Slashdot Mirror
Comcast Gunning for NAT Users
phillymjs writes: "A co-worker of mine resigned today. His new job at Comcast: Hunting down 'abusers' of the service. More specifically, anyone using NAT to connect more than one computer to their cable modem to get Internet access- whether or not you're running servers or violating any other Acceptable Use Policies. Comcast has an entire department dedicated to eradicating NAT users from their network. We knew this was coming since this Slashdot article from two months ago, but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday, and I'll be cancelling my Comcast cable modem early next week." Earthlink and Comcast have both been advertising lately their single-household, multi-computer services (and additional fees) -- probably amusing to many thousands of broadband-router owners, at least until the cable companies really crack down.
This is not a story, let's not treat it as one. It'll be a story when somebody has copies of a letter explaining that their service was cut off, due to the use of NAT. In the meantime, I can tell you that the firewall on my comcast connection has received no new exploratory packets originating at comcast servers.
What about setting up a linux machine and connect X-terminals to it, thus providing multiple users with internet access, but they are on the same machine. Or a windows terminal server. Or ssh in and run applications that are forwarded over X. Or port forwarding.
And, windows 98/ME does this automatically if you have a windows LAN with one computer connected to the internet, doesnt it?
Huh?
Any thoughts on how packets coming from VMware sessions might be treated?
I'm curious how the packets might look form say 4 virtual machines running on the same host hardware.
my
Do you feel the same way about Microsoft? Most cable providers in the US enjoy a monopoly. Comcast may be the only option for broadband access for a large number of people who aren't close enough to their exchange to get dsl. One could argue that broadband is a "perk", and doesn't deserve protection but I don't agree.
As a side note, hooking up a cable/dsl router doesn't really qualify as l33tness in my book.
1. Accessing several different websites at the time
I usually have about 6-7 different websites loaded at once, some have banner ad's that change, some don't.
2. Port forwarding to computers using different operating systems
I am allowed to have my own internal network, that is not illegal and because I add a machine that uses their service that port forwards for whatever reason; It's my port, I'll do with it as I please. So long as I don't abuse their service in any manner according to their "Abuse Legislation".
3. SMTP headers containing references to domain names used only by the LAN
See response to 2.
I really don't know how comcast plans to do it. I'm not a customer and wont ever become one but I'd really love to hear from comcast how they plan to do this because it would be revolutionary in hacking and spying on internal networks. Does anyone work for comcast?
That would be a distinctly stupid thing to do. So, anyone who has a laptop computer and an 802.11b access point that NATs is automatically some kind of AUP-violating scofflaw? I guess those millions of Apple AirPorts already deployed don't matter to them?
Last I looked, Windows comes with "Internet Connection Sharing" and a control panel to turn it on with one button click. Linux requires daunting knowledge of IP networking and the iptables tools.
This whoel subject is completely stupid. What if I have roommates who all use one computer via serial terminals? NCD terminals? That isn't NAT because I only have one host, but dozens of people can use those services via getty or X11. So WTF is the difference?
It has a table in memory, it knows that port 63210 is connected to 192.168.1.20:571 , so when it sees packets coming into 63210, it sends them to 192.168.1.20:571. It has to have this table, because it needs to know what to do if another packet comes from 192.168.1.20:571, they have to be re-written in the same way.
I have a lot of sympathy for the ISP (hell, I am one, about to go under...). The problem is that the industry still hasn't figured out how to charge its users in a fair way AND make a buck. Is it REALLY fair to charge a flat fee, which means divide total cost usage by total users and then charge that to each user (plus a markup -don't forget that this is NOT a charity, but a business-)? If so, then what happens is that those that hardly use it are heavily subsidizing the big users.
If there are no limits, what stops you from getting yourself a cable/DSL access and then wiring up your whole neighbourhood through you? Hand them out instructions on how to create a hotmail-type email, and off you go. For those that say "sure, but then you are lowering the experience of each one", they should actually look at average usage, and you would see that up to around 50 users or so, you are unlikely to step on each others toes except under exceptional circumstances (not more than 4 or 5 are likely to be on at the same time, and of them, they are statistically going to have more unused b/w during their usage than used).
Unfortunately, during the dot-com boom pricing and billing of ISP service went nuts (along with the rest of the industry), and we still have to recover from this idea that b/w should be somehow GIVEN by the ISP at no charge to EVERYONE. Sure, I love universal service as everyone else, but the big question that we should all be asking ourselves: "for internet service, WHO should pay?" Please note, that links, routers, equipment, staff, electricity, etc... are NOT free.
