'll be able to tell you're probably using NAT.
Browser headers advertise what browser you're using. Either synchronize all the machines beyond the NAT box to the same browser, or force everyone through a web cache. You should modify the headers that the web cache sends out traffic with to use the same headers as a well-accepted browser, like IE foo.bar. Additionally, realize that they can get smart and start tracking for the non-standardized browser behavior and simply correllate for that.
People - Understand that much of the success of their efforts will depend on how smart, qualified and motivated the people are who design this program. With hope, Comcast goes cheap and doesn't pay to get extremely good people.
There's more to it than that, but I don't want to either take up the space here or give Comcast's people too much of a head start on the techniques which will be successful for a little while. Just remember that it's smart people designing solutions against other smart people. One solution will work for one side for a while until someone on the other side comes up with a counter idea. That's the hard part here -- there is no impossible.
You could do the same abuse with less elegant solutions than NAT. Simply running a simple Proxy server for your neighbors would provide them access. Only 1 machine is on the Internet, the rest aren't. Hell, if you are running MS's busted proxy, the rest don't even need TCP/IP, they could run IPX/SPX. (Lousy program, NEAT configuration options, I never want to go near it again...)...
Myself, I have a $90/month DSL connection. Why? If I need to get a VNC connection through the VPN to a work machine, I want the 384K uplink.
We have a NAT box with wireless, and technically, 4 computers there. I live with my fiancee. She web browses from her iBook, and I work from home on the weekends. We barely use the bandwidth.
However, I pay the premium so it is there when I need it.
Ban NAT and I lose Wireless. If that is the case, I drop DSL. I can't run Wires all over my apartment, so I use Wireless to send the signals around.
Find the abusers, by all means. However, leave those of us that don't abuse it alone.
Alex
So let's say you use NAT and comcast cuts you off because of it. You can:
1) pay them extra money to allow extra connections
2) pay somebody else to provide your interet service who doesn't care
3) go read a book
I mean fine, if they want to operate that way, great. And then they'll lose your business and you'll find somebody elsewhere who does provide what you want. Eventually if enough people are pissed off a market will develop to support their need (give or take stupid regulation of the market).
This sig has been temporarily disconnected or is no longer in service
The easy way to remember is that "eek" could easily be spelled with a lot more "e"'s, as in "EEEEEEEEEEEEEEEEEEEEEK!!! A monster..."
Whereas "eke" would never be said that way (and who the heck would say "EKEEEEEEEEEEEEEE"?)
The difference is, you are a roadrunner customer like I am.
Where I'm from, we are allowed 2 IP's. Hook up as many computers as you want - but please use NAT![the tech who came and did nothing, i said just leave it, said she has 6 on her RR]
Comcast, owned by M$ is going after Nat users. Why then has NAT been partially put into XP? I can have someone dial into my XP box and get NAT'ed to the network.
Who would think that a AOL network would be better than the rest?
As I watch the cable providers go down in flames I'm glad I've got TW/RR. It's fast, easy to hook up and none of this bull-shit. I asked about caps, when my connection slowed down. I thought maybe since I had downloaded many ISO's in a few days. The tech laughed at me.
My newest cable modem [since I moved] has the ability to hook into two computers!
Get your Unix fortune now!
In a household with kids, some good arguments for not keeping all computers on a direct connection with the world.
Either keep the kids computer use behind a proxy, so that you can control their access: prevent excessive game playing, filter sites they can access, etc...
Alternately, you may want to keep "real work"/ important computers and data behind the firewall computer that the kids use to access the net, knowing that they will install privacy compromising software with privacy compromising default settings, and nuke and virus their icq friends.
Knowing that no matter what the kids do, they can't fkup ur data. Alternatively, you may simply need to be protected from your own/MS's stupidity by taking advantage of the builtin firewall features of NAT and proxy connections.
http://help.rr.com/getpage.asp?/faqs/e_lans.html?t opic=Billing+and+Services,selfhelp
RoadRunner explicitly allows home LANs.. so just switch =)
Enron... That's all I have to say about the invisible hand mantra.
This sig has been temporarily disconnected or is no longer in service
Additional charges for:
- 'Premium' port traffic: Only business users would need IMAP or POP3 access to anything besides the ISP's own mail server, right?
- More than 4 simultaneous TCP sessions. Your browser and mail program don't need any more than that, do they?
- Email attachments over 1 MB. If you're sending big files, you're probably using it for business. And remember, no outside POP3!
- Anything lower than an 8:1 download/upload packet ratio. Lower than that and you're obviously one of those peer-to-peer pirate scumbags.
And don't even THINK of trying to tunnel or encrypt traffic!
1. They can't actually see if you're using NAT. 2. It's completely non-enforceable in court, with precident. (See: Phone companies trying to charge per individual phone, cable companies trying to charge per individual TV.) It's a scare policy plain and simple. Get enough "word on the street" out that Comcast will somehow magically find you if you're using NAT, and your average Joe Blow new subscriber will be too scared to buy that shiny new Linksys router, and will just cave in to the "nominal" extra fee.
You guys are missing an ever cooler part of their service agreement..
from their AUP...
http://www.comcast.net/TermsofService/aup.asp
>Internet Relay Chat
>
>The Services may be used to participate
> in "chat" discussions. These discussions may be
> hosted by Comcast High-Speed Internet Service
> network servers, by third party servers, or may
> not involve any servers at all. In all
> cases, the Comcast High-Speed Internet Service
> network does not normally monitor the contents
> of the discussion and is not liable for
> the contents of any communications made via
> Internet chat.
and if you wanted to actually USE Irc for something other than pr0n or warez... like discussion groups for Perl or something..
> Any computer or other device connected through
> the Services may not maintain more than 2
> simultaneous chat connections. This includes
> the use of automated programs, such as "bots"
> or "clones". Automated programs may not be used
> when the account holder is not physically
> present at the device.
so you can't be on more than two irc channels at the same time... if you do, you go straight to hell and off your cable modem..
wtf is a cable modem for if not the ability to get a lot of data at one time?
And who the hell decides what data is okay and not okay to download?
My DSL may be slow as hell, but at least i don't have to put up with this shit.
I'm just bothered that "the Internet" to these people is "the Web" - and that they built their network around that concept, instead of building fat pipes and just dealing with it - and that anyone who does more than "casual" surf is a "commerical customer" and so you need to "pay up the kazoo" to get service.
guns kill people like spoons make Rosie O'Donnell fat.
I was going to submit this as an ask slashdot, but I said forget it.
When do I own a packet?
After I request it?
When the media it travels down is owned by me?
When it hits my computer and the TCP/IP stack does something with it?
When I sign my service agreement?
I guess comcast thinks they always own the packet.
For about the last year i've been sharing my network with my neighbors, we all own our houses, and have given each other "right of way" to run cat5 stapled to the fence into each others houses. What started out as a simple 1 wire connection has grown to over 24 pairs of copper (i.e. 6 lines)
Each neighbor prepays 6 months in advanced, 10 dollars a month. With this money i've managed to get the bandwidth up to 1.5down and 512up. Their kids can download on napster all day long and it still wont lag my gaming connection. Not only do I share an internet connection with them, but my fileserver as well. We have a central repository for music, a phpnuke based site for updates on the network status.
Our equipment is pretty nice too, everyone has intel pro100 management cards. Our main nat server used to be a linkcyst router, but it has evolved into a k62-300 running bbiagent. (nifty little firewall on disk, bbiagent.net)
So the question of when do I own the packet comes up again.
We don't have a classC subnet, we're all using nat on the 192.168.x.x range. I thought that range was set aside as a non routable "private" network. Private as in mine, err I should say our co-op. It doesn't belong nor resemble our providers network in any way shape or form. We maintain it, upgrade it, support it, ect.
It's really a pity that all these ISP exec's get paid so much money. That 10million a year spent for 1 CEO could buy a cheaper CEO for about 250k, and enough techs to upgrade the existing infrastructure.
Take for example, the DSL I use now. It runs on POTS telephone service, which has not seen any signifigant change since Alexander Bell said "hello" 100 years ago. Basically whenever you make a phone call, the line between you and the person on the other end is a complete circuit. The best analogy I can make is this would be like taking a trip from LA to Chicago, with all the freeways empty except for your car during the duration of your trip. It's a complete waste of resources.
Now imagine if this infrastructure was upgraded to packet switched networks. Bandwidth would become cheaper because circuits could be multiplexed, allowing many cars on the road at the same time.
With comcast, I would guess that %90 of their bandwidth on the wire is being sucked away by their old infrastructure (analogue video) You can see what a waste this is because you can only fit maybe 40 or so channels on the analogue wave, on the other hand, they have this newfangled digital cable, which uses just 1 or 2 channels of the original analogue, but because it is a packet based network, its better utilization of the bandwidth and they can fit 100-200 channels where they used to only be able to fit one.
On top of that, there is IPV6
This is really turning into a long rant.
I just don't see comcasts justification for eradicating NAT from their network.. If they want to control what kind of network I have at home, they can run the cable, and buy my hardware. Hunting down people that just want to share an internet connection is bullshit (pardon my french) and is just another way of deflecting from the REAL problem which is people are starting to wake up to the fact that what they have percieved for years as good internet service is not the truth. I think it's about time people stopped accepting what the providers try and shleff off as good service and start demanding that they upgrade their networks to handle the load, instead of taking it out on the customers that underwrite thier service.
Nat means that several ext. addresses are used.
If you are using just one public ip, it's NAPT/PAT(network addr. Port translation/ port address translation).
"Mommy, mommy! The garbage man is here!" "Well, tell him we don't want any!" -- Groucho Marx
I do this all the time under Windows XP. I don't use squid obviously, but another proxy program (there's plenty of free/cheap ones out there!) Put a decent IP stack firewall on the machine, shut down all unecesary services, make sure you don't open up too many ports, and you've got a reasonably secure machine. (No, I **WON'T** give you my IP "just to check". ;+)
I suppose it's *possible* for them to detect that I have more than 1 machine hooked up, but they're not savvy enough. Bottom line though is that if they come knocking for more cash, I will yank my cable service, my broadband PC service, and everything else. They won't get a dime out of me after that. I won't tolerate any more price jacking from those bastards. It's just not worth it. I send them almost $100 USD a month, and that's too much already. I sense I'm not alone.
(Side rant: You pay for cable right? They why do cable stations have so many f*cking ads??!!!)
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
god, they're wasting all this money to crack down on users running a few machines at home instead of increasing bandwith. i'd understand if they wouldn't provide support if you were having problems, but this is ridiculous.
-hajmola
ps: yes, i know the story is still unsubstantiated - for the sake of this argument i assume there's some truth to it.
I've had a cable modem since 1998 back when I don't think anyone had heard of "NAT" and wireless ethernet for the home didn't even exist. My roommates and I were one of the early customers of MediaOne, back before they merged with Road Runner and before they were bought by AT&T. We paid 40 bucks a month for our connection and, like most other cable services, our bandwidth was decent but it was shared with those who live in the same neighborhood as you. Now, between myself and my 2 roommates we had 10 computers between us.
There weren't any NAT boxes available, so we did it the old fashioned way - we used a 486 put together from spare parts running Linux with IP Masquerading installed. ("IP Masquerading" is what NAT was called back then.) All of our computers were hooked up to this box - and MediaOne only saw one computer on their network. Our setup worked well and we didn't feel like we were stealing - in fact we believed were helping relieve the growing shortage of IP addresses.
If cable and DSL providers want to restrict the number of computers connected to a single modem, they need to be more clear about what they are selling. Are they selling IP addresses? If so, I only want one IP address, thank you. Are they selling bandwidth? Well, if they are, give me a monthly bandwidth cap because despite the fact we have nearly a dozen computers we didn't use anywhere near as much bandwidth as the kid next door with one computer who downloaded pr0n 24-hours a day.
And finally, if they are charging for just having the connection itself then don't complain about how many computers are connected. Does the phone company care how many phones are connected to a single line? You may argue that a single phone line will only let you have one call going at one time. Well, the same is true of cable and DSL services. Anyway you look at it, there is only one packet being transmitted through the DSL or cable modem at any given time. This is very different from stealing cable television where you can watch multiple channels at the same time on different TVs.
Given all of this, the only thing that the cable and DSL providers can do is limit the bandwidth on a connection. If they did that then "Bob" wouldn't be as willing to share his bandwidth with his neighbors because it would either mean additional fees or slower access for himself. He should have the right to "timeshare" his connection anyway he wants. Just like if I were let my neighbors watch my cable TV while I'm not home or if I deleted my copy of Quake and lent the CD to a friend.
Besides, even if something like CAT is implemented, clever Linux users will still be able to customize their own little firewall/router to bypass this and this "problem" will still exist.
The Linksys BEFSR41 (Router/NAT/Firewall) let's you set the WAN MAC address to anything that you want. It's listed under advanced options.
[Insert pithy quote here]
C'mon, you weren't sold 1024K bandwidth, you were sold 1024K speed.
When an ISP sells you a service, they are selling it not based on how much you use it, but on how fast your connectivity is. Unfortunately, people are confused because speed and bandwidth use the same numbers.
To use an analogy, think of the freeway. It has a speed of 70 MPH. If you go on the freeway, most of the time you will be able to go 70 MPH. You've paid taxes to drive one car 70 MPH on the freeway, and you're happy. You can't drive two cars 70 MPH on the freeway; that's probably illegal. The freeway's bandwidth, on the other hand, might be 1000 cars per hour at 70 MPH. When you exceed 1000 cars per hour, the speed drops below 70 MPH.
Give me my freedom, and I'll take care of my own security, thank you.
it is the only way we have of making subscribers pay for the bandwidth they use. With 2M down and 512K up, if you are running mulitple systems to max that bandwidth, you are getting a T-1 for 25 bucks a month. The last time I checked, the commercial rate for the same speed is somewhere around $950 a month. I, for one, am glad they are doing this, because it will make our service seem more viable, as we are about to go to bandwidth based billing using account monitors, rather than charging by computer. Those of you complaining, I encourage you to get 384K DSL or buy a T-1 from the phone company. You'll all go back to Comcast whining about how much DSL sucked ass, and you couldn't afford the T-1.
I am currently paying $89/month for DSL. Why? Because I get 1.5/384 with 4 STATIC IP addresses. It's worth every penny to me to get this service.
Comcast shouldn't bill me for how many people I have connected, they should bill me for how much I actually use. If I want 256 up/down, then they should bill me for that. If I want more IP addresses, and more bandwidth, I should be able to upgrade to pay for that. This is why I've avoided the cable modem services like the plague. None of them really provide exactly what I want at a reasonable price.
If I go to comcast's site they scream out all the features I get including for my low $39.95/month. They don't have a plan for people who like to do P2P file sharing or host websites. If instead of charging me more for two connections they would charge me $20 more for more guaranteed bandwidth, I'd buy into that in a heart beat. But no, they keep it deceptively simple and then tack on BS regulations on the back end agreement.
I'd have some sympathy for them if now, realizing their mistakes, they did something to change their pricing structure or at least make their advertisements clearer about what you were really getting. No, they are still advertising a cornucopia of high speed bandwidth, and then they get pissed off when people believe them and try to use it.
This sig has been temporarily disconnected or is no longer in service
Next week Slashdot can do a "how-to" on setting up a linux firewall to discreetly backend your home network. Plus an aside by Katz on how to doll up your firewall to appear as a winblows 95 box, complete with custom IP stack hacks and service advertisements.
NAT has been vital to the internet growth, and now you have to pay for it.
Intelligence is a matter of opinion.
Wonder how they do that. Well I could figure out the way to track down stand alone nat box like syslink. But how the hell you can track down Linux box which does nat?.. Even if you can lisen to the ports on linux box. How the hell they all 6digit ports and they are opening randomly. I think this they targeting more line Microsoft proxies and other outdated overprice software. Hey what about IPmask. LOL. Anyways we are paying for access. We are paying for speed. We are paying for unlimited access. So I can pump anything 24hours per day on maximum speed. I'm I right?!
Trying to "fool" your ISP with clever stealth-NAT schemes is lots of fun and all, but it does nothing to change the status quo of companies thinking that they can dictate how their customers should use the Internet.
Yes, I realize that some of you have no alternative. If that is the case, it is of course up to you whether you want to drop back to dial-up service, or continue to get dicked around.
I don't care if it's 90,000 hectares. That lake was not my doing.
Looks like you can't even NAT anymore... http://linksys.com/attcountprocess.asp
--joshua
I have a Cisco UBR900 Cable modem with a built in 4 port ethernet hub (Also has NAT built in but is disabled). I've paid for 2 computers online since the good days of @home (When it was fast and ping times were 30ms). @home could only get one IP to work, and I went months not having two real IP number. To make up for that I used a NAT box for both computers. I'd like to think that that was "fair". Well after the roll over, the cable modem works fine now. But the new Server SUCKS! I can't ping over half of my destinations (Work, school, some websites), and trace routes are horrible, with most hops with in the Comcast network not responding. (I've been told that these are cache servers) And if i do get a ping through its 150+. I guess I'm no longer a LPB, but a HPB. I still use the nat box as a firewall for both computers when I'm not gaming. I move my big PC over to the cable modem for a real IP for that. I'm also pissed about losing my static IP that ive had since '98.
