Slashdot Mirror
Comcast Gunning for NAT Users
phillymjs writes: "A co-worker of mine resigned today. His new job at Comcast: Hunting down 'abusers' of the service. More specifically, anyone using NAT to connect more than one computer to their cable modem to get Internet access- whether or not you're running servers or violating any other Acceptable Use Policies. Comcast has an entire department dedicated to eradicating NAT users from their network. We knew this was coming since this Slashdot article from two months ago, but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday, and I'll be cancelling my Comcast cable modem early next week." Earthlink and Comcast have both been advertising lately their single-household, multi-computer services (and additional fees) -- probably amusing to many thousands of broadband-router owners, at least until the cable companies really crack down.
So, what are the methods they use, and how can I make it more difficult for them to tell if I have a machine running NAT?
How exactly are they going to do this?? I mean NAT isn't really something you can look at it. The same ip is beind used just by different systems behind the NAT server.
Does anyone have any info on exactly how they plan to do this?
Adelphia has it as part of their service agreement that you can have multiple devices on the network and the cable modem install techs will actually configure your linksys router for you when you sign up for the service.
If you choose not to decide, you still have made a choice. RUSH
How would they go about doing this, being that NAT makes all data coming in and out look as if it was coming from a single IP? They could try to look at bandwidth, but you could easily make the case that you were just downloading a lot from one pc. What practical techniques can be used to detect NAT, and what can be done to avoid them?
Brandon Tallent
"We regret to inform you, Mr. Anderson, that you have three different people in your household using this computer to access the internet. Your bill will be adjusted accordingly."
This
This is not a story, let's not treat it as one. It'll be a story when somebody has copies of a letter explaining that their service was cut off, due to the use of NAT. In the meantime, I can tell you that the firewall on my comcast connection has received no new exploratory packets originating at comcast servers.
I had assumed that though like this was basically on the way out. Most ISPs will say "We support one computer. If you wanna rig something else up to use more, don't expect us to support it". That's sort of fair, mostly.
This is creepy. I'd personally sue them.
How do you even detect NAT?
There's this which describes a way to find webservers behind NAT, but what about the general case?
If you don't like it, don't sign up. If you try to cheat on the policy with your l33tness and get caught, don't complain.
Seriously, when I signed up the agreement was that I would not provide service to anyone outside my residence, which is fair I guess. If they want to crack down on me doing something that is proper let them try, but I'm not going to back down from asserting my rights. Personally I don't see what options that have to crack down. Though I have heard that their switches remember your mac address now so if you change the computer/network card hooked up it takes a reset to get it working again :(
The only way I can think of for them to detect NAT is if they see simultaneous activity on too many ports at once, indicating more than one person at the same time is using the Internet.
Obviously, the more people you have on the line, the more likely this is to occur.
Seems kind of silly to spend a lot of resources on this. I can kind of understand maybe charging people more for using more bandwidth than average.
Sometimes it's best to just let stupid people be stupid.
Look, I have my Road Runner connected to a firewall that routes my internal machine to it. Therefore I have more than one machine (technically) hooked up to Road Runner.
The firewall uses NAT for my internal box. My firewall is a custom Linux box I setup myself, but I imagine any firewall would behave similarly.
If they're basically saying you have to have just the one machine directly connected to their service...they're saying YOU ARE NOT ALLOWED TO RUN A FIREWALL.
How can they possibly suggest that I'm NOT ALLOWED to run a firewall? Especially seeing as how the freaking cable networks some of the worst offenders on portscans etc...
Freaking morons.
This is never going to happen of course, because this sort of service provision implies not only limits on the customer but also performance requirements on the part of the telco. I think we are stuck with "52 times faster than an ordinary modem" marketing and bad service forever.
What about setting up a linux machine and connect X-terminals to it, thus providing multiple users with internet access, but they are on the same machine. Or a windows terminal server. Or ssh in and run applications that are forwarded over X. Or port forwarding.
And, windows 98/ME does this automatically if you have a windows LAN with one computer connected to the internet, doesnt it?
Huh?
Yeah, if they really want to stop bandwidth hogs, why did they not just make the Cable modem also be a bandwidth limiter!!!!!
"No that would be too simple a solution! Besides it would cost the company millions!"
It's not like you can plug your computer into the cable system directly, you have to have a modem.
Probably something along these lines:
Customer: Hello?
Rep: Hello, sir, I'm doing a study for Comcast, and we'd like to offer you 2 free months of service if you would participate in a quick survey about your internet usage at home, so that we may better serve you in the future?
Customer: (Trying to figure out how far 2x$39.95 will go at the Golf Shop) Uh, sure, whatever.
Rep: Great! Question 1: Do you have more than one computer in your house connected to a cable modem?
Or better yet, kill service to a block of houses, and wait for the support calls to roll in. Yes sir, we'll have a technician come right out sir. He may need to have full access to your computer or computer(s), sir.
...my DSL provider, PacBell Internet, actually wants to sell you a NAT router when you sign up for basic home DSL service.