If an ISP has unlimited access which it is calculating on the basis of an average SINGLE user with a SINGLE machine, and it states it clearly in its contract that you are paying for a single-user/single-machine, then anyone putting more than that on their link is in breach of their contract. They have calculated their prices based on their assumption. Of course you may think -and might even be right- that their prices are too high, but does that morally allow you to be in breach of contract? In the same way, we all feel that MS-whatever licenses are way too high, but are we morally allowed therefore to install each program on 10 machines (certainly not legally).
John.
How, pray tell, do they propose to determine whether a user has NAT?
Well, probably nothing is a perfectly reliable diagnostic.
But, [not an expert, here] I had thought that one symptom of NAT was a plethora of high numbered ports being used.
But this practice really irks me.
As far as I'm concerned, just let the user pay for [bandwith + 1/latency]*connect_time.
If clients don't want to subscribe to your extra services, then don't try to browbeat them into it by saying that home-brewed services are "not allowed".
The first network service provider with a business model specifically designed to cater to the commoditization of the network will eventually make mincemeat of those providers that rely on heavy-handed tactics to force their customers into needless higher cost products.
It's like having to buy rust-proofing as part of your new car or an extended warranty on a piece of solid-state electronics - a complete rip-off.
"Provided by the management for your protection."
but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday
Here's the thing. $49.95 or whatever it is you pay really doesn't cover the cost of all that bandwidth if EVERYONE uses it. It's called oversubscribtion and the $19.95 dial-up ISPs are alive because of it. The ISP (in this case Comcast) can't offer that service at that price if everyone uses it. Even T1 services are oversubscribed to some extent. But with a T1 you ARE paying for the bandwidth you're getting. Your DSL service is no better, if lots of customers start using all downstream bandwidth all the time, the ISP would have to discontinue the service at that price.
The fool part about things like this is that no one ever tries to think logically about it. Every user that gets slapped by this is going to be one less client (if DSL is available) for them. The fewer clients they have, the less money they make to make up for badwidth costs. The less money they have, the more draconian they become. They should really think about tacking on an extra five dollars a month and start advertising that they ALLOW people to set up servers. As long as they have honest pricing and limit bandwidth accordingly, they won't eventually go under.
"Your superior intellect is no match for our puny weapons!"
Wonder what they'll say when they see Linux and Windows traffic coming from my ip at different times. Technically I'm only ever using one at a time, they can suck a bag of if they think I'm paying for two ip's when only one machine can be running at a time. And if they are going to start enforcing this, they can give me back my damn static ip. Guess I'll be switching to DSL soon too.
I'm the big fish in the big pond bitch.
That's the new XP feature, didn't you know that's why they put those fake user accounts in? Obviously if you and another person can share Word, you have two coppies and must pay subscriptions accordingly.
These greedy cable folks are going to be surprised when all of their customers drop their service. I know a faster browsing experience of an ever more comercial suck web is not worth $50/month to me.
Cox is forcing DHCP. I've had a fixed IP from at home for three years. For a short time I had DSL, but that died when I moved. Last week I got a cardboard toolbox with a letter and a CD in it. It warned me that I had to apply the software soon, using the authorization code printed in the letter, or lose service. The CD, needless to say, contained M$ and Mac binaries. Their web site had instructions that said, esentially DHCP, with forced swapping every 4 hours. It also says that they are going to discontinue the old equipment soon and a friend tells me the date is feb 15th.
WTF? They advertise "always on" IP. That means that they must have a 1:1 IP to cable box ratio, right? The only reason they are going this way is to twart people who want to actually use their connection for more than web mail, viewing the great corporate advert, and have their boxes broken by haxors.
So what do you think I'm going to do? That's right, I'm bailing. At home was just the first of these companies to go under. "Normal" people are neither going to trade their TVs for their computers nor pay $100/month for "entertainment". The rest of us expect more for $50/month than giant casino adds. No, I don't have cable TV, just the box. When it's over, Cox will be paying to maintian a line to my house that gives them zero revenue. If all I can do with the cable is surf, I'll reduce my monthly blead by $30/month and find a nice little dialup to do the same thing. Like normal people then, my wife will quit visiting sites that push huge adverts, and those places will lose out too. Poof, goodbye greedheads, I hope you all lose your shirts.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I was going to submit this as an ask slashdot, but I said forget it.
When do I own a packet?
After I request it?
When the media it travels down is owned by me?
When it hits my computer and the TCP/IP stack does something with it?
When I sign my service agreement?
I guess comcast thinks they always own the packet.