Aside note. Apple Airports do not work at all pluged into the comcast netowrk. And their online tech support service doesnt support Macs.
A pissed off comcast.net user.
I just e-mailed ComCast and told them that I have a Linux box set up as a firewall with 2 Windows 2K machines behind it. I look forward to their response.
My justification was as follows:
1: I don't trust Win2K to be directly connected to the internet because of the many security flaws of the past and surely in the future.
2: The 2 Win2K machines I use, 1 is for personal use, and one I use as a database server and to pcAnywhere into work. I never use both at the same time, I can't.
3: They're benefitting from the fact that I'm running Squid on my Linux box and therefore caching web pages and reducing my actual bandwidth usage.
If I get a response soon, I'll post it, but I've basically come straight out and told them the truth. How they react will be a judgement of their character as a company
I chose ComCast for 1 reason: I could get billing for cable and internet from one company. If they wish to deny me that, I'll simply switch to satellite TV and DSL modem, and they lose my business entirely ($100/month for them right now).
I just read the AUP and it doesn't mention NAT's at all. NAT's are legal according to their AUP as long as you don't use abnormal amounts of bandwidth.
Most consumer level NAT boxes, like, say, the Linksys Cable Modem Router thingy, have the ability to change the MAC on the external connection.
Why? Well, a lot of cable modem setups use DHCP or some similar system to assign an IP address to the computer hooked to the cable modem. When they install the thing, they put it on the computer. Then the customer comes in later, tries to hook up the NAT box, and finds that they can't get an IP because the server is giving out IP's by checking the MAC address of the requesting computer. So you change the MAC that the NAT box sends to the world to be the same as the computer they originally set it up on, the NAT box can then get the IP and forward all the data needed to the internal network. So checking the MAC won't get them anywhere because the MAC they get can be whatever the heck you want it to be.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Sorry, this is complete bullshit.
i de.pdf
A TCP packet has a header area and a data area. The header has a number of fields in it; the ones that are important here are the source and destination MAC addresses, the source and destination TCP/IP addresses, and the source and destination Port numbers.
A TCP header does not include anything like MAC addresses. The TCP header contains EXACTLY the following fields:
Source Port (16bit)
Destination Port (16 bit)
Sequence Number (32 bit)
Acknowledgement Number (32 bit)
Header Length (4 bit)
reserved (6 bits - currently unused)
TCP Flags (6 bits)
Window size (16 bits)
TCP Checksum (16 bits)
Urgent pointer (16 bits)
Anyone who tells you the TCP HEADER holds anything else is WRONG.
The IP HEADER doesn't even contain MAC information:
Version (4 bits)
Header Length (4 bits)
Type Of Service (8 bits)
Total length (16 bits)
ID (16 bits)
Fragmentation info (16 bits)
TTL (8 bits)
Protocol (8 bits)
Header Checksum (16 bits)
Source IP Address (32 bits)
Destination IP Address (32 bits)
A diagram of the TCP and IP headers can be found at http://www.utdallas.edu/~cantrell/ee6345/pocketgu
I don't see anyone else saying this: I think we shuold all say a big THANK YOU and WELL DONE to the friend who resigned his job over this - especially in today's economic climate. This sort of courage, to put one's own neck on the line over a principle, is sadly lacking amongst most of us. Well done, and best of luck finding another job with an more ethical employer.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Just about every ISP claims that they are not liable for anything that happens to your machine. Specifically getting hacked, virii, etc. They say it is your responsibility. Given that NAT is often used in firewall/router like the the LinkSys, Comcast maybe opening itself up to being sued by denying it to its customers. Granted a users can ensure their machines are properly patched, and have security software installed, and have their antivirus software up-to-date, but their is nothing like stopping an attack before it even gets to your box.
If suing them doesn't work, get Microsoft to do it. Imagine all those people who can't have their XBox's and PC's connected at the sametime.
My cable internet provider actually says its perfectly fine to use NAT routing so long as you don't goto them for support, so I am definately not worried about them 'cracking down'
near as I can tell, they just don't give a rat's ass what you run or how you run it as long as it won't actually get them into trouble. Linux, web/ftp/whatever servers - no sweat. Of course, trying to get a real tech on the line when your service is down varies between good and awful...
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Change this story's classification from 'Privacy' to 'Ask Slashdot'...
Explain to me how ''
Explain to me how (allow me to translate a bit)
W00000h000000! DeBiaN R0X0RZ!!!!!!
is 'informative'. Seriously now.
No, They are the same thing in most cases involving DSL and cable.
Just like you can't drive two cars on the freeway at the same time you can't connect two DSL modems up to one line. With cable, if you connected 2 modems, you see that you have half the bandwidth with each one.
At home, I have cable. I am told that I get a max of 1.5 megabits/second downstream. Upstream its around 384kbit/second. Of course, this assumes no one else in my neighborhood is using it at the same time. They don't promise that all this bandwidth is for me, but they tell me that the line is capable of that. It means little in real life, because it all depends on how many people it is shared with.
At work, with DSL, its even simpler to understand. We have a 768kbits/sec connection in both directions. This is all our own and they have a guarentee that we will be able to transfer data continously at that rate -- at least until we get to their servers.
I don't understand by what you mean by "speed".
You seem to be defining it as the total possible bandwidth of the line. This is what cable companies are selling because their bandwidth is "shared", but its not the right term to use for this bandwidth.
The latency and propagation delay of signal traveling over DSL is the only thing that makes sense as "speed" to me. That would be measured as round-trip time to a server somewhere. This isn't important to the internet user because most of this latency comes from how far your signals have to travel before they reach their destination (usually the speed of light or close to it) and not how much bandwidth your connection has. Thus, I can experience really high latency when telnetting to Japan, but be able to FTP files there in a snap. That is the difference between "bandwidth" and "speed"
I find it quite hilarious that Comcast would dedicate a whole department to cracking down on NAT users. I don't understand why they would waste company time on this. They give us the bandwidth, we'll use it. I mean the service is slow enough. Now they want us to pay for every computer we have just to have internet access? Well, all I have to say is there goes like 80% of their users if they push this NAT thing farther than it seems to be at now.
Cox is forcing DHCP. I've had a fixed IP from at home for three years. For a short time I had DSL, but that died when I moved. Last week I got a cardboard toolbox with a letter and a CD in it. It warned me that I had to apply the software soon, using the authorization code printed in the letter, or lose service. The CD, needless to say, contained M$ and Mac binaries.
Cox decided to force a switch of my IP the other day. This was after a week of my wondering where the bloody hell my "lunchbox" with the useless CD was. It showed up 2 days *after* the bastards forcibly changed my IP on me. I've also noticed several dozen unique IPs in the Comcast/Cox 68.x.x.x block hitting my firewall on port 80 since the switchover (Cox had been blocking 80 and 25). Three guesses as to what all the ones that respond are running.
Needless to say, I'd already initiated the process of switching over to DSL. Phone line was changed from a Cox-provided (they do phones here in Orange County, CA too) to a PacBell-provided line. As soon as the number switches (any day now), I call up Earthlink, get told again that they don't have static IP available in my area, and I tell them that PacBell (who is their sole provider here) has already told me I can get static IP from them.
Only 2 things make broadband worthwhile for me: static IP, and good news servers. Unfortunately, it's looking like it's going to be an either/or decision, and static will win every time.
Funny, before this, Cox was supplying cable, phone, and broadband to me. They've just now lost me as a phone customer, are about to lose me as a broadband customer, and if I can find a good deal on satellite, they'll also lose me as a cable customer. Good job, Cox!
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
This new-fangled messaging system is pretty good!
I suffer from attention surplus disorder.
I have a friend who uses a router with comcast. This concerned him enough to call them (in hopes of making a rightous big-stink!). They said there is NO problem with someone using a router (and using multiple computers). The only (no so) negative thing the tech said was "we offer multiple IP's; if you don't want to buy a router". This went down in SE PA.
Well, roadrunner is also not cracking down on it (yet). I lived in the Albany area when RR first started up a few years ago and man it was blazing fast for awhile. Back then we had to use their crazy client to login to the network. They got rid of that, but ever so slowly the bandwithgot smaller and smaller. Never could tell if it was because more people were using it all the time or if they were limiting us.
I've got Aldelphia in LA now, and their scheme for limiting bandwith... it's the best so far! They just simply stop traffic for random amounts of time, at random times. After the @Home bust, they assimilated some (unknown) number of those guys and ever since, my cable modem service has really sucked. I don't know why.
I can almost guarantee the first thing their
scanners will do is dramatically cut down the
scan time and horsepower needed by scanning only
responsive hosts.
my nat box passes and returns nothing except
22/tcp - fixed!
they will not have the manpower, computing power,
or budget to scan every computer on their network
to eliminate the tiny percentage using NAT when
NAT will not save them shitloads of money if
eridicated completely.
the people they WILL target fiercely will be those
using 20 people worth of bandwidth connecting on
kazaa ports 24/7
and yes, I am *very* close to a few insiders in
high places at comcast.net and not just spouting BS
A year spent in artificial intelligence is enough to make one believe in God.
Don't even bother with analogies like this, they are complete crap and inapplicable. You can interpret the situation however you like. In this case, I could say each "car" is an IP and the "road" is the ISP's pipe. Each computer system behind NAT would be considered passengers and that would be legal. Of course, then you have 4 people going 70 MPH and the entire anaolgy goes to pot there.
My stance is simple, pay per IP. You can play name games all you want with bandwidth versus speed, but the reality is that whether you call it bandwidth or speed, in computers it can be divided differently. The fact that there are multiple clients in a residence getting service in no way impacts the service any differently than a single client. Maybe four systems would generate 4x the traffic on average, but that is why our cable modems are capped anyway, right?
I'm just glad my AOL-Time-Warner owned roadrunner service explicitly tells me it is ok to run NATed systems and even that so long as I don't run for profit, I can operate whatever services I want on my connection. If they went out to screw me over though, then I would be mad as I have no alternative (too far from a CO for DSL, dialup is too crappy for NAT or services to be at all worth it).
XML is like violence. If it doesn't solve the problem, use more.
I just sent an email through Comcast's website secifically asking whether IP MASQing was allowed to connect multiple computers. I told them I was soon to be moving into a Comcast area and stated clearly that the DSL provider issues no restriction on such activities. We'll see what they say.
sig
you fools need to stop trying to ban selected user behavior and start putting some thought in bandwidth provisioning & quality of service mechanisms. your real goal is to keep your network from being saturated by a few users to the detriment to the rest.
take a hint from the world of frame relay and implement a committed access rate/burst rate for your user connections, then provision your bandwidth around that.
users x car = total bandwidth required
to illustrate an example of this, i work for a major financial company, a slew of banks connect to us over a frame cloud. a T1 has 24 64k timeslots, we will place 48 customers on this at a 32k cir/ 64k burst rate. or 24 at 64/128. or 12 at 128/256. you get the idea.
back to the cable co's : i recently priced DS3 45M internet access at 15k a month from the largest carrier in the us.
45M = 1024k x 1024k x 45 = 47,185,920k
47,185,920k / 512k cir = 92,160 subscribers max
92,160 subscribers x 40$ monthly fee = 3,686,400$
(i hope i didn't screw any of that math up, double check it)
obviously there are other costs to consider aside from the cable companies internet connection, but still : how do they manage to make such a huge clusterfuck out of this?
Let's take your proposition about Bob, Carol, Ted, and Alice, and have them all sharing a connection via wireless or Cat5...
Now, what do you think the cable co would do if each of them bought the broadband plan, and they ALL shared the aggregate bandwidth (ie, if three of the neighbors were asleep, and Bob decided he needed some high grade Pr0n - he could use the bandwidth of all four cable modems at one time) - of course, this brings up another issue: If the bandwidth is shared by several cable modems, what if all the neighbors simply paid, instead of each getting a cable modem?
Or - what if all the neighbors formed a coop or a corp ($300 or so), and bought one connection to host in the house, and use however they wanted - could this be done?
I know this is slightly rambling - but hearing about shit like this makes ME VERY ANGRY!!!
Sell me the pipe! Sell me the pipe! Sell me the pipe!
Ok, I'll calm down now...
Reason is the Path to God - Anon
The cable companies are trying to achieve the same benefits that OS software companies enjoy. Just like you can't install one copy of Windows on multiple computers (legally anyways), the cable companies don't want you using more than one computer on the network at the same time. Does it increase the amount of bandwidth? Unlikely. Websurfing and gaming uses such a miniscule amount of bandwidth that even additional computers don't significantly add to the load, and any warez junkie will far outweigh the load that a multi-user network adds.
The point is, they want to be able to charge extra for multiple computers. Of COURSE there are technical ways to get around this, but those don't provide the cable company with extra revenue.
You say it doesn't cost the cable company any extra for you to host multiple computers on a single connection. This is true. Its also true that installing one copy of Windows onto more than one computer doesn't cost Microsoft more. But it deprives them of revenue they would have if you were legal. The cable company sees this the same way.
If its in the user agreement, and you signed on knowing this, you have nobody to blame but yourself. And cable companies are in a better position than Microsoft in this regard. Chances are, you probably signed an actual contract, not some EULA that you blindly clicked through without reading. You don't have to use them. Use a competitor. Vote with your wallet.
And now, you're going to tell me there ARE no other options. They're the only broadband provider in your area. Well, guess what. There are places that don't even have ONE broadband option. You at least HAVE a choice. Accept it, start an alternative service on your own, move somewhere there are more (or better) options, or keep cheating and hope you don't get away with it.
Personally, I don't get into this argument. The service I have allows me 16 static ip's and allows me to resell the bandwidth if I want. But I also pay for it, probably a lot more than you're paying. I could probably get away with far less, but I actually prefer the idea of having a service that I know is unrestricted. If you buy a service that comes with restrictions, you better make sure you can live with those restictions before you sign your name and start paying for it.
-Restil
Play with my webcams and lights here
While I don't work on the phones (my job is to keep the client machines that tech support personnel use for logging calls running) I do end up listening to quite a few calls in that account. In fact I was listening to call today, where a gentleman was trying to get his Linksys four-port NAT-enabled router working with Comcast's service. Not only did the tech not mention anything about not supporting NAT, but the tech support agent helped him set up the router, made it work with one machine, waited while this gentleman went to his other machine, and helped him ensure that his tcp/ip settings were correct. He was using the 192.168 network locally.
Hmmm maybe we're just slow to get the news?
Lousy facepalm.
When you leave the path of RFCs and standard networking you can kick packets around anyway you want. The router doesn't need the MAC address of its external interface for anything. It could just ignore it when routing packets.
they can see mac addresses through networks (tricky bastards found a way)
dont ask how i know
i disavow all knowledge of this post
have fun chewing on your new info guys =]
The TTL is unimportant. The first thing my Broadband installer suggested was to install a firewall.... There is absolutely no way they can differentiate between a Firewall and a NAT as far as TTL or OS guessing. Heck, if they could get as far as actually knowing that I do have a NAT, I could simply say it's part of the firewall protection scheme I have in place (can't connect to a non-routable IP now can ya?).
So far noone has mentioned anything that can't be attributed to other VALID applications. It looks like it justs comes down to them wanting to intimidate the low-tech users that buy a $50 3 Port router and don't put a second thought into it.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
What about playing online games with consoles? The X-Box got ethernet, and PS2 will soon get it (or if you use an USB-Ethernet-device you get it now). I play Tony Hawk's Pro Skater 3 online (on PS2), and I also have some computers (6 actually) on my home LAN (1 is the NAT server). Even if I only had one computer, I still would have to use some kind of NAT to get my PS2 online. Of course I could've connected it directly to my DSL modem, but I moving cables around all the time is just a pain in the ass. Talking on IRC talking to the people I play against is also a nice thing, especially if some of them don't have a keyboard for their console.
It's becoming more and more common to have more than one piece of hardware which wants to connect to internet, and a local network with NAT is the easiest to do it, especially for ISPs. Sharing your private connection with the neighbours however, is a bad idea unless it is allowed by the ISP. If you want to have flat rate DSL, pay for it.
Fortunately I use a nice ISP which gives me what I really want, static IP, 1MBit up and down, no monthly limit (I probably download/upload between 50-150 GB each month) and no router, just a modem which sits between the wall and the NIC on my OpenBSD box. It just converts the ethernet-signals into something the copper likes more.
... This is the same Comcast that wouldn't hunt down Code Red-infected machines on their network? Seems that one's a whole lot easier than the others.
And what about folks running, say, Red Hat? NAT can easily be enabled even if it isn't doing anything.
*smack* Silly Comcast.
In Soviet Russia, sig types you!