They can catch the scumbags that get the cablemodem and then nat their entire apartment building, or the neighborhood but they will never catch a single family dwelling doing it. the ONLY way to detect it is to watch bandwidth and look for 60-70 connections coming out of that cablemodem. anything less will be false positives as just hitting some websites causes at least 10 connections to other servers for ad's popups, etc...
Besides, how is this going to fly with the AT&T policy of allowing it and even encouraging it? AT&T will gladly sell you a smc or linksys NAT/firewall... that constitutes encouraging it.
Do not look at laser with remaining good eye.
I told the guy I was using a router. He freaked. "OMG OMG HOW MANY COMPUTERS DO YOU HAVE?" he asked.
:) So, if they had a way to scan my system, there's only one machine up.
"Just one. I just trust hardware firewalls more than software ones. I don't want to get infected with a worm that would then lower ATTBI's bandwidth."
He then let me go on my way.
Now, this article is a case of "i know a friend of a friend who's doing this dispicable act!!!" so I'm not taking it to heart. And as for me, only my Linux box is on 24/7...My Windows box is a seperate box that's only up if I want to play EverQuest.
Is there a term for "vaporware" jobs?
If you're using a commercial broadband router (Linksys, Netgear, DLink, etc.) they may have a way that they can probe IPs for that specific type of device. It might have a web page on port 80, or something else open that identifies it as being a router. They wouldn't be able to identify a Linux box doing IP Masquerading, but they'd find all the Linksys routers easily, and since those are quite popular, they'd figure that was good enough.
Another consideration: How does the NAT box know where to send incoming replies? Isn't there something added to the IP header to indicate the internal source IP of the packet? I would think there would have to be. Could they scan packets for these identifying signatures?
A problem with this: some people use NAT routers as a firewall, with only a single computer connected, simply for security reasons. It's certainly more secure (and less problematic, from what I understand) than ZoneAlarm or BlackIce. How is the ISP going to know the difference?
If they're scanning IP packets, are they looking for multiple internal sources from the same external IP?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
As everybody else is wondering: how do they plan to ferret out NAT users? Go to everyone's home and count the number of computers? ComCast used to be such a nice service, it's a shame what they're doing to it. Lets count the ways they've made the service worse recently:
Still, even with all of these indiscresions, I'm inclined not to believe this story as is. There doesn't appear to be much actual evidence (has anyone been flagged for having a NAT yet?) to support the claims. Also, did the co-worker quit because the job is nigh-impossible? My hoax sense is tingling...
I read the internet for the articles.
I can't see Comcast winning in court anyway. It'll become readily apparent that bandwith is alotted on a per-modem basis and not on a per-computer, so the usage of bandwith over a number of machines does nothing to impose more strain on their network. In this sense, there's no way they could win in court, how would they justify cutting service to people who were using it within acceptable use? Either one computer can be hogging bandwith, or two can be sharing it... seems to make sense to me.
Furthermore, it seems like a forgotten waste of time for Comcast to try to pick up everyone who's using two computers (or more) over their service. They might pick up small businesses, or something, simply by paying attention to the fact that their bandwith is in use most of the time. One computer is more likely to have "down time" than two.
The bandwidth sucks.
The latency sucks.
The support sucks.
They encourage NAT and show you how to do it in their manual.
Thank you Bell!
If that's the case, then I encourage any Comcast customer who uses a single computer, who has the know-how, to write a script that generates arbitrary originating port numbers on all the traffic. That would rule.
Arn't outgoing port numbers pretty much arbitrary as it is?
autopr0n is like, down and stuff.
Do you feel the same way about Microsoft? Most cable providers in the US enjoy a monopoly. Comcast may be the only option for broadband access for a large number of people who aren't close enough to their exchange to get dsl. One could argue that broadband is a "perk", and doesn't deserve protection but I don't agree.
As a side note, hooking up a cable/dsl router doesn't really qualify as l33tness in my book.
You'll find more about my experience with Comcast broadband services on my company's web site, if you are interested.
-- Dave Aiello
On a somewhat related topic: One of Sweden's bigger and first broadband companies, Bredbandsbolaget (translates to "the broadband company") are scanning all their traffic for pirated software, music and movies. The funny thing is that they are offering 10Mb in both directions, when most around here only offer 0.5 - 2.5Mb, and that is incoming traffic only... so you can guess which connection all warez dudez are running if they have the possibility...
:)
One of my friends have been heavily into trading stuff since he had a 33.6 and a P100 machine - and was the coolest kid in town with that. Now he has shut down his ftp server and probably sits at home shaking from withdrawal. Thankfully, I never was much into warez, I have a few mp3's on my conscience, but that is pretty much about it. And I have another provider, if the urge should set in.
I think this is something we will see more of in the future, although so far I don't think any of the other companies have followed.
Scanning for warez may be more in line though, considering the terms of use, but on what level should the companies control what we do with the access? Forbidding several computers on one connection just to charge more money is just plain cheap, although many do already have clauses about not allowing servers on your home connection.