For about the last year i've been sharing my network with my neighbors, we all own our houses, and have given each other "right of way" to run cat5 stapled to the fence into each others houses. What started out as a simple 1 wire connection has grown to over 24 pairs of copper (i.e. 6 lines)
Each neighbor prepays 6 months in advanced, 10 dollars a month. With this money i've managed to get the bandwidth up to 1.5down and 512up. Their kids can download on napster all day long and it still wont lag my gaming connection. Not only do I share an internet connection with them, but my fileserver as well. We have a central repository for music, a phpnuke based site for updates on the network status.
Our equipment is pretty nice too, everyone has intel pro100 management cards. Our main nat server used to be a linkcyst router, but it has evolved into a k62-300 running bbiagent. (nifty little firewall on disk, bbiagent.net)
So the question of when do I own the packet comes up again.
We don't have a classC subnet, we're all using nat on the 192.168.x.x range. I thought that range was set aside as a non routable "private" network. Private as in mine, err I should say our co-op. It doesn't belong nor resemble our providers network in any way shape or form. We maintain it, upgrade it, support it, ect.
It's really a pity that all these ISP exec's get paid so much money. That 10million a year spent for 1 CEO could buy a cheaper CEO for about 250k, and enough techs to upgrade the existing infrastructure.
Take for example, the DSL I use now. It runs on POTS telephone service, which has not seen any signifigant change since Alexander Bell said "hello" 100 years ago. Basically whenever you make a phone call, the line between you and the person on the other end is a complete circuit. The best analogy I can make is this would be like taking a trip from LA to Chicago, with all the freeways empty except for your car during the duration of your trip. It's a complete waste of resources.
Now imagine if this infrastructure was upgraded to packet switched networks. Bandwidth would become cheaper because circuits could be multiplexed, allowing many cars on the road at the same time.
With comcast, I would guess that %90 of their bandwidth on the wire is being sucked away by their old infrastructure (analogue video) You can see what a waste this is because you can only fit maybe 40 or so channels on the analogue wave, on the other hand, they have this newfangled digital cable, which uses just 1 or 2 channels of the original analogue, but because it is a packet based network, its better utilization of the bandwidth and they can fit 100-200 channels where they used to only be able to fit one.
On top of that, there is IPV6
This is really turning into a long rant.
I just don't see comcasts justification for eradicating NAT from their network.. If they want to control what kind of network I have at home, they can run the cable, and buy my hardware. Hunting down people that just want to share an internet connection is bullshit (pardon my french) and is just another way of deflecting from the REAL problem which is people are starting to wake up to the fact that what they have percieved for years as good internet service is not the truth. I think it's about time people stopped accepting what the providers try and shleff off as good service and start demanding that they upgrade their networks to handle the load, instead of taking it out on the customers that underwrite thier service.
I'm guessing that our friends at LinkSys, sensing the threat to their revenue from the sale of devices that allow people to screw ISPs, are going to simply add some features to their routers that prevent detection, and we have another round of escalation in the network arms race.
However, I think that eventually, flat-rate ISP pricing is going to go away, no matter how much people protest. We're addicted like crack-whores now.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I've had a cable modem since 1998 back when I don't think anyone had heard of "NAT" and wireless ethernet for the home didn't even exist. My roommates and I were one of the early customers of MediaOne, back before they merged with Road Runner and before they were bought by AT&T. We paid 40 bucks a month for our connection and, like most other cable services, our bandwidth was decent but it was shared with those who live in the same neighborhood as you. Now, between myself and my 2 roommates we had 10 computers between us.
There weren't any NAT boxes available, so we did it the old fashioned way - we used a 486 put together from spare parts running Linux with IP Masquerading installed. ("IP Masquerading" is what NAT was called back then.) All of our computers were hooked up to this box - and MediaOne only saw one computer on their network. Our setup worked well and we didn't feel like we were stealing - in fact we believed were helping relieve the growing shortage of IP addresses.
If cable and DSL providers want to restrict the number of computers connected to a single modem, they need to be more clear about what they are selling. Are they selling IP addresses? If so, I only want one IP address, thank you. Are they selling bandwidth? Well, if they are, give me a monthly bandwidth cap because despite the fact we have nearly a dozen computers we didn't use anywhere near as much bandwidth as the kid next door with one computer who downloaded pr0n 24-hours a day.
And finally, if they are charging for just having the connection itself then don't complain about how many computers are connected. Does the phone company care how many phones are connected to a single line? You may argue that a single phone line will only let you have one call going at one time. Well, the same is true of cable and DSL services. Anyway you look at it, there is only one packet being transmitted through the DSL or cable modem at any given time. This is very different from stealing cable television where you can watch multiple channels at the same time on different TVs.