All the fees for my telephone service and /27 routed to me with proper DNS,
my DSL connection cost me somewhere in the ballpark
of $2400.00 per year. For that amount, I get
two phone lines, a fairly decent voicemail package
plus all the add-on services that Qwest sells
(caller-id and so forth), a 1.5/1.5 Mbit ADSL
connection, a
a Cisco 678, webspace, mail addresses, nntp access,
yadda yadda, from a clueful ISP that provides
connectivity and not bullshit.
People keep going on and on and on about how MSN
this and AOL/TW that and now Comcast the other thing.
In my WAY NOT humble opinion, when you go for the
cheap option, you're going to get treated like a
commodity consumer, NOT like a customer. If you
are unfortunate enough to live in an area which is
not well-served by competing broadband providers, well,
you have my sympathies. There are downsides to the
area where I live as well. But if you do have a choice,
and you've gone with the lowest priced option when
better though more expensive alternatives are available,
you should stop complaining, and take responsibility
for the consequences of your decisions.
-fb Everything not expressly forbidden is now mandatory.
So if somone has a few virutal machines on one box, does this count as more than one machine connected to the network?
"Your superior intellect is no match for our puny weapons!"
My guess would be that they woul dprobably get a list of the default MAC addressess for all these "cable/dsl routers" by linksys and the like and deny dhcp requests for those addresses... That would probably get the largest chunk of the customers. If they did this, Windows ICS and Linux IP MASQ/NAT (or OpenBSD, or FreeBSD, or whatever), would be immune...
XML is like violence. If it doesn't solve the problem, use more.
It should be by the household. If I have 5 computers, and 5 potential users in my own home, then I should pay for my home to be connected at the rates quoted.
Now if I take my connection, and use wireless to spray the block and let the neighbors share, thats a problem.
It works this way with most everything else, why not Internet?
Blogging because I can...
who cares, NAT SHMAT. Go somewhere else, we vote with our dollars.
And Lord knows that the moment you drop your stupid out-of-box firewall, your box will get broken into, yessirre bob. Only thing keeping them evil hackers out is that ZoneAlarm.
Symantec is the most truly amazing company I've every met for surviving almost entirely on FUD. They sell virus scanners and blow the threat of viruses way out of proportion. They sell firewalls and warn people that if they don't own their product their "computer is going to be broken into". And, no, your computer does not need to be "tuned up" with your copy of Norton Utilities every week, folks.
Lemme guess...Adelphia East San Fernando Valley, eh?
BTW one GOOD thing about Adelphia...they actually ENCOURAGE the use of hardware firewalls. Of course, they won't support the fool thing but they know that the more hardware firewalls, the less hassles they will have with people's boxen being broken into.
A friend of mine in Australia tried to break into my network. Used all the usual tools and some unusual ones too. Most of the time he couldn't even SEE anything beyond my external IP address. The SMC Barricade ABR might not be stateful as yet but it's nigh impermeable. I rest easy at night knowing it's on guard.
Knowledge is power. Knowledge shared is power multiplied.
But if they try and block me or take it away or make me pay more I'm fighting it. First through the system, and if that doesn't work...
--
If I actually could spell I'd have spelled it right in the first place.
I hope that this does not become the policy after ATTBI becomes dismantled, as it is they carried over without flaws (for my household at least, heh) the old @Home policy of an extra $5 a month for an extra IP address. Under @Home it was a static IP address (in my area, they wanted you to go dynamic, but you didn't have too) but under ATTBI now it is a dynamic IP address.
Even with a NAT installed (I have one. . . . will take it outa the box one day, I swear!) I would want the second IP address just for having at least one computer in a demilitarized zone (something that many NATs apparently can't do without an extra IP, including the NAT I have. . . . sitting in the box that is, heh. Almost a year old now. ^_^ )
Need help treating your acne? Come here!
Reading down some of the discussion I knew I had already answered it ... Last November.
Cable Co's Want More Control Over Your Network
Are you paranoid if you know that they just want to know everything you say and do?
Sorry, you can't "lose" service due to a "cable hacker" butchering his lines; that only adds increased noise ingress if he is downline from the "offender", which, of course, is only for the forward path and NOT the reverse, since the analogy is now backwards; "his" noise ingresses will be seen on your set with the 5 to 42 Mhz. reverse path "backfeeding" in through the tap that serves your residence.
The amount of signal degradation will also depend on how far you are from an LE(line extender) or a trunk amp. The ingress in either the forward or reverse path depends on the level of noise ingress that is present on the lines, and the distance the offending home is from yours, and the true signal level that is available between the two homes.
Run an SLM on the amp's output, then take a reading at your input and output; then do the same to the offender's tap, and finally, take an EOL(end of line) reading at the last, terminated tap. A Wavetek "stealth" meter will give you a very nice picture of C/N, ingress, C/S and since you can tune any specific channel, you can "see" what bandwidth the ingress is taking up on your street's plant. Do a simple walk-out of the plant and note the location of ALL the amps, taps and splitters from your location to the offender's.
Cable IMD/ingress is easy to locate if you use common sense in the approach. Many's the time, the splicers do the initial setup of the forward and reverse paths to take readings and get the node up and running for the "final tweaking" of the node certification/sweepers to ensure the levels are within tolerance, if this is not done properly, the whole node suffers from ingress, intermod, crosstalk and bursting(level spikes).
Cable modems suffer the worst from reverse path noise, that shuts down the bandwidth available and slows total system throughput. I set up thousands of nodes in MN, WI. and Iowa, and the one thing that takes a system down fast is noise and IMD. IMD corrupts data greatly, and the BER drops significantly because of it. Ingress and IMD look like false data packets, and cause falsing to occur, which of course, decreases the valid data that is outgoing and incoming to/from your computer.
206.39.38.2, DDN-BLK-36, DOD NET INFO CENTER. 800.365.3642 206.36.0.0-206.39.255.255 NET RANGE.
Ok, new list with some other points:
I've been a Comcast customer for some time and have had relatively no problems with them to date. I am a little concened that since my IP changed on the 22nd (our area's cutover) I'm unable to ping it from work. Something to do tonight I guess.
I'm against picketing, but I don't know how to show it.
the subject: "Slashdot Got Trolled (Score:4, Troll)" ?
heh
when the phone company wanted and did charge you for how many phone jacks you had. Cable companies wanted to charge for how many tv's you had as well. And now they want to charge for how many computers you have on the i-net connection you pay for. What a world :P
Funniest goddamn story I've heard all day...
It's been said before in this topic, but there's no real backing apart from that prior article (which in itself isn't much evidence). I think that Comcast would likely face more trouble than it's worth if they started shutting off connections using NAT: customers that leave (as they can't afford paying, say, twice as much per month to keep their computers online), lawsuits from individual users, and even lawsuits from hardware and software makers citing concerns over anti-competitiveness(as Comcast would be forcing customers away from Linksys, D-Link et. al. to boost their own profits).
Besides, in my ISP tech support work I see this all the time: "a friend of a friend says that you're going to start charging $60 a month / cut bandwidth in half / disconnect people with routers..." and then they ask why - as though it were already a certain fact! If an ISP institutes a policy banning NAT altogether, they'll let you know. Most broadband ISPs specifically warned their users (in general) in e-mail and on their websites about Code Red well before they started cutting off individual connections, so there shouldn't be any difference here.
You may not run a server in connection with the Comcast High-Speed Internet Service residential service, nor may you provide network services to others via the Comcast High-Speed Internet Service residential service*. The Comcast High-Speed Internet Service residential service includes personal WebSpace accounts for publishing personal Web pages. Examples of prohibited uses include, but are not limited to**, running servers for mail, http, ftp, irc, and dhcp, and multi-user interactive forums. For information about @Work products for commercial or network services purposes, including commercial-grade remote LAN access, please see http://work.home.net.
* - This is worded vaguely enough that they could one day decide that this means providing service to another person/people within the same domicile, whose names are not on the Comcast bill.
** - This phrase provides even more weasel room for these money-grubbing pigfuckers.
I work for Road Runner, we dont care if you are NAT'ing. In fact its better cause it saves IP addresses. We just dont support it, meaning dont have any reps to troubleshoot that type of connection. Not sure why Comcast would take that route. If a customer wants to do that, then fine. They only get a set amount of bandwidth anyway.
Perhaps they want to charge for each IP address you would need by NOT using NAT.
The rumblings of war begin, as geeks try to find ways to get their bandwidth for free, and ISPs try to get all the money they can.
It's a lot like Napster consumers vs. record companies.
BUT, it's also like computer game companies vs game pirates.
It's just a question of beliefs over what's right and what's wrong. Of course, US corporations are awfully good at manipulating what's right and wrong, but I can't help feeling that geeks have convinced themselves that it's OK to get all that bandwidth at any cost.
They must have done some kind of analysis where they estimate the cost of customers walking away vs. the enhanced revenue from additional fees. Given the robust sales of NAT devices, I think their analysis is way off. Then again, maybe this whole thing is a "troll for data" operation where you broadcast your intentions to see how much resistance there really is.
I remember the old days when @Home assigned one static IP per household, with no provision whatsoever for additional addresses. The tech. staff would say "There is a way to connect multiple computers, but we don't support it.", meaning "Set up Linux IP Masquerade -- we don't care, just don't ask us to fix it."
Of course the real problem with NAT is the 802.11b Wifi dilemma. In an apartement scenario, a single broadband subscriber can share with many neighbors, especially if they are light users (the kind the ISPs covet the most). I guess Comcast has figured this out and views it as a doomsday scenario.
The proper way to kill the anti-NAT practices is to see which ISP takes the lead and then boycott them into bankruptcy. After all, the service is not very useful without NAT, so walking away is not just the morally correct thing to do, it's almost a necessity anyway.
But the wording from the FAQ still makes two things clear:
- They expect you to purchase the right to use more than one computer.
- The incompleteness of their phrasing leaves potential loopholes open. You're right about the FAQ writer seeming to be unaware of NAT, and because of that, the FAQ might even be usable to bolster any legal defense. "But your honor, their TOS only said I couldn't provide the service to other people, and the FAQ said I only had to pay if I wanted more than one IP address."
As others have observed, if you want another IP they charge you for it. So does AT&T, @Home, and many other cable modem providers. If you can cram all your systems into one IP through NAT, they don't seem to have any problems with it.
I'm used to dorm room ethernet so its torture to use dial-up when I am home between semesters. Last summer I finally got a netgear router so I could leech off my parents @home connect. It was working beautifully and I eventually shared the other two ports to my brother and mom's machines. So we have had 4 machines connected for a while.
Two days ago I got a call from my mom asking, "Why doesn't the internet work???"
I made a term of service for my computer.
it looks like this.
tos(terms of service for my computer)
By acessing this computer I agree to the terms of the service.
I = person acessing my computer
1. I will not disclose information about this computer.
2. I will not hack in to this computer.
3. I will not delete files without permission from the owner.
4. I will not send spam to this computer.
5. I will not use this computer to harm the owner in any way.
6. I will not use CPU cycles without permission from the owner
7. I will not use this computer to make a profit.(unless you pay me.)
From what I read, Comcast prohibits you from supplying bandwidth outside your household. That's reasonable.
It also appears that it's not that that they want to prohibit NAT, but, rather, that they don't understand how it could be used. The FAQ clearly implies that they believe that each computer will need an IP from them. So they are limiting it to three per household, and charging for it.
And for many people, who don't understand / care about firewalls, they may just go with that solution.
I think Comcast's only concern is conservation of their IP pool, not the computers themselves.
I bet if someone offered to work with them, they'd modify their FAQ's.
If anyone were ever to get caught using one of "those off-the-shelf $150 router boxes", couldn't we just say that we are using the box to provide a wireless connection or a firewall for our single computer on the network? My guess is, given the technical knowledge of the Comcast reps that I have encountered in both Philadelphia and Ann Arbor, MI, just digress for a few seconds into ipchains and RRAS...they'll soon find themselves quite speechless.
How will they tell that someone is using NAT? Are they actually going to examine packets looking for matching source and destination ports??? What if I want to hide my computer behind private IP for security? These boneheads don't want computer savvy people as customers, they want computer dolts that can't keep their machines virus and trojan free and cost them money!
I operate a bunch of computers behind a NAT, SPI firewall on a cable modem connection with anti-virus and my own DNS server! I'm their smallest liablity since I don't stress their DNS servers, I trouble-shoot my own problems (their tech support sucks anyway) and I pay my monthly bill.
They should want more customers like me; not less.
-ted
Applying your argument to the case at hand, my doing NAT on my connection equates to riding in a Car Pool. It's still only one car (IP).
God, this example sucks.
Don't forget....those 92,160 customers aren't all using 512k all the time. The cable companies could over subscribe by at least at 2 to 1 ratio and double their monthly income on that DS3.
And they still manage to make a clusterfuck out of it.
-ted
I've had a cable modem in my house since July '01. Once I got the Cable modem, I cancelled my cable TV, but it still worked, cause that's how it is. Until last week. They recently began installing these inline filters that block the channels, but still allow the modem to function. So, now I pay for both again.
Also, in their TOS, they limit downloads to 3gb per month!?!?! That's a weekend for me. They also have a policy against upstream traffic of more than 500mb in 24 hours (Section 8(s)). I suppose this is how they will effectively ban multiple user connections, since they don't care about routers. As long as you only use one DHCP IP, that's all you pay for. Cox AUP.
Luckilly, they don't enforce these rules vigorously (if at all) yet. Once they do, I'm out.
Often in Error, Never in Doubt.
(Out trolling...) ;) but just because your mad at your bank doesn't mean you should use a Glock to make your next withdrawal, know what I mean?
The fascinating thing about this discussion is that (acc. to my very non-scientific sampling of the available data), roughly 80% of the responses to this NAT detection business are "Hey Slashdot! How can I get away with stealing service from Comcast?" This is as opposed to the normal reaction of someone who lives in a market-based economy, which is "Hey Slashdot! Let's all dump our Comcast service in favor of DSL to show Comcast we won't put up with this shinola!" Don't get me wrong - I'd be pissed off as well (if I hadn't switched to DSL a while ago,
"One empirical experiment is worth a thousand expert opinions." -Bill Nye
Good for you! When some company like comcast calls you up to threaten you about using NAT, tell them that they better like it, or you're switching providers. Vote with your dollars, most areas have both cable and DSL, and many providers of each. Use the competition to you advantage.
If you have a box between you and the net which substitutes addresses or wraps packets, then the company providing you access can determine this is occuring from things in the TCP/IP datastream.
OTOH, if your box connects to a box (we'll call it a proxy server) and that proxy server connects to your target URL itself, and receives any data requested by you, then the only IP the outside world ever sees is that of the proxy. The proxy never references your internal IP (because it is always connecting ITSELF to the external system and so it looks like one computer is at your end). It does incur the overhead of two TCP connections, a bit of request translation and reply translation (some lag), but it does make your packets appear to all originate from one place. Anyone who knows HTTP and TCP/IP sockets can write one of these (for TCP).
The only thing that isn't so good for is FPS or other online games. It'll work fine (really well in fact) for web surfing or file downloading.
But really, if I'm buying X bandwidth from my ISP, provided I don't violate a law, what in the Blue Blazes gives them the right to pry into my internal network setup? If my smartFridge wants to talk to e-Grocer to order me some new lettuce, the ISP shouldn't be snivelling. They sold me the bandwidth.
If they are having problems with some users using more than their bandwidth then they have a network bandwidth throttling problem. This should be solved by a quality-of-service approach and bandwidth throttling, not pursuing those who happen to have a home network and don't suck bandwidth beyond the permissible and agreed upon amount.
This is a case of solving the wrong damn problem. But it is just this kind of blinkered thinking that has helped in the demise of so many high-speed service providers. It isn't that the market isn't there, they just want good service for their dollar. And this and other examples just illustrate that most services don't deliver.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
Your subject is wrong - it's hard to FIND someone doing NAT.
Everything "detection method" you've listed is voodoo.
MAC ADDRESSES - Can't identify people using Linux routers.. it can only catch people using "black box" NAT routers, and even then, every manufacturer of stand-alone NAT boxes also manufactures NICs.
Browser Headers - You have any idea how much work it is to track and store browser information, then to correlate the data to something useful? Sorry, not gonna happen.
People - A company comes up with something like this, and you HOPE they don't get good people? If they had access to good people, this wouldn't be an issue at all.
In short, any method of "detecting" NAT is voodoo at best. Without going to view the location in person, there is NO way of reliably determining if a site is using NAT or not.
Quite likely they had no particular technical approach in mind and planned on just waiting until the Slashdot crowd surveyed the possible techniques for them. That has been accomplished.
I use adelphia for my cable internet access, and recently I had a problem where windows xp would just disconnect, I could disable, and re-enable my network, and it would work for a few more minutes..