You know, that might actually work...if the MAC address were stored in the IP packet.
Sheesh, I've seen MAC filtering mentioned 5 times already on this article. Maybe everyone should take a look at The anatomy of an IP packet.
I read the internet for the articles.
Yeah, if they really want to stop bandwidth hogs, why did they not just make the Cable modem also be a bandwidth limiter!!!!!
THEY DID!
Many users of cable systems are bandwidth limited, also called "capping," on at least their outbound traffic, and many also have their inbound traffic limited as well. Where I live RoadRunner has outbound speeds limited from 15k to 30k/s outgoing, depending on which loop you are on. Incoming is limited to 250k/s, though this is almost never achieved, even when the packets are originating at a major university, essentially, across the street, with only 4 hops between one box and the other.
This is totally wrong.
The mac address is not sent as part of the tcp/ip packets. There might not even be one. tcp/ip works on all kinds of networks, not just ethernet. The ARP protocol is used to map mac addresses to IP addresses but that can't possibly be detected except on the same local network.
The gateway does not use the to map packets back. Generally they either trap outgoing requests on a port and map incoming data to that same port back to the same computer / port, or understand the higher level protocols and fake the data. (Ftp is an example where that is necessary, unless PASV mode is used).
Please try to get your facts right if you are going to post such a statement.
Sig is taking a break!
Consider this - a submission of the FoaF kind, no real evidence, but very much bound to bring an uproar among the /. regulars... The result - a pretty good list of things that can and cannot be done to accomplish the alledged NAT detection.
In other words, we are doing Comcast's R&D for them...
So now it occurs to me that the CableModem providers may be rabid about creative ways to use more bandwidth because their infrastructure is more fundamentally shared: their peak BW is higher, but users have to share the cable to the CO. In DSL, they can clamp my line if they want to.
Thus "nothing more than the bandwidth for which they are paying" may be the crux of the issue. DSL providers actually can limit you to your paid BW, but CableModem operators have a much harder time doing that.
Not that I actually support an ISP that wants to ban my NAT box. I would immediately switch to an alternate provider who lets me do what I want with my bits. Oh wait, I already did :-)
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
Can I use the service on more than one computer? link
Yes, customers with home networks may order additional network addresses in order to connect several computers to the service through one cable modem.
You must first subscribe to the basic Comcast High-Speed Internet Service.
Once you become a subscriber, you can sign up for a second and third address.
You will need to have access to network expertise because Comcast High-Speed Internet Service neither installs nor supports networks.
The cost is $6.95 per month for each additional outlet. Customers can have two additional addresses, for a total of three.
Comcast will install the network card and software on a second and third computer for a change of $49 for each computer.
Hammer of Truth
To avoid this, get the MAC address from an old NIC, or a machine that will never be connected to the subnet on the cable-modem system, and (assuming your NAT box supports MAC spoofing) configure your NAT box to use that IP address.
More likely than not, the providers are too stupid to do the necessary research, and will look at the high bandwidth users and do a packet sniff to see what their activity looks like.
instead of just selling an extra IP address to those without a router then maybe more people would be interested in buying the extra IP addresses.
I know I would, especially if they would allow servers, I know my FTP site gets pounded when my band releases our new songs, the fans that we have jump on my server so hard that it's almost painfull to surf from my other boxen.
Also, it can spoof any MAC address I chose on it's WAN port. (Yes, the MAC address can get sent over the DSL Modem, if it does ethernet encapsulation over ATM, and the ISP might care what it is).
FWIW, my ISP doesn't have this kind of "no NAT, no servers, no pinging" bullshit in their AUP -- they just don't want me to generate a disproportionate amount of outbound traffic.
You could've hired me.
I mean, it's all a pretty grey area isn't it? Do they want to dissalow any kind of internal networking in people's homes? That just seems bizzare. And as long as theres some kind of network there will be a way for people to use the internet if one of them is connected (VNC/Xwindows/terminal server/ as well as NAT).
I mean, it's not like having multiple machines behind a firewall is going to cause any extra resources to be consumed, the only reason for them doing this is to sell you back the right to do it. That's a nice bussness model. Ban stuff and then sell you the rights they took away...
autopr0n is like, down and stuff.
I have a lot of sympathy for the ISP (hell, I am one, about to go under...). The problem is that the industry still hasn't figured out how to charge its users in a fair way AND make a buck. Is it REALLY fair to charge a flat fee, which means divide total cost usage by total users and then charge that to each user (plus a markup -don't forget that this is NOT a charity, but a business-)? If so, then what happens is that those that hardly use it are heavily subsidizing the big users.
If there are no limits, what stops you from getting yourself a cable/DSL access and then wiring up your whole neighbourhood through you? Hand them out instructions on how to create a hotmail-type email, and off you go. For those that say "sure, but then you are lowering the experience of each one", they should actually look at average usage, and you would see that up to around 50 users or so, you are unlikely to step on each others toes except under exceptional circumstances (not more than 4 or 5 are likely to be on at the same time, and of them, they are statistically going to have more unused b/w during their usage than used).