Given all of this, the only thing that the cable and DSL providers can do is limit the bandwidth on a connection. If they did that then "Bob" wouldn't be as willing to share his bandwidth with his neighbors because it would either mean additional fees or slower access for himself. He should have the right to "timeshare" his connection anyway he wants. Just like if I were let my neighbors watch my cable TV while I'm not home or if I deleted my copy of Quake and lent the CD to a friend.
Besides, even if something like CAT is implemented, clever Linux users will still be able to customize their own little firewall/router to bypass this and this "problem" will still exist.
Ok, I'll bite. How does the number of computers "screw" the ISP. They don't need any additional IP resources/addresses (assuming your home LAN is set up as a private network) and I can just as easily use the maximum bandwidth with one computer as I can with 10.
I can see charging per MB or GB transferred, but I can't agree that those running a home network behind a Linksys (or similar) cable modem hub/router are somehow screwing the ISP.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Trying to "fool" your ISP with clever stealth-NAT schemes is lots of fun and all, but it does nothing to change the status quo of companies thinking that they can dictate how their customers should use the Internet.
Yes, I realize that some of you have no alternative. If that is the case, it is of course up to you whether you want to drop back to dial-up service, or continue to get dicked around.
I don't care if it's 90,000 hectares. That lake was not my doing.
The cable companies are trying to achieve the same benefits that OS software companies enjoy. Just like you can't install one copy of Windows on multiple computers (legally anyways), the cable companies don't want you using more than one computer on the network at the same time. Does it increase the amount of bandwidth? Unlikely. Websurfing and gaming uses such a miniscule amount of bandwidth that even additional computers don't significantly add to the load, and any warez junkie will far outweigh the load that a multi-user network adds.
The point is, they want to be able to charge extra for multiple computers. Of COURSE there are technical ways to get around this, but those don't provide the cable company with extra revenue.
You say it doesn't cost the cable company any extra for you to host multiple computers on a single connection. This is true. Its also true that installing one copy of Windows onto more than one computer doesn't cost Microsoft more. But it deprives them of revenue they would have if you were legal. The cable company sees this the same way.
If its in the user agreement, and you signed on knowing this, you have nobody to blame but yourself. And cable companies are in a better position than Microsoft in this regard. Chances are, you probably signed an actual contract, not some EULA that you blindly clicked through without reading. You don't have to use them. Use a competitor. Vote with your wallet.
And now, you're going to tell me there ARE no other options. They're the only broadband provider in your area. Well, guess what. There are places that don't even have ONE broadband option. You at least HAVE a choice. Accept it, start an alternative service on your own, move somewhere there are more (or better) options, or keep cheating and hope you don't get away with it.
Personally, I don't get into this argument. The service I have allows me 16 static ip's and allows me to resell the bandwidth if I want. But I also pay for it, probably a lot more than you're paying. I could probably get away with far less, but I actually prefer the idea of having a service that I know is unrestricted. If you buy a service that comes with restrictions, you better make sure you can live with those restictions before you sign your name and start paying for it.
-Restil
Play with my webcams and lights here
All the fees for my telephone service and /27 routed to me with proper DNS,
my DSL connection cost me somewhere in the ballpark
of $2400.00 per year. For that amount, I get
two phone lines, a fairly decent voicemail package
plus all the add-on services that Qwest sells
(caller-id and so forth), a 1.5/1.5 Mbit ADSL
connection, a
a Cisco 678, webspace, mail addresses, nntp access,
yadda yadda, from a clueful ISP that provides
connectivity and not bullshit.
People keep going on and on and on about how MSN
this and AOL/TW that and now Comcast the other thing.
In my WAY NOT humble opinion, when you go for the
cheap option, you're going to get treated like a
commodity consumer, NOT like a customer. If you
are unfortunate enough to live in an area which is
not well-served by competing broadband providers, well,
you have my sympathies. There are downsides to the
area where I live as well. But if you do have a choice,
and you've gone with the lowest priced option when
better though more expensive alternatives are available,
you should stop complaining, and take responsibility
for the consequences of your decisions.
-fb Everything not expressly forbidden is now mandatory.
They must have done some kind of analysis where they estimate the cost of customers walking away vs. the enhanced revenue from additional fees. Given the robust sales of NAT devices, I think their analysis is way off. Then again, maybe this whole thing is a "troll for data" operation where you broadcast your intentions to see how much resistance there really is.