Anyway, I called adelphia support, and they had me use my other network card in my pc to hook up to the cable modem. (the one i was using was kinda flaky, I had tried the other card earlier and it didnt help). He told me I should probably remove the bad network card, and he said that if I wanted to hook up other pc's to this one to get to the internet, I would have to buy a new network card.. I was pretty suprised when he said that.
My friend uses the same service, and his cable modem is hooked up to a linksys cable/dsl router. He got a call one day from adelphia, they asked him if he had a linksys router, he said yes, and they told him he needs to get a firmware update because theres a problem with the current firmware and it not letting go of dhcp assigned ip address's.. No mention whatsoever of why he had a router there instead of just his pc.
So luckily my provider doesn't seem to care. I have also had about 10gb a month up and down and no complaints from them for using too much bandwidth.
Hell, if Cox were to try this here in Fairfax County, VA I'd bet there'd be hell to pay at the next county supervisor meeting.
I've used comcast@home for several years and have recently migrated over to their all comcast managed network. The interesting thing is almost every other day comes more new about fewer/restriced services. I was thinking about setting up a Linux Masq box to offset the recent price increases and I'll soon have to pay a 3rd party for USENET newsgroups (Comcast has decided not to maintain news servers). They are implementing a 'transparent' port 80 proxy and capping download speeds at 1.5. The list goes on...
For me, cable is the only game in town. DSL isn't an option because the copper is so bad Verizon nor anyone else with a DSLAM in our CO would even think of offering service out this way.
I'm at the mercy of 'the man'...and I know somehow, someway the Microsoft equity investments in Comcast (and downright bankrolling of the attbi aquisition) is driving policy.
Name Withheld because I don't want to be on a list
As for the MAC address lock, SMC allows you to configure your router to show a MAC address of your choice to the outside world, all the while NAT is running on the other side ...
PLUS most people know how to spoof a MAC address anyway, regardless of the OS they're using. Cheers!
Do you want to remove linux?
I live in argentina, broadband access here is expensive as hell (100 bucks per months for a 512kbits downstream/128kbits upstream cablemodem), but they have setup a nice QOS system on their routers so their unofficial policy is "Do whatever u want, just dont get us in trouble!".
The only bug i have with their service is that they dont provide a stable ip, but damn, the ip rotates like every month or so, and it never interrupts my connection to do so.
Ok, what im getting at is that what i am receiving (and paying) is for access, they shouldnt care about what i do with the access they provide, as long as i don't get them in any kind of trouble, which i think it can only be of legal nature, because, as i said before, i can only go so much faster with the cablemodem before the QOS kicks in.
What i dont get is why the hell do they want us to pay extra if we have 10 machines using the same bandwith with the same ip? im not costing them extra, im just using what they provide in a more efficient manner. I dont ask them for troubleshooting when the router goes berzerk and everybody start loosing their connection.
My point is (finally) that they are just trying to make an extra buck, they probably need it, but they should try to find another way to make it, because cracking down on NAT users is just plain wrong.
And if they dont have QOS installed on their equipment, well, that should be their problem, not the problem of the consumers
PS: My cablemodem company is Fibertel if anyone cares to take a look at it.
Me not know english? That unpossible!!
Everybody has a purpose in life, maybe mine is to lurk in slashdot.
It's pretty obvious they just want to charge more money for more computers, for no other reason than they think they can. All these arguments about cost and usage are just stupid. They see a bunch of people out there who will just submit and pay. That's what marketing is all about, isn't it? Whatever they think the traffic will bear!
The biggest danger is that they're taking this aggressive position now in order to set a precedent. If they can change the rules of this still new game now to suit them, they can lock in higher rates and greater profits for years to come. The future is at stake.
Personally, I don't think it will fly. I believe there are too many users with home metworks now that they can't afford to risk losing, vs. an unguaranteed number new users who will buy into their new "offerings," or just submit without a fight.
Note that while Earthlink has been offering NAT and multi-computer services for a fee, they've never required users to buy these services from them. They'll even give you a static IP account for an extra $10.
a) TOS seems the same wrt NAT as @HOME. Additional charges only for the clueless or those requiring additional public ips.
b) I see no language explicitly prohibiting servers, however they are attempting to limit them by forcing IP change every 4 hours
1) caveat DHCP is SUPPOSED to by the standard check the availability of an IP before assigning, hence a user could park indefinitely on an ip. I seriously doubt that comcast will notice/care unless you are sucking massive bandwidth or otherwise causing problems for them.
The described network in the FAQ is for 3 computers fully exposed to the internet. This is unsafe, especially for users of Windows computers. The alternative way to "follow" their recommendation is to purchase 3 Linksys (or other) routers, one for each of your 3 machines and firewall them that way. Of course they might have a problem with that and consider each of the Linksys devices to be a device and then decide you should pay for 6 devices.
Basically after all the discussion I think it comes down to the fact that the cable ISPs need to be able to throttle bandwidth. After all one guy on a single computer doing mp3 or movie trading (his own recordings and videos of his kid, of course) can easily eat more bandwidth than a network full of people just checking their email and cnn.com every so often.
Coding Blog
AOL broadband (cable modem), which out here in south-east Wisconsin is piggy-backed on a Time-Warner cable modem and does not allow multiple computers to connect at the same time through a broadband router the same way that the normal Time-Warner cable modem does. (The connection to TW isn't established until AOL's program is activated, which has its own account and password which are different than the account information for the TW login) I have heard that using Windows Internet Connection Sharing will allow for multiple computers though. I'd like to know if anyone else has run into this situation and if they were able to get it to work.
You pay 6 dorks 30 grand apiece to kick off your paying customers or get said customers to pay an extra $5 a month in fees? How many people are you going to have to bust a day just to _break even_?
Never mind that you could just hire a single CCIE/perl-guru freak for $120K and he'd do 2x as much as the dorks...
...just cool your jets. DSL isn't even available in *most* of the country. I live in one of the most supposedly "connected" towns in the Southeast. The only broadband provider for the 80% of the population that lives more than half a mile from the center of town is Adelphia. The only alternative is to move. And that's the situation in most of America.
Plus, what you spend on broadband is half a mortgage payment out here, and $40K a year is a *good* mid career salary.
So don't call us "cheap." We're struggling to afford the shitty service we have. Our only choice is to bend over for these corporate slimeballs and take it up the ass. Unless we want to give up our IT work and go back to the furniture factory... or buy a Greyhound ticket to California... not!
I hope you wrap your Porsche around a tree, you insensitive little fuck.
Hmm, entering a network(home), and gathering information about what's there sounds an awful lot like what the justice department now considers equavalent to hijacking planes. Once they hit your router they are on a private network. If finding an unprotected credit card number directory on eBay or some other public server will get you 20 years think how this could be prosecuted.
you would be wiser to ask the author, though,
who is unknown to me
Run a sniffer, and fucking ARP-poison their beautiful Cisco routers...and proceed to watch the rest of the node's web traffic, IM's, etc etc
That's it : if your ip is typical from a home subnet, you'r using NAT.
Or, maybe you're just running a separate firewall to prevent your Windows box from being a sitting duck to script kiddieZ.
Myself, there are about 8 machines running behind my DSL. But a system I set up for a friend is OpenBSD on a Rogers cable modem, driving a Windows box. There's not even a hub involved - just a crossover.
He and I agree: Running Windows on a routable IP address is an act of great stupidity. The ISPs should be grateful for the reduced liability.
This setup doesn't violate the spirit of the service agreement - there's still only one computer connected to the ISP's network. And, in this particular case, it doesn't violate the spirit of the TOS agreement - the OpenBSD box does nothing more than ZoneAlarm, only better.
Heh. Of course, the ISPs will act short-sightedly.
Fire and Meat. Yummy.
Actually, that is the AUP...there TOS is here. And depending on how you define it, it kinda prohibits it.
6vii....FOR ANY BUSINESS ENTERPRISE, OR AS AN END-POINT ON A NON-COMCAST LOCAL AREA NETWORK OR WIDE AREA NETWORK, OR IN CONJUNCTION WITH A VPN (VIRTUAL PRIVATE NETWORK) OR A VPN TUNNELING PROTOCOL...
Assuming that you have multiple computers in your residence, I would think that your NAT/Router/Whatever box would fit the strict definition of an "end-point on a non-comcast local area network". Don't get me wrong, I think the policy is bunk between that and the whole VPN prohibiting thing...Let me use my account how I want as long as I don't abuse it.
Let them cancel my account...there is always DSL in my area.
From FreeBSD (/usr/src/sys/i386/conf/LINT):
# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
# packets without touching the ttl). This can be useful to hide firewalls
# from traceroute and similar tools.
Simply add "option IPSTEALTH" to your kernel config and rebuild. *poof* Firewall? What firewall?
Of course, you'll probably want to couple this with the standard anti-stack finger printing methods of IPF/IPFW, but the idea of "Stealth NAT/firewall" isn't particuarly new.
My
... trust "me", and anonymous coward posting on slashdot.
Gee , you inspire a lot of trust, eh ?
- sigs are for wimps.
I'm a Comcast customer and just found out today that if I put a computer in the DMZ (via my Linksys router), my service will get shut off for about 5 minutes! This never happened before. Try it yourself.
It's very possible Comcast detects the change in my network and stops the service temporarily until I become a good boy again. I'd be interested in seeing someone look into this who has more experience with cable modems and such to find out if this is purposeful on Comcasts part.
Class action lawsuit because of the fact that unless it clearly states in the policy mulitple machines can not be hooked up to the line expect when the extra fee is paid that it wont fly. That and detecting computers that are supposed to be invisible if done by a teenager would be considered unauthorized access of information and a violation of privacy. God I hate Comcast I hope they try it on me I need money....
Just when we thought that MicroSoft licensing is ridiculous, something more stupid comes along.
I repeat: this is RUMOUR. Why is it on Slashdot? This is not responsible journalism.
But, since everyone else seems to be hopping on the bandwagon taking this as fact I'll chime in anyways.
The solution is to play it smart and don't ever ever tell tech support you're using more then one computer. If they accuse you of using more then one, deny it. They're going to have fun proving that one.
Adelphia Powerlink flipped their freaking lid when the guy was trying to troubleshoot my connection by pinging it and I told him I'd gotten his ping.
"How do you know that? It's coming up as host unreachable here."
"Yeah I know I'm running a firewall on my machine."
"What?! You're not allowed to use a firewall on our network!"
"Uhm, why not? Oh maybe I should turn it off so all these people trying to DoS me can mess up your network a little more?"
So remember, when calling tech support:
1) You are using 1 computer.
2) You are using Windows.
3) Never mention the words: firewall, router, linux, server. They are verboten.
Always "follow" their absurd troubleshooting suggestions no matter how stupid they sound. Hey.. sometimes they do work, but otherwise just take what they tell you and translate the steps into your OS of choice. Or if you already tried it give them the answer they're looking for.
This is nice. Can any of the hardware based NAT do this?
Wouldn't the randomness itself indicate an intent to deceive? The randomness would serve as a fingerprint and would definitely raise a few eyebrows and definitely would raise suspicion.
Found in a basic FAQ about firewalls at www.robertgraham.com:
Q: I've seen many DNS requests from many low port numbers below 1024. Aren't they supposed to be reserved? Aren't they supposed to use 1024-65535 range?
A: These are coming from machines behind NAT firewalls. A NAT doesn't necessarily have the concept of reserved port numbers.
Maybe they only have to examine the DNS packets looking for source ports below 1024?
Well all the above will be moot with the new bandwith caps being put into place.
Slam into the caps by any means i.e. sharing, big files,etc. It will not matter.
Additionally, I'm making use of the Linksys feature that lets you control the MAC address of the WAN port. What MAC did I use? The MAC from the USB ethernet adapter the @home tech gave me a year and a half ago. So, my MAC looks like a little USB ethernet adapter, and the router behaves as if it's a PC with a very restrictive personal firewall installed.
So, how are they going to figure it out? There are ways, but speaking as a vendor that sells hardware to the Comcast Internet people in my area, they just don't have anyone smart enough to figure it out.
Time Warner tried to screw me into paying for multiple IPs because the tech came over and saw my borg like apartment with multiple PCs and wires everywhere etc. (I suspect that many othe readers have similar nests)
After explaining to him that I use different PCs for different purposes, and that I was only one person and therefor could only really use one PC at a time they let it go.
However, this situation seems like it would be imediatly shut down if they tried to eliminate NATs. Yet I feel that it is a completely legitimate use of my cable modem.
thoughts?
You know, you can do wireless without doing NAT. Just because your little AP defaults to NAT'ing from 802.11b to the WAN port doesn't mean that it's the only way to work. I'm quite happy paying an extra $5 to my ISP for 5 IPs (that's just a buck a pop for those of you in Buffalo) and using a wireless AP with it's NAT turned off.
Think outside the... Hey, where'd the friggin' box go?
Nope just a good demonstration of greed over common sense. Happens all the time.
Who said you couldn't run wireless? Just because they don't want you to NAT to multpile devices doesn't mean that the devices you _do_ pay for can't be wireless...
Think outside the... Hey, where'd the friggin' box go?
The best anyone could do is to _guess_ whether someone is using NAT. That's 2 bytes. Just look at a nat trans table, you can never make a definitive case. I am surprised this is even attempted. Wierd. I don't know why people are talking about OS fingerprinting. Even if we allow the fingerprint to be correct, what the hell does that say about nat? All servers can do packet forwarding.
When Comcast took away my speed and my fixed IP but DIDN'T lower my bill, I ordered DSL. When service went from 2 MB/s d/l to 400kB/s d/l and 2 MB/s u/l to 128 kB/s u/l... my bill should have gone from $45/mo to approx.$7/mo. I don't need their silly portal stuff. I don't need their junky static web pages cause I don't want to post pictures of the neighbors dog;I want to run a real web server on my own machine where I can serve up PHP-enabled pages and cgi scripts. They can keep their e-mail addresses (that they sell to all comers, so nearly as I can tell and that makes them no more valuable to me than a hotmail or yahoo or even a msn email address) ... I can get more of all of that stuff all over town. All I wanted from them was bandwidth and now they've throttled that. And they want me to unplug my wifes machine (which uses a different OS because she is afraid of Linux ... and which she uses for perhaps 15 minutes a day to check her main and IM with her out of state friends) or pay MORE? Whaddya, nuts? She's worth it ... definitely ... but they arent'. Sayonara, sucker!
Here in Maryland, Adelphia has cracked down using similar techniques. Hard to use multiple computers on over their network when I'm getting zilch bandwidth.
Didn't someone run into a situation where a network admin got screwed for running port scans on machines on his own network?
Won't this problem go away once everyone switches to IPV6? I mean, DHCP isn't even needed with IPV6, and IPV6 also gets rid of the need for NAT, because it can detect a route, and slap it into the IPV6 header.
That doesn't mean anything. I wrote many many many engines in many different languages. I can form any type of packet I want, and set any type of headers I want. Besides, all my boxes are the same OS all running the same browser. Besides, even if they raised a stink, I would tell them to check their packets again, and I'll send a very colorful packet their way ;)
The "average geek" uses way too much bandwidth for stupid things though. Like how many of us really need to download 50GB/month of MP3's and pr0n (which usually just gets deleted shortly after DL anyway)? Why do we do it then? Because we can!
Start metering a bit and people will trim down their consumption of bandwidth. Give me a 5GB cap and charge me a set amount for every 1GB after that. But, DO NOT tell me you're going to charge me per month for every PC I hook up on my connection. THAT pisses me off and it isn't even fair.
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
I like the way theirs is writtenp
http://www.charter.com/products/internet/aup.as
Basically it says don't be a dickhead. Only thing iffy in there is the if we determine you use too much bandwidth item. Items that are up to vague interpretations are not good.
I think you've been had. I checked the TOS on their web site and it does not forbid NAT. It does forbid
1. VPNs (NAT does not make a VPN).
2. Connecting a machine in another building.
3. All commercial use...
An engineer who ran for Congress. http://herbrobinson.us
Now, do I think it's reasonable for them to say you can have only one computer on the network rather than, say, capping your monthly bandwidth usage? No, I don't, but what you should do in this case is find an ISP which provides what you want rather than defraud (by falsely agreeing to use one class of service when you're really using one which they provide at a higher price) an ISP which doesn't. I'll never understand what's so hard about sticking to the terms of an agreement you made voluntarily.
I beleive that this so called department at comcast that enforces the AUP is a bunch of HOO-HA. All these people do all day is port scan users all day long looking for open socks servers. And when they find one they send a pre-formed 'assertive but peaceful' letter explaining that the user is violating the AUP and to stop pretty please. Just like when the cable TV portion of the company comes to your house to install or repair something. After they do the repairs, the tech will take you downstairs, show you the splitters that he had to disconnect because it violates their service agreement, and then he shows you how to reconnect them after he's gone. He doesn't care, and the cable company doesn't really care because they know that when push comes to shove, if they start disconnecting people for using more than 1 TV, or computer in their house, they'll end up losing in court, just like the telephone companies did in the 70's or 80's or whenever. If you pay for a certain ammount of bandwidth to your household, once inside your household, what you do with that bandwidth is your business and your's alone. In St. Louis, there is actually a company that offers to configure your broadband connection (cable, dsl, etc..) for NAT and firewalls, etc. They're called "The Digital Closet" I WILL LOCATE URL 4 U.. http://www.thedigitalcloset.com/ oh god their website sucks.. but it exists i guess. If all else fails and someone calls you threatening you with a disconnect.. just pretend to be a confused old man or woman, and say that your young trial lawyer grandson set-up your LAN. If that doesn't scare them, then use the method where you fall down on the ground and soil yourself and shake violently. That will work too.