Unfortunately, during the dot-com boom pricing and billing of ISP service went nuts (along with the rest of the industry), and we still have to recover from this idea that b/w should be somehow GIVEN by the ISP at no charge to EVERYONE. Sure, I love universal service as everyone else, but the big question that we should all be asking ourselves: "for internet service, WHO should pay?" Please note, that links, routers, equipment, staff, electricity, etc... are NOT free.
If an ISP has unlimited access which it is calculating on the basis of an average SINGLE user with a SINGLE machine, and it states it clearly in its contract that you are paying for a single-user/single-machine, then anyone putting more than that on their link is in breach of their contract. They have calculated their prices based on their assumption. Of course you may think -and might even be right- that their prices are too high, but does that morally allow you to be in breach of contract? In the same way, we all feel that MS-whatever licenses are way too high, but are we morally allowed therefore to install each program on 10 machines (certainly not legally).
John.
How, pray tell, do they propose to determine whether a user has NAT?
Well, probably nothing is a perfectly reliable diagnostic.
But, [not an expert, here] I had thought that one symptom of NAT was a plethora of high numbered ports being used.
But this practice really irks me.
As far as I'm concerned, just let the user pay for [bandwith + 1/latency]*connect_time.
If clients don't want to subscribe to your extra services, then don't try to browbeat them into it by saying that home-brewed services are "not allowed".
The first network service provider with a business model specifically designed to cater to the commoditization of the network will eventually make mincemeat of those providers that rely on heavy-handed tactics to force their customers into needless higher cost products.
It's like having to buy rust-proofing as part of your new car or an extended warranty on a piece of solid-state electronics - a complete rip-off.
"Provided by the management for your protection."
but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday
Here's the thing. $49.95 or whatever it is you pay really doesn't cover the cost of all that bandwidth if EVERYONE uses it. It's called oversubscribtion and the $19.95 dial-up ISPs are alive because of it. The ISP (in this case Comcast) can't offer that service at that price if everyone uses it. Even T1 services are oversubscribed to some extent. But with a T1 you ARE paying for the bandwidth you're getting. Your DSL service is no better, if lots of customers start using all downstream bandwidth all the time, the ISP would have to discontinue the service at that price.
I wonder if people are reading descriptions of IPv6 ip allocation schemes, and are misapplying them to IPv4.
My service was bought by Comcast so I am now one of their subscirbers. First the sent a letter with a broken CD that said run the CD by the end of the year of lose internet access. I got this in the mail as I was leaving for Christmas vacation and wasn't going to be back until January. No explaination of what was on the CD or the settings that need to be changed for email and whatever else. I also recieved a new email address that I will never remember. And when I got back, I got a letter informing me that due to all the new services (I'm not sure what those are) my rates are going up!
And now this? If they call me about my router (unless the kittens are surfing while I'm at work, I'm the only one that uses the access), I need to find another provider. Anybody have any recommendatiosn for a provider in the Detroit area?
I wish people would just give up this idea that there is a free market. THERE IS NO FREE MARKET, not as long as all parties are not fully aware of all the facts and especially as long as cable companies get special protection from the government.
Where I live, the only option for high speed access is cable (DSL isn't here yet), which cripples the "free market" illusion even more.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
(ring ring ring)
a)Hello?
b)We're with Comcast. We found that you are using multiple computer over your connection via NAT. Comcast is fining you for TOS violation and your new rate is now $150/mo
c) But i'm not
d) We have blah blah blah proof that you are
e) No, I just run virtual machines on my one system. It the same computer, just running different operating systems at the same time. I was running my completely-approved MacOS with Virtual-PC open to Win98 which was running VMWare with Linux as a kind of side project to see how running a virtual machine in an emulator affects performance.
f) oh
(click)
They can't differentiate if you have multiple machines or one machine with multiple OS's unless you NAT a LOT of machines....
just my thoughts, any feedback welcome
- Sig
The fool part about things like this is that no one ever tries to think logically about it. Every user that gets slapped by this is going to be one less client (if DSL is available) for them. The fewer clients they have, the less money they make to make up for badwidth costs. The less money they have, the more draconian they become. They should really think about tacking on an extra five dollars a month and start advertising that they ALLOW people to set up servers. As long as they have honest pricing and limit bandwidth accordingly, they won't eventually go under.
"Your superior intellect is no match for our puny weapons!"
Comcast Guy #1 We need to get computers off the network that are stealing our bandwidth!
Comcast Guy #2 Gee, guy 1, How are we gonna go about doing that?