I remember the old days when @Home assigned one static IP per household, with no provision whatsoever for additional addresses. The tech. staff would say "There is a way to connect multiple computers, but we don't support it.", meaning "Set up Linux IP Masquerade -- we don't care, just don't ask us to fix it."
Of course the real problem with NAT is the 802.11b Wifi dilemma. In an apartement scenario, a single broadband subscriber can share with many neighbors, especially if they are light users (the kind the ISPs covet the most). I guess Comcast has figured this out and views it as a doomsday scenario.
The proper way to kill the anti-NAT practices is to see which ISP takes the lead and then boycott them into bankruptcy. After all, the service is not very useful without NAT, so walking away is not just the morally correct thing to do, it's almost a necessity anyway.
I guess "screw" was rather inflammatory - I should have enclosed it in quotes - since this is the implied attitude of the ISP. I don't believe that it's in any way screwing the ISP - in fact, I NAT myself. I think they should charge a scale for bandwidth myself (within reason) that way, on a normal month, I probably wouldn't pay as much.
The only way this is "screwing" the ISP - is that it's more "screwing with" because the service agreement specifically states (in most cases) "a single machine".
What's next. a limit on dual CPU machines?
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
If you have a problem with trying to stop this type of activity, then you also probably think it would be OK to run phone line from your house to your neighbor's house, since you "pay for the bandwidth and can do whatever you wish with it."
Maybe I'm missing something, but what's wrong with sharing my phone line with my neighbors? Assuming my neighbor splits the phone bill, I get a smaller phone bill in exchange for the hassle of having to share the line. And working out the long distance calls would likely be a pain. Hmm, thinking about it, it sounds alot like what happened when I was sharing an apartment. What's the difference if the person I'm sharing with lives next door or in the next bedroom?
(There may be a law of some sort against it, but I don't see any sort of ethical problems with such a situation.)
Search 2010 Gen Con events
Come to think of it, if 2) is properly done you don't even need 1).
It's the same principle used in law-enforcement:
Make people believe that if they break the law:
- It's very likely that they get caught
- If they do get caught the punishment is hard and certain
(As a side note i believe that the big difference in driving styles between mediterranean countries and northern europe countries with similar driving laws, is due to different perceptions of the answers to the "will i get caught?" and the "if i get caught will i get punished?" questions).In what way is that not a network?
A new kind of meat designed to appeal to vegetarians.
By having more than one computer (read more that one person) connected to the same cable modem you are raising the actual contention level of the connection.
Broadband ISPs calculate a contention level - although they limit you to a certain bandwidth, say 512kbps and have, say 2000 customers, they probably don't have a 1 Gigabit backbone connection.
That is to say that if all 2000 customers were to initiate a download they wouldn't get the 512kbps they pay for.
If the ISP has an advertised contention ratio of 50:1 then this scenario means that the 2000 customers are connected to a 20Mbps backbone.
It means that only 1 in 50 customers are using their bandwidth quota at any one time.
Now, by employing NAT (via 802.11b for instance) and possibly selling it on (or just sharing the cost) customers are also raising the contention level and effectively raising the chance that other customers will not get their quota of 512kbps.
My personal opinion is that NAT itself is not the problem, sub-leasing your Internet connection in any way is.
... is like stealing from Nike, right?
Or worse, buying used sneeakers is also stealing.
The moment I'm under obligation to pay any other private entity money for a service I do not wish is the moment that I become a slave.
Just because someone expects their customers to behave in a particular way doesn't mean that they are obligated to, or it is wrong for them to behave differently.
This from "Cindy" a tech at Comcast. Background: I was set as static from day 1 by the tech who said there were problems with the DHCP server at the time. Now that its crunch time, I've been trying to convert to DHCP, but haven't been getting a lease. Found out that CC changed my cust id number, so I would have never gotten an IP until I called them. Hats off to Comcast for calling my house with a prerecorded message stating that I'm still using static and have a week to convert to DHCP, lest my connectivity will be dropped.
Anyway, in talking to Cindy tonight, I said, "I can't believe you guys are going after users with Linksys boxes!" She asked, "what do you mean 'going after'?" I said, "like, pulling the plug! I have one that does wireless so I can work on my laptop anywhere in the house, and now you guys want to chain me to my desk in my basement."
"Oh, I don't think that's what they meant. See, those little firewall boxes won't work with the new network because they're only static, and can't do DHCP at all, so you're box isn't going to work after we change over the network."
"I see. Well then, uh, thanks, I guess!"
Intelligent Life on Earth