Such big corporations could easily enable access to improve access to educational institutions.
How many people do you know that have free cable TV? Wouldn't it make more sense for these idiots to spend their time trying to bill people the $30/month for cable tv rather than $6.95 for an extra IP address? I guess prioritizing business goals is not a characteristic of cable broadband providers (see "Excite@Home").
If the telcos wish to follow suit in this, we'll be paying another monthly usage fee for each "extra" phone over the "allowed" 1 phone.
What is this world coming to? Seems like every company is 1) severely limiting your usage rights of their services, and 2) selling your personal information for profit, BEFORE you can opt-out.
Besides, they've got bigger fish to fry right now, like routing stability.
-schwim
I hope all these corporates that are greedy and evil deserve what enron got.
Yes employees loose their life savings, but thats what you get for working for the devil.
And "affordable" hardware is very cheap if you look at solutions like the one at www.dubbele.com
Cable companies are
[wishful thinking on] the same thing might happen with internet service.
In any case, I have had Comcast internet service for 2 years now, and for those 2 years I have used an old Linux box as firewall/NAT/web server. I never had a complaint from Comcast. In fact, I'm quite happy with their service so far (except recently when they switched to dynamic IPs).
My biggest complaint is that the upstream bandwith is limited to 128kb/s. I once called Comcast to ask them if I could pay more and have more upstream bandwidth (and run my server legally), and they said no.
-- Anonycous Moward
I remember the Adelphia service well (in the East SF Valley). If I *only* had 80% packet loss I'd consider it a good day. Thank God I moved out of the area. Sympathies to those of you in that area :)
really, if you use nt or 2k all you have to do is to enable ip forwarding and change the gateway on the internal boxes. I believe it's in the tcp/ip properties. It's best though if you masquerade with a linux box. As you can see, there is really no such thing as not allowing multiple users to use a single connection. This is for no other reason then the fact that it can not be enforced.
And in the FAQ (NOT from the TOS):
Those were the only references to multiple computers I could find anywhere in the TOS or FAQ.
As you can see, it doesn't say anything about multiple computers sharing access not being allowed. However...
This paragraph gives Comcast considerable leeway in deciding what degrades another user's service, so they could conceivably argue that having multiple computers simultaneously connected could degrade other user's service (though I don't think paying more money for extra addresses would improve other user's service any).
So, what's the problem?
Now that I have read most of the threads, seems like everyone is a bit worried. When I read the post I thought, "hmmm....he quit? wierd. It was easy money." I am asking myself, these people who talking as if this will inevitably happen must know that one can definitively tell if someone is using NAT. I see a few talking about "something in the tcp stream". What are you guys talking about? I am seriously asking this question because I would like to know. It would be great if someone can clear this up for me. What is in a NATed session that is so unique as to distinguish itself from a non-NATed session? Please advise.
I just switched my DSL service from SBC to Covad today. Although it was not my reason for leaving SBC (they don't seem to prohibit NATing either), one reason for my choice of Covad was that the salesperson I spoke to was actively pushing all of their DSL services as NAT-friendly. I told him I was going to put up a wireless NAT box for my neighbors to use and my salesperson told me that they think that's perfectly OK.
Going off topic, I feel compelled to warn anyone who follows my recommendation that if you use Covad's "TeleSurfer" DSL service, you'll need to use PPP-over-ethernet (requiring a patched version of PPP which I believe is already in some distributions), and your PPP login will be username @covad.net, as opposed to just username.
Come to think of it, if 2) is properly done you don't even need 1).
It's the same principle used in law-enforcement:
Make people believe that if they break the law:
- It's very likely that they get caught
- If they do get caught the punishment is hard and certain
(As a side note i believe that the big difference in driving styles between mediterranean countries and northern europe countries with similar driving laws, is due to different perceptions of the answers to the "will i get caught?" and the "if i get caught will i get punished?" questions).Most people on this forum don't seem to have any kind of problem ripping of from companies, because "by the definition they are "big evil corporations" and should be abused in any way possible".
What you don't realise is that you are no better than common thief or pirate if you abuse their services. Of course some things in contract may be awkward or just plain wrong, but in this society it is your choice whether to follow the contract or to choose different ISP. You can make difference by protesting, informing the company of the reasons you choose NOT to be their customer but playing modern Robin Hood is different issue. Or do you think breaking the rules just because they don't suit your needs is right?
Of course you can try to stretch the rules if
you really don't share the bandwidth with anyone else but instead want to have for example your own mail server and KNEW that ISP doesn't really have problem with the fact that there are more than one computer behind one IP but with the bandwidth issue. But this is a gray area and you know it and must take responsibility for your breaking the contract despite of the fact there was no harm done.
I've got an idea: why don't they hire a couple people who know what they hell they are doing, instead of 100 monkeys at $100,000 a year?
Excite blew up because they didn't have anyone who could build out email and other minimally requirement infrastructure,and so they hired a bunch of people who didn't know what they were doing, either, and, well, increased their burn rate while doing nothing about improving service.
It's no onder these places are drowning, if they are going to insist on bailing water into the sinking ship, instead of out.
If these Jacktards want to make money, they could start by lowering their costs: there are two sides to any equation, and either one could be adjusted to achieve the necessary balance.
I know PacBell still hasn't dropped a DSLM close enough to my house for me to get DSL yet (which is stupid, since there are over 5000 apartment units in several complexes in the immediate area, even if you don't count single family homes and condos, almost all of them peopled with Oracle employees and other technology people).
While it pisses me off that they keep sending me flyers for a service they won't sell me, at least they aren't spending money they don't have building out infrastructure they can't afford on the assumption that stock prices will give them enough float to weather a 2 year to profitability plan (though one wonders what the flyers for the service they won't sell me are costing them...).
I hope i'm not the only one old enough to remember when it was illegal to attach your own telephone/modem/answerer to the line.
People used to cheat, and Ma Bell would go to great lengths to catch them. That fascist policy is gone.
Ma Bell had a monopoly on phone service just as the cable companies have with coax-internet today. Unregulated, they will RAPE THE PUBLIC.
Policies such as this MUST BE KILLED. If THESE BASTARDS can't be held responsible for providing GOOD SERVICE AND GOOD VALUE, then they should get their UGLY POLES AND WIRES out of OUR COMMUNITIES.
That was very specific legislation which only applied to common carriers as defined by the law. It has no applicability to cable. They own their own network and can do whatever they will with it.
Remember: once a company becomes dominant in it's industry and can no longer grow at the expense of it's competitors, it has no choice but to grow at the expense of it's customers.
A new kind of meat designed to appeal to vegetarians.
In what way is that not a network?
A new kind of meat designed to appeal to vegetarians.
Is there anyone else thats using an Asante FR3004LC router/firewall? How well will this hardware firewall/router fare against the new Comcast menace? It opens ports for games and such only on demand, is not pingable, or at least doesn't ACK back when ping'd, does natural packet filtering with NAT. It claims that WAN traffic only sees the router and that LAN traffic is cloaked. It will do PPPTP tunneling and IPSec for VPN's. You can copy the MAC of a PC on the network to the router and it will use that for all outbound traffic. I'm planning on sniffing the outbound streams to see just what is leaving my place to see if its claims are indeed true.
What are the sharing ratios?
I mean the coax can handle quite a bit more than the 1.5Mb/sec that they restrict me to, can't it?
So, how much can each "neighborhood domain" handle, and how many households are served from each of them?
And how much peering bandwidth do they buy for each of their customers?
Beware the salesman. Lucifer once signed-on for a timeshare in the upper westside of heaven... boy was he pissed.
What's the difference if the person I'm sharing with lives next door or in the next bedroom?
The difference is that telephone service, like many other services, is sold at a set price which is based upon some estimation of how much the typical customer is going to use it. To demonstrate that this is so, let's jump right to the extreme example: instead of just running cable to your neighbor's house, you run cable to your entire town. Notwithstanding the fact that the service would be horrible for everyone, you have deprived the phone company of hundreds or thousands of customers. They sold the service to you at a set price, based on the fact that they can sell the same service to everybody else in your town. If they only end up selling to one person, then they have to adjust the price.
Another example: you sign a contract for a year of all-you-need tech support by phone. You let your whole town know that you have the contract, and you give them access to the service, so the tech support people end up fielding calls all day, all on your account. But they sold you the service based on how much a normal person would be using it, and based on the fact that they would be able to sell it to many other people in your town. If they can only sell it to you, but they end up fielding calls all day anyway, then they need to adjust the price.
Summary: The price is set based on some expectation of limited personal use. If the actual usage goes way beyond that, and the customer pool drops as well, then the price needs to be adjusted. Solution: limit the usage to personal use within a househeld. Simple and reasonable.
Evil is the money of root.
In Japan this happened with the government-run NHK which is two terrestrial and some satellite TV channels. NHK is the channel you go to when there is a big bumpy earthquake or a typhoon, and sometimes they have not so dry kind of interesting stuff too.
So NHK got the government to let them go door to door demanding cash from people all across the country, since people are watching their channels with no commercials on them, which means they must owe them something. Just started a couple years ago after many many years of free government TV.
The idea is if you pay, you get a shiny sticker which you post on your house, one a year. Of course everybody and his or her brother says to their question "Do you watch TV?", "Yeah! But I never watch NHK." Which is possible but difficult because you scan through two of their channels to hit the other five or so you get in Tokyo anyway.
When's the last time this happened? Not for a long time, then they showed up on 9-11 or within a day or so of it I remember. I best remember of course my intense anger (from the New York area doncha know) and I got really pissed off at the person who came to the door.
They went off never getting it, you know, that they could have been in the wrong. Even if technically they might not have been, though of course I never watch NHK intentionally now except when there is a typhoon or an earthquake.
Maybe Comcast could be reduced to a more pathetic lifeform like NHK, which also happens to be made of some quite corrupt and very nasty people at the top. Lucky they don't have spyware for the tv, yet.
Subscriber Agreement
a sp or you may disable cookies on your browser as follows:
This Agreement (the "Agreement") sets forth the terms and conditions pursuant to which CoxCom, Inc., together with any applicable Cox affiliate and/or distribution partner (collectively "CoxCom") will provide the Cox High Speed Internet service (the "Service") to the customer ("Customer") referenced on such order form. Such Service will be delivered over cable transmission facilities provided by CoxCom.
CoxCom may modify this Agreement, and the Service provided hereunder, at any time. CoxCom will notify Customer of any such changes by posting notice of such changes at http://www.cox.com/ and sending notice via e-mail. Customer's continued use of the Service following notice of such change shall be deemed to be Customer's acceptance of any such modification. If Customer does not agree to any such modification, Customer must immediately stop using the Service and notify CoxCom that Customer is terminating this Agreement in accordance with Section 12(a) of this Agreement.
1. Computer Equipment Requirement
Customer's computer equipment must comply with CoxCom's current minimum computer requirements, which are available at http://www.cox.com/ The minimum computer requirements may change and CoxCom will make reasonable efforts to support previously acceptable configurations; however, CoxCom is not obligated to continue to provide such support.
2. Customer Premises Equipment ("Equipment")
Customer may rent or purchase a cable modem from CoxCom or may purchase a DOCSIS-compliant, CoxCom-approved cable modem from a third party provider. CoxCom reserves the right to provide service only to users who have CoxCom-approved DOCSIS-compliant modems. Subscribers are strongly urged to check with local CoxCom Customer Support or online at http://www.cox.com/ for the most current CoxCom-approved cable modem list.
3. Access Provided
The Service will allow Customers to access the Internet, online services and other information. Customer may incur charges, including, without limitation, charges relating to the purchase of "premium" services, such as additional web space, unified messaging, online faxing, business class services, or access to certain gaming sites in addition to those billed by CoxCom. All such charges, including all applicable taxes, are the sole responsibility of Customer.
4. Payment Terms
a. Agreement to Pay. Customer agrees to pay all monthly fees and installation charges, including applicable franchise fees, taxes, customer service fees, late fees and door collection fees. Monthly fees will be billed one month in advance. If payment is not received by the due date, late fees and/or collection charges may be assessed and the Service may be terminated. Customer may be required to pay a reconnect fee and/or a security deposit in addition to all past due charges before the Service is reconnected.
b. Payment Methods. Customer agrees to pay CoxCom in accordance with the payment terms on the back of the invoice received by Customer for the Service and agrees that CoxCom has the right to change the structure and amount of its fees at any time subject to applicable law.
5. Access to Customer's Premises
Customer authorizes CoxCom, and its employees, agents, contractors, and representatives to enter Customer's premises (the "Premises") at mutually agreed upon times in order to install, maintain, inspect, repair and remove any CoxCom-owned Equipment and/or the Service. If Customer is not the owner of the Premises, upon request, Customer will supply CoxCom with the owner's name and address, evidence that Customer is authorized to grant access to the Premises on the owner's behalf, and (if needed) written consent from the owner of the Premises.
6. Relocating/Removing Equipment
Customer will not remove any CoxCom-owned Equipment from the Premises or connect the Equipment to any outlet other than the outlet to which the Equipment was initially connected by the CoxCom installer. CoxCom may relocate the Equipment for Customer within the Premises at the Customer's request for an additional charge. If Customer relocates to a new address, this Agreement shall automatically terminate and Customer will be required to enter into a new Subscriber Agreement and may be charged a new installation fee to initiate Service. Customer will not connect any equipment, other than Equipment authorized by CoxCom, to the cable modem outlet. Customer understands that failure to comply with this restriction may cause damage to the CoxCom network and subject Customer to liability for damages and/or criminal prosecution.
7. Contact Address
For any inquiries or notices required in connection with this Agreement, Customer should contact the local CoxCom customer service center, at the address or phone number listed on Customer's bill.
8. Acceptable Use Policy
Customer agrees to use the Services only in accordance with the Acceptable Use Policy currently located at http://www.cox.com/, which may be modified by CoxCom from time to time, and which are incorporated herein and made a part of this Agreement.
9. Monitoring and Enforcement
CoxCom has no obligation to monitor the content on the Service and expressly disclaims any responsibility for any offense or injury arising out of the Customer's access to or dissemination of such content. However, Customer agrees that CoxCom has the right to monitor the Services and to disclose any information as necessary to satisfy any law, regulation or other governmental request to operate the Service properly, or to protect itself or its subscribers. CoxCom reserves the right to refuse to post or to remove from the Service any information or materials that, in its sole discretion, are inappropriate, undesirable, or in violation of this Agreement.
To promote good citizenship within the Internet community, CoxCom will respond appropriately if it becomes aware of inappropriate use of its Services. CoxCom prefers to advise Customers of inappropriate behavior and any necessary corrective action required. However, if the Services are used in a way in which CoxCom, in its sole discretion, believes violates this Subscriber Agreement, including the Acceptable Use Policy, CoxCom may take any responsive actions it deems appropriate. Such actions include, but are not limited to, temporary or permanent removal of content, cancellation of newsgroup posts, filtering of Internet transmissions, and the immediate suspension or termination of all or any portion of the Service. CoxCom will have no liability for any such actions. The above described actions are not CoxCom's exclusive remedies and CoxCom may take any other legal or technical action it deems appropriate.
By using the Services to publish, transmit or distribute content, Customer is warranting that the content complies with this Agreement, including the Acceptable Use Policy. Customer also authorizes CoxCom to reproduce, publish, distribute, and display the content worldwide only as necessary for CoxCom to provide the Services. The publication, transmission, or distribution of Customer content pursuant to our providing the Services shall not provide CoxCom any ownership rights or license to use that content for any purpose other than allowing CoxCom to provide the Services.
10. Customer Information
a. Credit Inquiries. Customer authorizes CoxCom to make inquiries and to receive information about Customer's credit history from others and to enter this information in Customer's file.
b. Information Collection and Disclosure. Customer agrees that CoxCom may collect and disclose information concerning Customer and Customer's use of the Service in the manner and for the purposes set forth in CoxCom's privacy policy currently available at http://www.cox.com/, and as the same may be modified from time to time in accordance with its terms.
11. Customer Service
CoxCom expressly reserves the right to institute fees for providing certain customer support services if, at its sole discretion, it determines such fees are warranted. Except as expressly provided herein, CoxCom shall not be liable for any damage to Customer's equipment resulting from or arising in connection with its provision of technical service and support for the Service, even if such damage results from the negligence or gross negligence of the CoxCom installer, technician or customer service representative.