Comcast Guy #3 Hmm. Ok, I have an idea Lets make up a story and post it to Slashdot, we'll tell them we are going to find them out,they are all evil bandwidth stealers, they will wonder how we are going to go about doing this, and in the process they will tell us EXACTLY what to do to find them out. Good thing for them or we'd have no clue whatsoever. Now we can spend more time making useless content that we can charge them money for
Don't Tread on Me
What if I only have one computer online at a time? I go to work every day, but my wife works from home. Sometimes she's online on her Mac, other times on her PC. When I come home, she's watching TV while I'm on my linux box. How is that a problem?
this is getting old and so are you
blog
There is no free market. The "invisible hand" is the CEOs of the media companies, arms manufacturers, PACs, tobacco companies, biotech firms, and private foundations gathering at Bohemian Club, Bildeberger, WTO, etc... to "not discuss business". The whole world is run through collusion.
The other companies will adopt Comcast's policy, because it guarantees the highest profit.
"What is the sound of one belly slapping?"
Higher level protocols can leak NAT information.
HTTP and FTP do this just to name a few.
FTP clients will embed their IP in the PORT command.
Stupid HTTP clients (IE) will give up their
IP in cookies or in HTTP headers.
Both of these can make it out of a NAT.
How much packet inspection can they do, legally? I realize that they can inspect headers, etc, to their hearts content, but can the ISP really monitor the _contents_ of my packet stream without already having clear evidence of an AUP violation? (I haven't read their AUP, so I don't know).
If they can, then it follows that they may read my email (again, without prior evidence of wrongdoing) in order to enforce their business practices - this seems like a pretty clear violation of privacy.
NOTE - I don't really think that my email is private, nor do I believe that IP traffic is secure - the question I'm asking isn't about the capabilities of the ISP. Rather, I'm curious as to whether or not they have the legal _right_ to monitor my traffic (payload, not headers) without a complaint (or a warrant).
The free market would work if there was one. In alot of places (most?) there isn't.
As far as I can tell, they only charge more if you buy their home networking kit for $149. Then they want you to pay $9.95 a month more. If you buy someone else's home networking kit, they don't charge you any more money (according to their FAQ, you're allowed to set up your own home network, they won't support it though.) I guess the $9.95/mo is for support then, still it doesn't make too much sense to me.
Wonder what they'll say when they see Linux and Windows traffic coming from my ip at different times. Technically I'm only ever using one at a time, they can suck a bag of if they think I'm paying for two ip's when only one machine can be running at a time. And if they are going to start enforcing this, they can give me back my damn static ip. Guess I'll be switching to DSL soon too.
I'm the big fish in the big pond bitch.
I've seen people bitch and moan about this, so i'd just like to leave my 2 cents.
You are right that IP packet contains no info about MAC. MAC is an ethernet frame thing. BUT that IP packet is encapsulated in an ethernet frame.
You see, ethernet is a point to point protocol. I can communicate with everyone 1 hop away from me via direct ethernet (so to speak..this is oversimplified). However I cannot go farther than that. IP allows us to reach destinations beyond that and so the IP packet is layered in an ethernet frame as the data the frame is carrying.
This is why Mac users can use Localtalk to get IP's... The Mac layers the IP packet in Localtalk (as opposed to ethernet) and then a Cayman Gatorbox or something (Linux can do this too, i think) accepts the Localtalk packet, unwraps the IP packet and rewraps it in ethernet. Or ARP. Or X.25. Whatever
It's also why ARP exists. keeps track of what MAC is connected to which IP in that one-hop area.
since ethernet is a point-to-point (one-hop), the router applies it's own Mac address when it MASQ-forwardes the IP insides on to the next router in line (your ISP's). Thus, it should still never see how many unique MAC's are coming from inside your LAN (there are some cases where they can, like using a virtual interface to fwd packets...you should assume the ISP can listen to ethernet frames promiscusly at the broadband modem...)
just my thoughts, please let me know if I am wrong
- Sig
The reason that broadband cable access is so cheap is because they don't exect you to use it all of the time.
I say that cable is cheap because you can get near T1 performance (~$600/mo) from a cable line. The companies don't want you online all of the time because it costs them more money for the extra bandwidth.
Its kind of like the 56k ISPs. You can have unlimited hours of use, but they don't want you connected if you're not using it. They don't want an idle connection wasting a phone line. Don't get me wrong though. I'm not on their side. I want to be able to run my network on a cable connection as well. We just need to compromise or something...
"A plan fiendishly clever in its intricacies"- Homer Simpson
These cable providers (att, formerly @home, cox, comcast) and even some satalite providers, are no longer selling people bandwith with ips and whatnot, they're selling "internet access".
I was on @home back when they first brought it to my area, they gave me a static, and there was no download/upload cap, and I recieved a static ip (i could have up to 3). They then started charging $2/mo or something for the statics, and later it's ALL dhcp. Then came caps, slower connections, horrible support, etc.
And so I switched to DSL. I'm paying for Buisiness DSL from pacbell (1.5/384 5IP) and it's a bit expensive (i got a deal at about $65-70), but i know what I'm getting. There's no "we switched you to a proxy" or "linux? no you have to use our windows software..." etc. And while they will yell at you for doing stupid things, there isn't a buch of suits sitting around in a room schemeing on ways to slow down the rate at which i download mp3s (i don't think), and thats rather comforting.