12. Terminations and Expiration
a. Termination Rights. Either party may terminate this Agreement at any time without cause by providing the other party with no less than twenty-four (24) hours written notice of such termination. In the event of termination by Customer, Customer must notify CoxCom by telephone or by a non-electronic written submission. E-mail submissions shall not constitute effective notice. In the event of termination by CoxCom, CoxCom may notify the Customer of such termination by electronic or other means. In those cases where annual prepayment terms are elected by Customer, Customer agrees and understands that the calculation of any refund for unused Service will be based upon the normal rate for the Service and not upon the discounted annual prepayment rate.
b. Obligations Upon Termination. Customer agrees that upon termination of this Agreement:
1. Customer will pay CoxCom in full for Customer's use of any CoxCom-owned Equipment and Service up to the later of the effective date of termination of this Agreement or the date on which the Service and any CoxCom-owned Equipment have been disconnected and returned to CoxCom. Customer agrees to pay CoxCom on a pro-rated basis for any use by Customer of any CoxCom-owned Equipment or Services for a part of a month.
2. Customer will permit CoxCom to access Customer's premises at a reasonable time to remove any CoxCom-owned Equipment and other material provided by CoxCom.
3. Customer will ensure the immediate return of any CoxCom-owned Equipment to CoxCom. Customer will return or destroy all copies of any software provided to Customer pursuant to this Agreement.
4. CoxCom is authorized to delete any files, programs, data and e-mail messages associated with such account.
c. CoxCom Retention Rights. Nothing contained in this Agreement shall be construed to limit CoxCom's rights and remedies available at law or in equity.
13. Limited Warranty
ANY COXCOM-OWNED EQUIPMENT AND SERVICE ARE PROVIDED BY COXCOM "AS IS" WITHOUT WARRANTY OF ANY KIND. COXCOM DOES NOT WARRANT UNINTERRUPTED USE OF THE EQUIPMENT OR THE SERVICE. COXCOM DOES NOT WARRANT THAT ANY DATA OR ANY FILES SENT BY OR TO CUSTOMER WILL BE TRANSMITTED IN UNCORRUPTED FORM OR WITHIN A REASONABLE PERIOD OF TIME. ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF NONINFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY ARE HEREBY EXCLUDED AND DISCLAIMED. Some states do not allow the exclusion or limitation of implied warranties, so the above exclusions or limitations may not apply to you.
14. Back-Up Requirements
Customer agrees that he/she understands that the installation, use, inspection, maintenance, repair and removal of the Equipment may result in service outages or potential damage to Customer's computer. Customer therefore accepts full responsibility for backing up all existing computer files prior to such activities involving the Equipment. Customer expressly releases CoxCom from any liability whatsoever for any damage to or loss or destruction of any of Customer's software, files, data or peripherals.
15. CoxCom Performance and Reliability Rights
Although CoxCom will make commercially reasonable efforts to deliver a high quality residential Internet access service, unless otherwise specified by CoxCom in writing, Customer is purchasing a residential data service with no performance or reliability warranty either expressed or implied. CoxCom reserves the right to manage its network for the greatest benefit of the greatest number of subscribers including, but not limited to the following: rate limiting, traffic prioritization, and protocol filtering. Customer expressly accepts that such action on the part of CoxCom may affect the performance of the service. CoxCom reserves the right to enforce limits on specific features of the Service, including, but not limited to, e-mail storage and web hosting maximums.
16. Damage to and Encumbrances on Equipment, Computer, Software
a. Ownership of Equipment. All Equipment, except for equipment purchased and paid for in full by Customer, will at all times remain the property of CoxCom. Customer may not sell, transfer, lease encumber or assign all or part of the CoxCom-owned Equipment to any third party. Customer shall pay the full retail cost for the repair or replacement of any lost, stolen, unreturned, damaged, sold, transferred, leased, encumbered or assigned Equipment or part thereof, together with any costs incurred by CoxCom in obtaining or attempting to obtain possession of any such Equipment. Customer hereby authorizes CoxCom to charge Customer's Visa, Master Card, other credit card or other payment method authorized by Customer for any outstanding Service and Equipment charges. CoxCom may, at its option, install new or reconditioned Equipment, including swapping existing Customer equipment for DOCSIS-compliant equipment, for which the Customer may incur a fee.
b. Customer's Hardware and Software. Should the hardware of Customer's computer be damaged as a result of the gross negligence of CoxCom or the gross negligence of an authorized agent of CoxCom, CoxCom will pay for the repair or replacement of the damaged parts up to a maximum of $3,000.00. CoxCom shall have no liability whatsoever for any damage to or loss or destruction of any software, files or data, including any damages or losses resulting from any virus, lock, key, bomb, worm, Trojan horse, or other harmful feature.
c. Customer Purchased Equipment. Customer agrees to only connect CoxCom-approved equipment to the CoxCom network.
17. No Liability for Content
There may be content on the Internet or otherwise available through the Service that may be offensive to some individuals, or that may not be in compliance with all laws, regulations, and other rules. CoxCom assumes no responsibility for the content contained on the Internet or otherwise available through the Service. All content accessed by Customer through the Service is accessed and used by Customer at Customer's own risk, and CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to access to such content by Customer. CoxCom specifically disclaims any responsibility for the accuracy, quality and confidentiality of information obtained through the Service.
18. No CoxCom Liability For
a. Eavesdropping. Other cable and Service subscribers may be able to access and/or monitor Customer's use of the Service. The risk of such "eavesdropping" exists not only with cable transmission facilities, but also on the Internet and other services to which access is provided by CoxCom as part of the Service. Any sensitive or confidential information (such as credit card numbers or other financial information, medical information or trade secrets) sent by or to Customer is sent at Customer's sole risk, and CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to such actions by Customer.
b. Security. Customer agrees that when using the Service to access the Internet or any other online service, there are certain applications, such as FTP, HTTP, proxy, peer-to-peer based applications, or gateway server applications, which may be used to allow other Service users and Internet users to gain access to Customer's computer. CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings resulting from, arising out of or otherwise relating to the use of such applications by Customer, including, without limitation, damages resulting from others accessing Customer's computer or from any loss of data maintained on any network.
19. Limitation of Liability
Customer agrees to indemnify CoxCom from any claims arising from Customer's use of the Service, including the use of the Equipment or the Service in any manner prohibited under this Agreement. Unless otherwise specifically provided in this Agreement, CoxCom shall not be liable to Customer or to any third party for any claims, damages, losses, liabilities expenses, or costs (including legal fees) resulting directly or indirectly out of or otherwise arising in connection with any allegation, claim, or proceeding based on:
a. The use of the Service by Customer or any other use of the Equipment, including, without limitation, any damage resulting from or arising out of Customer's reliance on or use of the Equipment or Service, or mistakes, omissions, interruptions, deletion of files, errors, defects, delays in operation, failed deliveries, misdeliveries, transmission failures, or any other failures of performance whether from a failure of the Equipment or Service or from any other computer or network;
b. The termination or reclassification of Customer's account by CoxCom pursuant to this Agreement;
c. A contention that the use of the Equipment or Service by Customer or a third party infringes the copyright, patent, trademark trade secret, confidentiality, privacy, or other intellectual property rights or contractual rights of any third party;
d. In no event shall CoxCom have any liability for any consequential, special, incidental, or indirect losses or damages, including lost profits, loss of data, lost business opportunities, and personal injuries (including death). The limitations set forth in this Section 20 apply to the acts, omissions, negligence and gross negligence of CoxCom, and each of its respective affiliates, subcontractors, employees and agents, which, but for this provision, would give rise to a cause of action in contract, tort or any other legal doctrine; and
e. Customer's sole and exclusive remedies under this Agreement are as expressly set forth herein. Some states do not allow the limitation or exclusion of incidental or consequential damages, so such limitations or exclusions may not apply to you.
20. Installation/End User Software Licenses
a. If the installation of an Ethernet card is required, it may be necessary to open Customer's computer. System files on Customer's computer may be modified as part of the installation process. CoxCom neither represents, warrants, nor covenants that such modifications will not disrupt the normal operations of Customer's computer. CoxCom shall have no liability whatsoever for any damage resulting from the above or other file modifications. CoxCom is not responsible for returning Customer's PC to its original configuration prior to installation.
b. CoxCom or its agents will supply and install certain software, and if required an extra cable outlet, a cable modem and an Ethernet card for a fee determined by CoxCom. CoxCom will also provide a "getting started guide" and online instructions on how to use the Service. CoxCom shall use reasonable efforts to install the Service to full operational status, provided that Customer's computer fulfills the minimum computer requirements set out above in Section 1.
c. Customer agrees to comply with the terms and conditions of all end user license agreements accompanying any software or plug-ins to such software distributed by CoxCom in connection with the Service. All end-user software licenses shall terminate upon termination of this Agreement.
d. Customer may transfer the software provided by CoxCom to additional computers within the home, but service and support for these additional machines is limited and/or may incur an additional fee. Customer agrees that CoxCom has no responsibility to provide service and support for in-home networks. If Customer intends to transfer the software, Customer must give CoxCom prior notice of such transfer.
21. Multiple Users
Customer agrees that Customer is executing this Agreement on behalf of all persons who use the Equipment and/or Service provided to Customer. Customer shall have sole responsibility for ensuring that all such other users understand and comply with the terms and conditions of this Agreement. Customer further agrees that Customer is solely responsible and liable for any and all breaches of the terms and conditions of this Agreement, whether such breach is the result of use of the Service and/or Equipment by Customer or by any other user of Customer's computer.
22. Governing Law
This Agreement shall be exclusively governed by, and construed in accordance with, the laws of the State of Georgia. Customer may not bring any claim, suit or proceeding more than one (1) year after the date the cause of action arose.
23. General
This Agreement constitutes the entire agreement and understanding between the parties with respect to its subject matter and supersedes and replaces any and all prior written or oral agreements. In the event that any portion of this Agreement is held to be unenforceable, the unenforceable portion shall be construed in accordance with applicable law as nearly as possible to reflect the original intentions of the parties and the remainder of its provisions shall remain in full force and effect. CoxCom's failure to insist upon or enforce strict performance of any provision of this Agreement shall not be construed as a waiver of any provision or right. Neither the course of conduct between the parties nor trade practice shall act to modify any provision of this Agreement. This Agreement may not be assigned or transferred by Customer. This Agreement is freely assignable by CoxCom to third parties.
Acceptable Use Policy
CoxCom, Inc. and any Cox affiliate and/or distribution partner referenced on the order form/Subscriber Agreement (collectively "CoxCom") provides a variety of Internet services that allow Customers to connect to CoxCom's high-speed Internet network ("Services"). In order to provide Customers with high quality Service, CoxCom has adopted this Acceptable Use Policy ("Policy") for CoxCom Customers. Please read this policy prior to accessing the CoxCom Services. By using CoxCom Services, CoxCom Customers agree to abide by, and require others using the Services to abide by, the terms of this Policy. CoxCom may revise this Policy from time to time without notice. Accordingly, CoxCom Customers should consult this document regularly to ensure that their activities conform to the most recent version. ANY USER WHO DOES NOT AGREE TO BE BOUND BY THESE TERMS SHOULD IMMEDIATELY STOP USE OF THE SERVICES AND NOTIFY THE COXCOM CUSTOMER SERVICE DEPARTMENT SO THAT THE USER'S ACCOUNT MAY BE CLOSED. For any questions regarding this Policy, complaints of violations, or cancellation notices please contact CoxCom via E-mail at abuse@cox.com, by mail to the cable system address listed on the Subscriber Agreement or by telephone to your local cable system office.
Prohibited Activities
CoxCom Customers may not use the Services in a manner that violates any applicable local, state, federal or international law, order or regulation. Additionally, CoxCom Customers may not use the Services to:
Conduct, participate in, or otherwise facilitate pyramid or other illegal soliciting schemes.
Take part in any fraudulent activities, including impersonating any person or entity or forging anyone else's digital or manual signature.
Invade another person's privacy, stalk or otherwise harass another.
Post, transmit, or disseminate content that is threatening, abusive, libelous, slanderous, defamatory, incites hatred, or is otherwise offensive or objectionable.
Restrict, inhibit, or otherwise interfere with the ability of any other person to use or enjoy the equipment or the Service, including, without limitation, posting or transmitting any information or software which contains a virus, lock, key, bomb, worm, Trojan horse or other harmful feature.
Collect or store personal data about other users.
Use an IP address or client ID not assigned to Customer.
Use the Services on more than a single computer, unless otherwise authorized by CoxCom.
Violate any other CoxCom policy or guideline.
Harm to Minors
CoxCom Customers may not use the Services to harm or attempt to harm a minor, including, but not limited to, by hosting, possessing, disseminating, or transmitting material that is unlawful, including child pornography or obscene material.
Intellectual Property Infringement
CoxCom Customers may not use the Services to post, copy, transmit, or disseminate any content that infringes the patents, copyrights, trade secrets, trademark, or propriety rights of any party. CoxCom assumes no responsibility, and CoxCom Customers assume all risks regarding the determination of whether material is in the public domain, or may otherwise be used by Customer for such purposes.
Copyright
If you believe that your work has been copied in a way that constitutes copyright infringement, please provide CoxCom's Copyright Agent the following information:
An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright or other intellectual property interest;
A description of the copyrighted work or other intellectual property that you claim has been infringed;
A description of where the material that you claim is infringing is located on the site;
Your address, telephone number, and email address;
A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright or intellectual property owner, its agent, or the law;
A statement by you, made under penalty of perjury, that the above information provided in your notice is accurate and that you are the copyright or intellectual property owner or authorized to act on the copyright or intellectual property owner's behalf.
CoxCom's Agent for Notice of claims of copyright or other intellectual property infringement can be reached as follows:
By mail: Cox Communications, Inc.
Attn: Wanda Moore
Leslie Spasser
1400 Lake Hearn Drive
Atlanta, GA 30319
By fax: Attn: Wanda Moore
Leslie Spasser
404-843-5845
By email: copyrightabuse@cox.com
User Content
CoxCom Customers are solely responsible for any information that they publish on the web or other Internet services. CoxCom Customers must ensure that the recipient of the content is appropriate and must take appropriate precautions to prevent minors from receiving inappropriate content. CoxCom reserves the right to refuse to post or to remove any information or materials from any CoxCom Service or system, in whole or in part, that it, in CoxCom's sole discretion, deems to be offensive, indecent, or otherwise inappropriate.
Commercial Use
The CoxCom residential Services are designed for personal use of the Internet and may not be used for commercial purposes. CoxCom Customers may not resell or otherwise charge others to use the residential Services. The residential Services are for personal use only. Customer agrees not to use the Service for operation as an Internet service provider, or for any other business enterprise, including, without limitation, virtual private network ("VPN") usage, IP address translation, or similar facilities intended to provide additional access.
Servers
CoxCom Customers may not operate, or allow others to operate, servers of any type or any other device, equipment, and/or software providing server like functionality in connection with the CoxCom residential service.
Misuse of Service
CoxCom Customers are responsible for any misuse of the Services, even if a friend, family member, guest, employee or customer committed the inappropriate activity with access to the CoxCom Customer account. CoxCom Customers must therefore take steps to ensure that others do not gain unauthorized access or misuse the Services.
Hacking/Attempted Unauthorized Access
CoxCom Customers may not use the Services to breach or attempt to breach the security of another user or attempt to gain access to any other person's computer, software, or data without the knowledge and consent of such person. The equipment and the Services may not be used in any attempt to circumvent the user authentication or security of any host, network or account. This includes, but is not limited to, accessing data not intended for Customer, logging into or making use of a server or account Customer is not expressly authorized to access, or probing the security of other networks or computers for any reason. Use or distribution of tools designed for compromising security, such as password guessing programs, cracking tools, packet sniffers or network probing tools, is prohibited.
Security
CoxCom Customers are solely responsible for the security of any device connected to the Services, including any data stored on that device. CoxCom recommends that users take appropriate security precautions for any systems connected to CoxCom Services.
Disruption of Services
CoxCom Customers may not disrupt the Services in any manner. Nor shall CoxCom Customers interfere with computer networking or telecommunications services to any user, host or network, including, without limitation, denial of service attacks, flooding of a network, overloading a service, improper seizing and abuse of operator privileges or attempts to "crash" a host.
Equipment
CoxCom Customers may not alter, modify or tamper with any CoxCom-owned equipment or service, or permit any other person to do the same that is not authorized by Cox.
Viruses, Trojan Horses, Worms and Denial of Service Attacks
Software or other content downloaded from the Service may contain viruses and it is Customer's sole responsibility to take appropriate precautions to protect Customer's computer from damage to its software, files and data. Customers are prohibited from posting, transmitting or disseminating any information or software that contains a virus, Trojan horse, worm or other harmful program or that generates levels of traffic sufficient to impede others' ability to send or retrieve information. Prohibited conduct of this type includes denial of service attacks or similarly disruptive transmissions, as well as transmissions containing other harmful or malicious features.
Electronic Mail
CoxCom Customers may not use the Services to send unsolicited bulk or commercial e-mail messages ("spam"). Any unsolicited e-mail must also not direct the recipient to any web site or other resource that uses the CoxCom Service. The Services may not be used to collect responses from unsolicited e-mail sent from accounts on other Internet hosts or e-mail services that violates this Policy or the acceptable use policy of any other Internet service provider. In addition, "mail bombing," the sending of numerous copies of the same or substantially similar messages or very large messages or files with the intent to disrupt a server or account, is prohibited.
You may not reference Cox, CoxCom or any portion of the Cox network (e.g. by including "Organization: Cox" in the header or by listing an IP address that belongs to the Cox network) in any unsolicited email even if that email is not sent through the Cox network. Further, forging, altering or removing electronic mail headers is prohibited.
Bandwidth, Data Storage and Other Limitations
CoxCom Customers must comply with the current bandwidth, data storage and other limitations on the Services. Customers must ensure that their activities do not improperly restrict, inhibit, or degrade any other user's use of the Services, nor represent (in the sole judgment of CoxCom) an unusually large burden on the network itself. In addition, Customers must ensure that their activity does not improperly restrict, inhibit, disrupt, degrade or impede CoxCom's ability to deliver the Services and monitor the Services, backbone, network nodes, and/or other network services. CoxCom may terminate, suspend, or require a Customer to upgrade its Services and pay additional fees if CoxCom, in its sole discretion, determines that that a CoxCom Customer is using excessive bandwidth.
Newsgroups
Messages posted to newsgroups must comply with the written charters or FAQs for those newsgroups. Advertisements, solicitations, or other commercial messages should be posted only in those newsgroups whose charters or FAQs explicitly permit them. You are responsible for determining the policies of a given newsgroup before posting to it.
Posting or cross-posting the same or substantially similar messages to more than eight newsgroups is prohibited. Our news software will automatically cancel any messages posted to nine or more newsgroups.
Binary files may not be posted to newsgroups not specifically named for that purpose. Users posting binary files to groups with policies concerning the permissible daily volume of posted files are required to observe those limitations.
Forging, altering or removing header information is prohibited. This includes attempting to circumvent the approval process for posting to a moderated newsgroup.
CoxCom reserves the right to discontinue access to any Usenet newsgroup at any time for any reason.
You may not attempt to "flood" or disrupt Usenet newsgroups. Disruption is defined as posting a large number of messages to a newsgroup which contain no substantive content, to the extent that normal discussion in the group is significantly hindered. Examples of disruptive activities include, but are not limited to, posting multiple messages with no text in the body, or posting many follow-ups to messages with no new text. Messages may not be canceled, except by the author or by official newsgroup moderators performing their duties.
The Usenet news service included with a CoxCom residential service account is provided for interactive use by the subscriber, using a commonly-available NNTP client such as Netscape Communicator. Non-interactive clients that download Usenet articles in bulk are prohibited.
Conflict
In the event of a conflict between the Subscriber Agreement and this Policy, the terms of the Subscriber Agreement will prevail.
COX COMMUNICATIONS, INC.
PRIVACY POLICY
Cox Respects Your Privacy
At Cox Communications, Inc., we respect your privacy. This privacy policy explains our commitment to your privacy and describes how your information is maintained and used by us.
Information We Collect
Information You Provide to Us. When you sign up for our services, including Internet, cable television, and/or video on demand (the "Services"), you provide us with information including your name, address, telephone number, and other billing information. We maintain this information along with billing, payment, deposit, complaint, and service information, and your choices regarding equipment and service options.
Information Used in Connection with Service Management, Maintenance, or Security. We collect information about your usage of our services for network management, maintenance, performance, and security. We may collect information regarding the choices that you make in connection with your use of the Services we offer, any Services ordered, and Internet usage, including the Internet Protocol number assigned to you, bandwidth utilization, and Internet resource requests (e.g. requests to view a web page) made by you.
Information for Personalization Services. We may collect and maintain information such as your address and content and service preferences to provide a more personalized online experience.
We Do Not Monitor Your Personal Communications in the Course of Normal Operations. We do not read your email messages, instant messages, online chats, or the content of other online communications that reside on or pass through our Services. We may however, retain and provide such communications in accordance with a valid court order or if we are otherwise legally required to do so or in response to an emergency situation. Please be aware, however, that once your communications leave our network and enter the public Internet on their way to their recipient, your communications may be monitored or intercepted by third-parties or other Internet service providers over which we do not have control.
We Do Not Record Any Information You Provide to Non-Affiliated Web Sites in the Course of Normal Operations. We will not record any information that you provide to third-party websites or Internet services in the course of our normal operations. When you submit information to any website or Internet service operated by us or an affiliated company, that information will be used only in accordance with the terms of service and privacy policy on that website or Internet service. Since we cannot control websites or Internet services operated by third-parties, we recommend that you review the terms of service and privacy policies of those websites.
Information Usage
We May Use Your Information for Service Related Purposes. We may use the information we collect to maintain and manage the Services, verify billing accuracy, communicate with our customers about service-related issues and maintain financial, tax and legal records. We also may transfer the information we collect in connection with the sale, merger, or transition of our system to a third-party.
We May Use Your Information for Our Internal Business Purposes. We may make your information available to our employees, agents and contractors for our internal business purposes, as well as to our outside auditors, attorneys and accountants, potential and actual purchasers of our business, and local franchise authorities. We also may disclose your information to collection services to the extent such disclosure is necessary to collect past due bills, or to other third-parties as may be necessary to render the Services and conduct other legitimate business activities related to your use of the Services. Third-parties that we retain to perform activities on our behalf (such as executing e-mail communications or collecting past due bills) and which necessarily have access to your information to carry out their assignment, are obligated to maintain the privacy of your information. We require those third-parties to use your information only for the limited purposes for which the disclosure is made and in accordance with this privacy policy. The frequency of any such information disclosure will vary in accordance with our business needs.
We Will Not Provide Your Information to Non-Affiliated Third-Parties for Marketing Purposes. We will not provide your information to any third-party for its use in connection with mailing lists or marketing purposes, other than those parties that we retain to conduct our mailings, surveys, contests, or marketing campaigns, or who act on our behalf.
We May Use Your Information to Send You Our Marketing and Service Related Information. We may send you marketing and informational materials from us or on behalf of our business affiliates or partners. If you do not wish to receive marketing or informational materials from us or our partners, please let us know by sending us a written request, including you name, address, and account number to the address listed on this notice.
Disclosure Policies
We Treat Your Information as Confidential. We treat the information we maintain about you as confidential and take precautions to prevent unauthorized access to your information.
We May Disclose Aggregate, Anonymous Information. We may disclose aggregate, anonymous information (i.e., information that does not reveal your name and address in connection with your general viewing or usage habits or any other transactions made using our Services that are personally indefinable to you) collected from our Services. This aggregate, anonymous information cannot be linked to you or any other individual.
We May Disclose Your Information if Required To Do So for Law Enforcement Purposes. We may disclose your information, including your name, address, email address, and other information, to a government entity if required to do so pursuant to law and as otherwise provided in the Acceptable Use Policy.
We May Disclose Your Information for Certain Other Purposes. We may disclose your information, including your name, address, email address, and other information to other system administrators at other Internet service providers or other network or computing facilities if necessary pursuant to our Acceptable Use Policy or in response to emergency conditions such as imminent threat to life or damage or destruction of property.
Limitations on Disclosures If you wish to prohibit or limit our disclosure of your information, you must notify us in writing at privacy@cox.com, and include your name, address, account number, and the information that you do not wish to be disclosed. Please note that we still may be required to disclose certain information if required to do so by law.
Retention
We maintain your information in our regular business records as long as you are a customer and for a longer time if necessary for our business purposes. Unless a court has asked us for access to this information, we will destroy it once it is no longer necessary for our business purposes.
Inspection
We will make personally identifiable information about you contained in our business records available to you within ten (10) days of our receipt of your written request to examine such information. You may only inspect records containing information about you. You are responsible for the cost of copying any documents you request. We will make this information available during normal business hours at the Cox office listed on the front cover of this notice, and will give you an opportunity to correct any error in the information we maintain.
Other Issues to Beware of - When you travel across the Internet, you may come across the following:
Spam - We do not condone or encourage the sending of unsolicited email, often called spam. Although we take steps to block spam from coming onto our network, no spam prevention method can stop all spam. You can help reduce the amount of spam you receive by not posting your email address on Internet news groups and message boards, and by not providing it to services that are unknown to you.
Cookies - Websites may use cookies to provide you with customized services and other features to enhance your experience. A cookie is a small amount of data that is sent to your browser by a website and is stored on your computer's hard drive that may contain data that allows that website to identify you. A cookie cannot read unrelated data off your hard drive. Every website you visit, and the advertisers on that website, can send cookies to your browser if your browser's preferences allow it. Although cookies can help websites provide you with customized features, they may also allow your activities and choices to be tracked. If you are concerned about cookies you may opt out of major advertising networks use of cookies at http://www.networkadvertising.org/optout_nonppii.
Internet Explorer (IE) users:
On the main toolbar of your browser, go to View (IE 4.0 or earlier) or Tools (IE 5.0 or later):
Select "Internet Options"
Go to the "Security" tab
IE 4.0 or earlier, look for "cookies" and select "enable" or "prompt" to enable cookies or "disable" to disable cookies
IE 5.0 or later select "custom level", scroll down to "cookies" and select "enable" or "prompt" to enable cookies or "disable" to disable cookies
Netscape users:
On the main toolbar of your browser:
Go to "edit"
Select "preferences"
On the left half of the window, select "advanced"
Select "accept all cookies" to enable cookies or "disable cookies" to disable cookies
Clear GIFs - Web pages may contain invisible electronic images, often called clear GIFs or web bugs, that allow third-parties to gather information about users who have visited the web page containing the clear GIF. Email you receive also may contain clear GIFs that may allow the sender to know if you have opened the email.
Malicious Activity - People with malicious intent may try to access or otherwise damage your computer when you are on the Internet. We therefore recommend that you take precautions to protect your computer when you are online. A firewall will help protect your system from attackers, and a virus checker will help prevent a virus from damaging your system.
Changes to this Policy
We may change this privacy policy from time to time to take into account new or changing circumstances. In the event that we change this privacy policy, we will provide you with written or electronic notice at least 30 days before the changes take effect. Any changes to this privacy policy will be prospective and will therefore not change the way we use information collected prior to the changed policy. Additionally, any written notices you provided to us regarding your preferences as to how we use your information will remain in effect.
...use host headers. You can set host headers so that the www server will only respond if a dns name is entered, not the ip address. Of course, this requires a dynamic dns service like dyndns.org or some other form of dns.
i hate the itnernet
Obviously you have not discovered pr0n yet.
Special people have long socks, ride short buses, & invent witty sigs.
I'm having a little difficulty seeing the problem here. Technically, I am running NAT and only have one machine connected to Comcast, which is the NAT box itself. This happens to be a linksys cable router, which runs some stripped down variant of Linux. This is the only computer connected to Comcast. The rest of my computers in my house are connected to this box, but in no way are they connected to Comcast.
The way I understand NAT works is that Computer A wants information and sends a request to NAT box. NAT box connects to Comcast and get said information. NAT box then talks to Computer A and sends this information. So how can they say that Computer A is connected to their service?
Is Comcast saying that if I connect one machine to their service, then I can not in any way run a local network in my house with the rest of the machines?
Besides, I have none of their hardware, I bought my own Cable modem and Network card, I have no cable boxes or anything that might be considered Comcast property. If they need to check out my configuration they have to come into my house, and since I have none of their property, they have no legal basis whatsoever to step foot in my house. They best that they could do would be to disconnect me at the junction box outside the house. With absolutely no factual evidence for termination.
Where are you getting this information... While I do not claim to be a network engineer for them, I am associated with Comcast, and want to know where you are coming up with this future policy determination.
Comcast has done away with the provisioning of anything but the attached cable modem. They make a TOS statement about VPN's on a residential line, but I have seen nothing in their monitoring tools or upcoming policy statements to indicate this change.
It's possible, I'll admit, Comcast has made some apparently ridiculous policy decisions before, but I just wanna know where this is coming from. Comcast has enough real problems there is no need to create imaginary ones.
OK, we've established that we can hide NAT from the cable companies if were saavy enough. Squid/Socks Claiming you have multiple stacks on one machine. They should look at this and realize we will keep right on top of thier technology and won't be detected if we dont want to be.
What these ISPs need to realize is all they are doing is pissing off thier good (technical)customers. At last glance my provider (AT&T) was selling linksys routers at a discount and didn't restrict NAT. Good.
I would prefer to see a bandwidth abuse policy. After all, thats what the ISP is trying to conserve here. If you go over 200MB download a day on average for example...then it may be a reason to investigate. Maybe they are really trying to quash the neighborhood 802.11b service provider.
If they outlaw NAT, only outlaws will have NAT.
This is great for smaller isps who use the cable infrastructure to provide broadband. Comcast is killing itself trying to squeeze their customers dry. It costs them NO money to have NAT routers since they won't support them, and you only use the bandwidth you should already be getting. Very unintelligent.
This is bogus reasoning. A team of network engineers could never in a million years "Detect" and "force to pay" enough NAT users to make paying that team of network engineers a profitable venture.
Look at he numbers: Team of network engineers (assume 5) @ $40/hr each. That $200/hr for the team. Weekly, you're paying $8,000. That means that, to make money, the team must find people with (and convince them to pay for) "extra" machines connected.
By my math, at $6 per machine, they'd have to "sell" about 440 extra IPs per week, and for those 440 "sales", those users must continue paying for at least three months. Otherwise, they're losing money on the operation.
If AT&T Broadband called and said I had to remove my firewall or pay extra, I know what my response would be...
(Starts with "F", ends with "u" and has "uck Yo" in the middle.)
Who did what now?
First off, I am a recovering Verizon victim in the DSL zone. The only good thing about it was a) it was faster than a 28.8 modem, b) multiple IPs for no charge. I moved to NJ, picked up Optimum Online, and I will NEVER look back. They do not bar multiple computers, they are simply the fastest US cable internet provider (I can pull at 300-900k a sec at any given time), and the pings to my fav TO/INF servers are amazing (sub 50's on the majority). Granted, no fixed IP's, but they encourage the use of firewalls and setting up multiple comps behind it.
I really do not understand how Comcast can do the following legally:
1) Snoop your personal possessions in your home (ie your computers) to determine if you are using more than one... seems to be a bit of an invasion of privacy
2) More importantly, determine if you are using NAT or just alot of your paid for bandwith
Personally, as long as the TOS clearly states that you are not allowed to run fixed file or web servers, that's fine (sorry, but most home users don't need to... if you do, go elsewhere). However, I am paying for a broadband connection to the internet and nothing more... unless they specifically and clearly state that hooking more than one computer to the modem is wrong (and technically you can't anyway with most cable modems, at least not directly), they should shut up and worry about the hackers and warez folks who are causing them to go this route... remember, they are trying to shut down illicit FTP's offering software and music illegally, as well as fubar web servs that are against the TOS. Nothing more.
Subject: CAT vs NAT
Date: Fri, 25 Jan 2002 09:21:00 -0500
From: anon@netscape.net
To: Ellis299@aol.com
In your article CAT vs NAT you missed many saliant and critical points. Until recently multiple IP addresses were unavailable for the home user, requiring a "business" connection at considerably higher prices, and usually the service was not provided to home. Home office users had no choice, the service providers incalcitance and myopia could not stand in the way of need and innovation. Case in point, my co-worker was one of the test users for @Home. The day the service was installed he tried to hook up his second computer and was told by @Home that he was limited by @Home to one address and try as he may they would not sell him a second address. With a newborn in arms and needing both parents to work from home, he installed a beta version of Novell's NAT product and promptly called @Home for help to properly configure his side of the network. He made them aware of what he was doing and they told him he was in violation of his agreement. He asked for a second connection and box to the h ome, but they refused. With thier help he completed the NAT installation and the problem solved, or in your opinion, crime perpetrated.
Let me offer one more thought. Any scheme invented by the Cable Operators that flew in the face of innovation or proved costly, would be defeated by the droves of people who needed innovation. Imagine the headache and huge cost the cable operator could bear in any investigation of NAT usage that involved physical inspection as electronic efforts would be both disguised by real users and ghosted by software designed to mimic NAT usage and network loads. Now wouldn't that be a scary idea?
--
Thought for the day, don't you really dislike the space and bandwidth wasted by most signatures?
Sounds like we need a protest application. A windows app (face it) that "normal people" can run on their machine that uses all 1.4Mb/s (or whatever you have) all of the time. Bring the network to its knees downloading rubbish.
Let them know they can either have single computers that use all 1.4Mb/s 24/7 or multiple computers using whatever they need at the time (i.e. a lot less than 1.4Mb/s on average).