If someone puts you on a shitty network, takes away all the perks, and makes it so you can't even protect yourself from their insecure, poorly contsructed network (by installing a firewall), then the best way to deal with it is to switch.
Even non-technical friends who have @home-type connections are getting fed up and ordering DSL.
Let's turn this into a public relations nightmare for Comcast.
Of course I would advise everyone to switch providers, but unfortunatly in most cases this is not an option since Cable companies hold a monopolies in their local areas...
...richie - It is a good day to code.
You are right, but all of this can be fixed using a proxy server. Of cause you shouldn't forget to disable things like "x-forwarded-for".
I think the simplest methode to find many NATs is to look for this high port nummbers like 64000 and up. The linux kernel can easily be patched to use other ports that doesn't smell like NAT but most people wouldn't alter the kernel to hide their NAT.
Some other writer suggested to use TCP sequence number prediction heurisitics to detect mulitple tcp stacks running behind a NAT. I think that could work at least with stupid NAT clients like windows, that doesn't use strong random numbers for the seq. number.
What about a stealth NAT patch for the linux kernel ?
It could rewrite the seq number, too, not only the ports. It also could use much more random ports to hide its activity. It could be also usefull to cheat os fingerprinting techs. Very likely the providers wouldn't suspect someone to run a NAT if they get windows 95/98 as a result of their os fingerprinting. Linux or any other unix os is much more suspicious.
Jan
One way around this is use a SOCKS & http proxies and have socks clients on all the computers. Granted it's a pain to set up and use but it's harder to detect:
..
1) The TCP sequence number thingy is not a problem because your connection terminates at your proxy and then the proxy makes a connection out. All seuquence numbers are that of the proxy.
2) TTL is not an issue; the TTL will be that of the proxy.
3) OS fingerprinting will not be a problem because the fingerprint will be that of the proxy.
The only issue that I see is is port #s -- there's somthing a little fishy about the number of high port numbers used and of course content-relted stuff -- if a Javascript reports your IP.
So thus your "stealth NAT" is just a SOCKS proxy. It's just a pain to set up. .
At what point do these ISPs stop being 'Internet Providers', and start becoming 'Web Page Providers'? As early as a year ago, an 'Internet Connection' meant that my computer could talk to any other computer that is also on an 'Internet Connection.' Nowadays, though, ISP's are playing games with blocking off what you can do with this connection. It seems like companies like ATTBI really only want to provide you the ability to do what Internet Explorer allows you to do. Anything beyond that and they try to nix it.
They don't want me doing P2P, they don't want me to play games, they don't want me to have more than one computer hooked up, and they don't want me going wireless. How much more can they block off before its no longer really an Internet Connection?
It seems to me that if they are going to behave this way, then they shouldn't be considered Internet Service Providers anymore. They're not! You can't call it an ISP if they're telling you you can't do the things that makes the Internet the Internet. I have two computers on the net at home. One I use just as an email terminal (very low bandwidth), and the other is where I go cruising the web and do IM etc. Until they tell me that I can only use so much bandwidth, they have no business telling me I can't use more than one computer. They advertise "unlimited bandwidth, 24-7", and then they play these silly games with me. It really makes me want to sue for false advertising.
"Derp de derp."
That's the new XP feature, didn't you know that's why they put those fake user accounts in? Obviously if you and another person can share Word, you have two coppies and must pay subscriptions accordingly.
These greedy cable folks are going to be surprised when all of their customers drop their service. I know a faster browsing experience of an ever more comercial suck web is not worth $50/month to me.
Cox is forcing DHCP. I've had a fixed IP from at home for three years. For a short time I had DSL, but that died when I moved. Last week I got a cardboard toolbox with a letter and a CD in it. It warned me that I had to apply the software soon, using the authorization code printed in the letter, or lose service. The CD, needless to say, contained M$ and Mac binaries. Their web site had instructions that said, esentially DHCP, with forced swapping every 4 hours. It also says that they are going to discontinue the old equipment soon and a friend tells me the date is feb 15th.
WTF? They advertise "always on" IP. That means that they must have a 1:1 IP to cable box ratio, right? The only reason they are going this way is to twart people who want to actually use their connection for more than web mail, viewing the great corporate advert, and have their boxes broken by haxors.
So what do you think I'm going to do? That's right, I'm bailing. At home was just the first of these companies to go under. "Normal" people are neither going to trade their TVs for their computers nor pay $100/month for "entertainment". The rest of us expect more for $50/month than giant casino adds. No, I don't have cable TV, just the box. When it's over, Cox will be paying to maintian a line to my house that gives them zero revenue. If all I can do with the cable is surf, I'll reduce my monthly blead by $30/month and find a nice little dialup to do the same thing. Like normal people then, my wife will quit visiting sites that push huge adverts, and those places will lose out too. Poof, goodbye greedheads, I hope you all lose your shirts.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
If you have an old 486 or Pentium, a couple of network cards, and a broadband connection you can build yourself a hardware firewall in about an hour with a *BSD OS. Here's the link
-- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994
I went to vote in today's poll. Normally, I think my vote has been counted, but today I received this message:
slashdot login at company's proxy has already voted. (proxy for env.http_x_forwarded_for)
That's a shame, because all web access (for over 200 employees) at my company comes thru one proxy.