Well, personally I'm using NAT with only one computer on the other side (right now), and I've got my own client doing the loging in (and, to make it even hard, I'm not using their services and I'm not even in the same country as they are, so there, try to catch me now ;-).
Seriously, that someone is using NAT isn't the same as that person having more than one computer connected, and even if it was... so what... he's paid for it, and hunting him down will only ruin their business, not get them more paid users.
It's a great NAT / firewall box that lets you statically open incoming ports to local machines if you desire, and prevents you from having to have their REALLY SUCKY software installed on your machine.
Slay a dragon... over lunch!
I can just as easily use the maximum bandwidth with one computer as I can with 10.
THEORETICALLY, this is true. You COULD be a warez host, setup up your machine to continuously download Britney Spears songs from Morpheus or some other bandwidth hogging setup.
But its MORE likely that if you have multiple machines in your home you are using MORE bandwidth than if you only had one.
Now, Its not as simple as "You have three machines, so you are using three times the bandwidth" but the simple fact is that you are using MORE bandwidth in some manner.
"I don't use as much bandwidth on my four computer network as some Morpheus addict uses one just one machine" is not a valid argument to the ISP b/c they want the "cost" of YOUR use to be as low as possible.
Its backwards I agree, but thats how they are looking at it.
Flame, troll, moderate me as a troll all you want, I can handle it.
Its not as if I'm the ISP and I'm going to make money off of you...
---"What did I say that sounded like 'Tell me about your day?'"---
Comcast is a big company. They should be able to monitor bandwidth usage and charge by the average percentage of bandwidth used per month.
I would probably price it between $50 and $150 a month. $150 would be for those extreme examples where the user used between 80% and 100% of thier bandwidth ALL the time (on average), where as $50 would be for the lighter users. (Make up your own pricing scale, but keep it simple)
Not many people will use 80%-100% of thier bandwidth all the time, and those who do would have to pay a premium.
This sounds a lot more fair than telling me I can't use NAT for my many computers.
"Communism is like having one [local] phone company " - Lenny Bruce
I paid $25 for a P75 box and zero for OpenBSD.
I don't understand why this is so terribly hard to figure out. I mean, that's the way you pay for electricity and gas. The only reason you don't pay that way for local phone service is because of some antiquated rules. And the only reason ISPs likely don't do it is because they don't have the necessary accounting software. Well, they should get it rather than try to establish non-sensical and invasive rules.
When I was going to DSL I specifically asked if I can put more than one computer on. They didn't have a problem, the only thing was that anything past their modem on my end was my responsibility. They did not care if I was running Linux, Win95 & Win98. I paid for the bandwidth and what I do with it was my business (as long as I did not violate their TOS).
I have not read the full thing about the cable company, but, it sounds like they want their competitors to get more business.
Panic now, beat the rush!
companies always grow at the expense of their customers. that's the definition of a customer.
SO Comcast believes they can defeat all the hardware NAT router makers? Good luck. "Their rotating the shield frequency captain!" I can see the battle a roaring. A simple update of my Barricade bios will totally destroy months of Comcast detection work and algorithms... No to mention that cable systems are still trying to be opened up to competition. Their just stoopid. Should I add that they will be begging to get DOSed??
NMAP is a network mapping utility available at insecure.org... Depending on how good your router is (netgear,linksys, and D-link suck) it can disguish what ports are being filtered by these routers. It does this by the way router responds with a fin or rst.
They just simply stop traffic for random amounts of time, at random times.
I have RoadRunner here in Columbus, OH and I used to have something similiar to your problem. You may want to call tech support. They sent a tech out who noticed that whenever my traffic stopped the noise was higher than my signal. They then ran me new lines outside the apt and it's been great since. Maybe your lines just corroded and they need replacing. Just a thought.
The difference here is the user agreement. When I sign up for telephone service, at least with QWest communications, they don't make me sign a piece of paper saying I won't have more than 1 phone and 1 answering machine connected. They rely on laws governing harassment and such so they don't have to worry about more paperwork.
With Cable Modem service, they DO make you sign a user agreement saying you will pay for a 2nd, 3rd, 20th, etc... computer. You try to sue them for strong-arming you, they will simply produce the carbon-copy of the agreement with your signature on it, agreeing to pay the fees. The court will say pay it or cancel your service, if they don't tack on fees for previous use of service without payment. And then, Comcast or whatever ISP you are sueing, may even be able to have breech of contract fines imposed, depending upon local laws.
Everyone is complaining about this as being wrong (and I do agree) but they are not taking into account that THEY AGREED TO IT WHEN THEY SIGNED UP! Yes I think it is crap, but did any one complaining read the user agreements before adding their John Hancock to it? I seriously doubt it.
Back before I saw the light and switched to DSL, I had AT&T Broadband, and signed that same user agreement. Yes I ran NAT, but it was with the knowledge that they could say (at any time) "We know you are using it, and you need to either pay us, or stop using it."
To recap the long-winded rambling from above, you don't have a leg to stand on in court, and they can kick the chair you are sitting on out from underneath you. They WILL win in court.
I just looked at the docs on the comcast
site... no mention of routers or multiple computers except in the FAQ, where it
just says they will sell you multiple IP's if
you want. So where is the violation?
Anyway, I dont care. Fortunately we can vote
with our dollars.
-> Ron Legere I can never think of anything clever to put here.
forgive me for being a little uninformed or naive, but isn't there a federal mandate, perhaps even governed by some FCC regulation, that says once a signal comes into my house, it's mine to do with as i please?
unless i ask the cable company to come in and set up a coax outlet for every TV, they can't charge me for how many times i split their line and run it wherever i want. same goes for the electrical service coming into my house, the telephone line, the water, etc.
i would have thought that this situation would have been covered in the past, when the cable companies used to scan for "abusers" with more than 1 TV hooked up to their precious cable teat.
being one of those contacted by aforementioned cable company some years ago due to a "signal leak" coming from one room in my house, i now enjoy the benefits of cable TV in almost every room. i don't pay extra for it. once it comes in the house, it's mine. mine!
although i hate the idea of government intrusion in a regulatory capacity, i don't see any way of avoiding this in the future. cable companies operate like a utility, and they should be regulated like one, whether they like it or not. maybe there's a legal recourse for those being told to shut down their NAT apparatus.
my cable company has yet to say anything on this issue. i hope they remain silent. i use a netgear router as a hardware firewall with only 1 PC connected to it. there's no way i'm going to cough up an extra $5 to give my cable co. a little peace of mind by issuing me a 2nd IP.
i guess in the end, the argument "if you don't like it, leave" is valid. DSL is an option in my area, but only recently. if this sort of thing had happened where i live last year, i would have had the choice of broadband connection or going back to AOL land and the joy of modem squeals and beeps.
regards,
Chimpuat
I received YAFAQ from Cox in this morning's e-mail. It ended with the following:
Q12: I have multiple computers accessing the Internet,
and am unable to set up my computers using DHCP.
What can I do?
A12: We support the primary computer that is connected to the
modem, but we do not support the entire network. We have found
that DHCP does work for most customers who want to network
their computers please contact your network provider or router
manufacturer for further assistance with DHCP settings. If you
require a static IP address, Cox Business Services may offer
a service that fits your needs. You can contact Cox Business
Services by calling 949-546-2020.
Sounds like (a) they don't mind if you use NAT, they just don't support anything behind the NAT box, and (2) static IPs are available under a separate (presumably more costly) plan.
I don't see why so many people want static IPs anyway. Perhaps they want to run a web server out of their house (which they don't allow anyway). Since I have no inclination to do that, the service from Cox will be just fine for me -- as long as they continue to allow NAT.
A number of posts rationalize that Comcast must think as more machines are 'hooked up', then more users will be web browsing, etc. -- and they need to address this 'issue' and charge appropriately for 'extra' work/resources/etc.
Let's call this what it really is. It has very little to do (if anything) with Comcast's cost structure as far as bandwidth, maintenance etc. It is their entire cable-services business model. This is a revenue stream to them, that they use everyday.
Example:
Johnny has 3 TVs, and cable tv service with Comcast. Johnny can not pay for one connection and hook all three TVs up legally (contractually, what have you) without paying extra fees for additional boxes/sets. There is no difference, or one so slight as to be immeasurable, from Comcast's view - other than that their agreement states that they are allowed to generate revenue on a Per Television basis.
I don't know how this discussion got so centered on physical and maintenance costs for Comcast, but that just aint it. Comcast now has a better understanding of how their model for cable tv applies to cable-modem access, and is looking to layer their old model on their new business to generate revenue -- based on a perceived benefit/service offering.
Don't be surprised if on your next cable tv visit, the service guy decides to count how many machines you're connecting. Worse yet, his video signal reader now has a node-scanning somethingorother and now he plugs his device in between the modem and your network - behind your firewall/linksys/etc. to fingerprint your network.
Oy.
--tim
~fight the power >>-->kill your computer
If they decide to show contempt for currently establish best practices on the internet, the simple solution is to withdraw their AS numbers. Screw 'em! NAT was -NOT- developed to 'cheat' service providers of revenue. NAT was devleoped by internet leaders; not black-hat hackers. It was developed to help slow the ever diminishing supply of IP addresses. Such behavior shows corporate greed and contempt for the utility they provide. Revoke their IPs. While we're at it, let's revoke M$ business licensees and corporation status. ;) I can still dream about justice.
Democrats and Republicans only disagree about how to enslave you
A Voice - running your own server used to be a great democratic equalizer. It's no longer affordable to the vast majority of people. For all but the most basic uses, you can't address the web at large anymore, because 56k is not enough, cable and DSL providers are "gunning" for any attempt at using the service for servers, and T1 is still prohibitively expensive.
:)
Speakeasy is fine with you running servers. You can even run your own DNS, Mail, IRC, etc.....
Plus their newserver does carry the binaries newsgroups
I'm a 2000 man.
You'd like to think that, wouldn't you! You've beaten my giant, which means you're exceptionally strong...so you could have put the poison in your own goblet trusting on your strength to save you, so I can clearly not choose the wine in front of you. But, you've also bested my Spaniard, which means you must have studied...and in studying you must have learned that Man is mortal so you would have put the poison as far from yourself as possible, so I can clearly not choose the wine in front of me!
I'm a 2000 man.
I'm assuming they tell you how to set it up, then they allow it.
From Cox FAQ:
Q:
How do I set up my residential gateway to work with the Cox High Speed InternetSM network?
A:
Your residential gateway must be configured to act as a DHCP (Dynamic Host Configuration Protocol) server for your local network, so your computers receive IP addresses from it, and not the Cox High Speed InternetSM network. Residential gateways usually assign 192.168.0.x IP addresses to computers on their local networks. Make sure all the computers on your home network have been configured to automatically receive an IP address. Depending on the computer's operating system, this is generally found in the Network | TCP/IP properties section. Check your computer's "Help" section for information on how to change network properties.
Once you've configured your computers to automatically receive IP addresses from your residential gateway, you must configure the residential gateway to automatically receive an IP address from the Cox High Speed InternetSM network. Residential gateways are often configured via a web browser pointed to http://192.168.0.1, although yours may be different. Once you've logged in to your residential gateway, ensure the Host Name and Domain Name sections are blank. Make sure it's set up to obtain an IP address automatically--do not specify a WAN or Internet IP address. In addition to its WAN or Internet IP address, your residential gateway will receive other network settings, such as Subnet Mask, Default Gateway, and DNS Servers, from the Cox High Speed InternetSM network. Be sure you don't manually input the values of the Subnet Mask, Default Gateway, or the DNS Servers.
Save these settings on your residential gateway. Turn off your computers, then turn off your residential gateway. Turn on your residential gateway. Wait a few minutes for it to boot up and receive its settings from the Cox High Speed InternetSM network, then turn on your computers. Verify that your computers received their network settings from your residential gateway and not the Cox High Speed Internet(sm) network.
For additional help on configuring your residential gateway or home network, please contact the equipment manufacturer.
... is like stealing from Nike, right?
Or worse, buying used sneeakers is also stealing.
The moment I'm under obligation to pay any other private entity money for a service I do not wish is the moment that I become a slave.
Just because someone expects their customers to behave in a particular way doesn't mean that they are obligated to, or it is wrong for them to behave differently.
Because only a communist would deprive Nike of the revenue of a sneaker sale.
Hi all,
I use the Windows version of Webwasher,which has the option to act as a forwarding server.
Excellent observation, and thanks for the pointer to the "real" Terms of Service.
Now for me to go pick through my current provider's (revised WAY too often to keep up with) Terms of Service to see how nastily I violate them without knowing...
I hear you, but in Comcast's case in my area, basic cable in unscrambled on the wire - there is no box required unless you want premium or digital cable services. With this scheme, you can have splitters all over with coverage to every set and vcr in every room with a connection to the TV card in your pc to boot. There's nothing to discourage this.. and in fact, the installer gave me 2 splitters and cables for vcr's when I installed.
Funny story was a friend moved recently to 'comcast country' - he asked about pricing for cable modem without cable teevee - reponse was $39.95 + a $10/month surcharge for non-tv subscribers. He took it and has cable modem + basic cable for $50/month. Not too bad...
This from "Cindy" a tech at Comcast. Background: I was set as static from day 1 by the tech who said there were problems with the DHCP server at the time. Now that its crunch time, I've been trying to convert to DHCP, but haven't been getting a lease. Found out that CC changed my cust id number, so I would have never gotten an IP until I called them. Hats off to Comcast for calling my house with a prerecorded message stating that I'm still using static and have a week to convert to DHCP, lest my connectivity will be dropped.
Anyway, in talking to Cindy tonight, I said, "I can't believe you guys are going after users with Linksys boxes!" She asked, "what do you mean 'going after'?" I said, "like, pulling the plug! I have one that does wireless so I can work on my laptop anywhere in the house, and now you guys want to chain me to my desk in my basement."
"Oh, I don't think that's what they meant. See, those little firewall boxes won't work with the new network because they're only static, and can't do DHCP at all, so you're box isn't going to work after we change over the network."
"I see. Well then, uh, thanks, I guess!"
Intelligent Life on Earth
Is there some legitimate way for this to happen, or were slashdot editors manually editing the moderation points on my post? Is there even a way to tell?
If it's the latter, then I'd love to know what about the parent post is so terrible that this was neccessary. Is the mere idea that perhaps slashdot could have been given incorrect information so objectionable?
I appreciate any input from those knowledgeable about how slashdot moderation really works.
"(g.) Theft of Service. Customer shall not connect the Service or any AT&T Broadband Equipment to more computers, either on or outside of the Premises, than are reflected in Customer's account with AT&T Broadband. Customer acknowledges that any unauthorized receipt of the Service constitutes theft of service, which is a violation of federal law and can result in both civil and criminal penalties. In addition, if the violations are willful and for commercial advantage or private financial gain, the penalties may be increased."
Does that mean if I have a NAT box and use eBay to sell stuff they can penalize me even more?
"AT&T Broadband will provide Customer with dynamic IP connection(s) as a component of the Service. Customer will not alter, modify, or tamper with such dynamic IP connection(s) or those of any other customer. Customer agrees not to use a dynamic DNS to associate a host name with such dynamic IP connection(s)"
INSANITY
"Customer will not relocate the AT&T Broadband Equipment"
Can I move it to clean my desk?
"Gaming Servers: Running a gaming server is a violation of the AT&T Broadband Terms of Service Agreement"
"It is also a violation of the AT&T Broadband Terms of Service Agreement to post copyrighted material to any public bulletin board or newsgroup."
Gee isnt the AUP (C) by ATT?
Yes that is correct (at least for DSL, it is an ATM line)
And there is a limit on the number of phones you have, it is called the REN.
I'm pretty sure this is flamebait. I'd like to see where Comcast is prohibiting this. If you check their FAQ, they do say that if you want to have more than 1 PC on a connection you need to get extra IPs and NICs in each PC. They do not even acknowledge the existence of NAT. I also checked the Comcast@Home Acceptable Use Policy and there is nothing prohibiting the use of NAT to connect multiple computers to one connection.
And in fact, in the early days of cable modems you could break your cap by cloning the MAC address of your cable modem :)
:(
Twas cool...
Its fixed now
---
Live Long & Prosper \\//_
CYA STUX =`B^) 'da Captain,
Jedi & Last *-fytr
In the city I live in, Portland, Oregon, we only have one cable provider. And I know they were considering making changes, but in the past it was not permitted to have more than one cable provider.
Sounds like a common carrier to me.
Nearly all cities have only one cable company.
Also, I believe it is the City that owns the infrastructure in Portland, and the cable company (AT&T) leases it.
I am suffering with the so-called conversion of Comcast to its own network. I have spent hours on the phone with them and get the system up only to have it drop off within hours. Any suggestions? Should I buy my own modem? I'm too far out to get DSL and can't see the southern sky well enough to use a satellite solution. appreciate any suggestions.