It looks like Slashdot's gunning for NAT users as well!
(Maybe CowboyNeal's trying to stop The Evil Empire rigging our polls too.)
As a result, I suspect firewall and kernel coders will change NAT's behaviour, making it harder to fingerprint (which makes it inherently more secure).
When our segment was switched from @Home to comcast.net, I found my LinkSys could not obtain a DHCP lease.
I tested with one of my laptops and it worked fine, but not the LinkSys. I banged a valid Intel MAC address into the LinkSys (MAC alias setting) and it got a lease.
A call to tech support (well, several) confirmed that they are blocking some MAC addresses.
My complaint is if they won't let us run some sort of hardware firewall (like) device, are they going to nuke/filter/pursue all the script kiddies and infected IIS servers that are scanning my LinkSys 10, 15, 20+ times a night??
They say you can use multiple computers *if* you pay them money for extra IP addresses. They don't say you can use one IP addy from multiple machines, and they seem to imply you can't
Still, in my (admittedly quick) perusal of their service agreement I saw only wording indicating that you could not use a single connection to provide Internet access to multiple people. If you own all of the computers and only you use them, then this may be a loophole to get you off the hook, should they sue. (Though, of course, they'd still cut off service.)
I asked: "I have a broadband router / basic firewall connected before my computer do you permit this? Or, do you not want one set up since multiple users can connect through one?"
and I quote: "We don't care, run the firewall, hook up a few computers, we don't really like servers on the network. Just be aware that when you call tech support we're going to ask you to remove the router so that we can test the connection."
If you're really concerned about it... don't run they're browser software... Don't go look at their homepages... I don't think I looked at Excite.com the entire 8 months I was a subscriber before they went down. Just pay your bill in the mail and enjoy the bandwidth when all the easily scared jump ship. If they do knock at your door, phone, e-mail... drop them... there's no contract involved and there are other ISP's out there. Hooray for capitalism!
Not necessarily. FCC regulations state that once the cable is in your house, the cable company has no say as to what happens (over and above saying you can't get services you don't pay for, like HBO). I don't know if the digital side of this has been tested in court yet or not.
I got pretty fired up when I read the introduction to this story. Before I got to the end, I had decided that I would switch to DSL if Comcast came-a-knocking, even though DSL is more expensive in my area.
However, I read the linked article and my Comcast agreement.
I doubt most people here have done either.
The effort is clearly aimed at people who are sharing their connections outside their homes. The article even has a diagram showing multiple homes. Take a look at this excerpt:
For example: Neighbor Bob buys cable modem service and a wireless home network. Neighbors Carol, Ted and Alice don't buy cable modem service, but they go out and buy antennas compatible with Neighbor Bob's wireless network. Everybody agrees to share Neighbor Bob's connection.
If you have a problem with trying to stop this type of activity, then you also probably think it would be OK to run phone line from your house to your neighbor's house, since you "pay for the bandwidth and can do whatever you wish with it." You would probably think it's OK to run Cat 5 or fiber all over your neighborhood too.
If Comcast tries to make me pay extra for having three networked computers, I'll be as angry as the next geek. But sheez, let's tone down the hype until that actually happens.
Evil is the money of root.
Well, yes, they provide some guidence for how to get more than one computer on the service.
Quoth the FAQ:
Can I use the service on more than one computer?
Yes, customers with home networks may order additional network addresses in order to connect several computers to the service through one cable modem.
You must first subscribe to the basic Comcast High-Speed Internet Service.
Once you become a subscriber, you can sign up for a second and third address.
You will need to have access to network expertise because Comcast High-Speed Internet Service neither installs nor supports networks.
The cost is $6.95 per month for each additional outlet. Customers can have two additional addresses, for a total of three.
Comcast will install the network card and software on a second and third computer for a change of $49 for each computer.
Read that section very carefully. The language they use does not say that you can not run a router. It says that customers "may order". It does not say must. Also, if they say that only one computer can be on the service, then a router certainly is ONE compuer. It just happens to be that that one computer is connected to two networks, the Comcast network and your own internal network.
Beyond that, there was the decision years ago that said AT&T could not prohibit you from connecting a non-AT&T phone to their phone network, as long as it doesn't damage the phone network, of course. One could always argue that cable and cable modem services should be covered by that as well.
You could do the same abuse with less elegant solutions than NAT. Simply running a simple Proxy server for your neighbors would provide them access. Only 1 machine is on the Internet, the rest aren't. Hell, if you are running MS's busted proxy, the rest don't even need TCP/IP, they could run IPX/SPX. (Lousy program, NEAT configuration options, I never want to go near it again...)...
Myself, I have a $90/month DSL connection. Why? If I need to get a VNC connection through the VPN to a work machine, I want the 384K uplink.
We have a NAT box with wireless, and technically, 4 computers there. I live with my fiancee. She web browses from her iBook, and I work from home on the weekends. We barely use the bandwidth.
However, I pay the premium so it is there when I need it.
Ban NAT and I lose Wireless. If that is the case, I drop DSL. I can't run Wires all over my apartment, so I use Wireless to send the signals around.
Find the abusers, by all means. However, leave those of us that don't abuse it alone.
Alex
So let's say you use NAT and comcast cuts you off because of it. You can:
1) pay them extra money to allow extra connections
2) pay somebody else to provide your interet service who doesn't care
3) go read a book
I mean fine, if they want to operate that way, great. And then they'll lose your business and you'll find somebody elsewhere who does provide what you want. Eventually if enough people are pissed off a market will develop to support their need (give or take stupid regulation of the market).
This sig has been temporarily disconnected or is no longer in service
The easy way to remember is that "eek" could easily be spelled with a lot more "e"'s, as in "EEEEEEEEEEEEEEEEEEEEEK!!! A monster..."
Whereas "eke" would never be said that way (and who the heck would say "EKEEEEEEEEEEEEEE"?)
The difference is, you are a roadrunner customer like I am.
Where I'm from, we are allowed 2 IP's. Hook up as many computers as you want - but please use NAT![the tech who came and did nothing, i said just leave it, said she has 6 on her RR]
Comcast, owned by M$ is going after Nat users. Why then has NAT been partially put into XP? I can have someone dial into my XP box and get NAT'ed to the network.
Who would think that a AOL network would be better than the rest?
As I watch the cable providers go down in flames I'm glad I've got TW/RR. It's fast, easy to hook up and none of this bull-shit. I asked about caps, when my connection slowed down. I thought maybe since I had downloaded many ISO's in a few days. The tech laughed at me.
My newest cable modem [since I moved] has the ability to hook into two computers!
Get your Unix fortune now!
In a household with kids, some good arguments for not keeping all computers on a direct connection with the world.
Either keep the kids computer use behind a proxy, so that you can control their access: prevent excessive game playing, filter sites they can access, etc...
Alternately, you may want to keep "real work"/ important computers and data behind the firewall computer that the kids use to access the net, knowing that they will install privacy compromising software with privacy compromising default settings, and nuke and virus their icq friends.
Knowing that no matter what the kids do, they can't fkup ur data. Alternatively, you may simply need to be protected from your own/MS's stupidity by taking advantage of the builtin firewall features of NAT and proxy connections.
Additional charges for:
- 'Premium' port traffic: Only business users would need IMAP or POP3 access to anything besides the ISP's own mail server, right?
- More than 4 simultaneous TCP sessions. Your browser and mail program don't need any more than that, do they?
- Email attachments over 1 MB. If you're sending big files, you're probably using it for business. And remember, no outside POP3!
- Anything lower than an 8:1 download/upload packet ratio. Lower than that and you're obviously one of those peer-to-peer pirate scumbags.
And don't even THINK of trying to tunnel or encrypt traffic!
You guys are missing an ever cooler part of their service agreement..
from their AUP...
http://www.comcast.net/TermsofService/aup.asp
>Internet Relay Chat
>
>The Services may be used to participate
> in "chat" discussions. These discussions may be
> hosted by Comcast High-Speed Internet Service
> network servers, by third party servers, or may
> not involve any servers at all. In all
> cases, the Comcast High-Speed Internet Service
> network does not normally monitor the contents
> of the discussion and is not liable for
> the contents of any communications made via
> Internet chat.
and if you wanted to actually USE Irc for something other than pr0n or warez... like discussion groups for Perl or something..
> Any computer or other device connected through
> the Services may not maintain more than 2
> simultaneous chat connections. This includes
> the use of automated programs, such as "bots"
> or "clones". Automated programs may not be used
> when the account holder is not physically
> present at the device.
so you can't be on more than two irc channels at the same time... if you do, you go straight to hell and off your cable modem..
wtf is a cable modem for if not the ability to get a lot of data at one time?
And who the hell decides what data is okay and not okay to download?
My DSL may be slow as hell, but at least i don't have to put up with this shit.
I'm just bothered that "the Internet" to these people is "the Web" - and that they built their network around that concept, instead of building fat pipes and just dealing with it - and that anyone who does more than "casual" surf is a "commerical customer" and so you need to "pay up the kazoo" to get service.
guns kill people like spoons make Rosie O'Donnell fat.
I was going to submit this as an ask slashdot, but I said forget it.
When do I own a packet?
After I request it?
When the media it travels down is owned by me?
When it hits my computer and the TCP/IP stack does something with it?
When I sign my service agreement?
I guess comcast thinks they always own the packet.
For about the last year i've been sharing my network with my neighbors, we all own our houses, and have given each other "right of way" to run cat5 stapled to the fence into each others houses. What started out as a simple 1 wire connection has grown to over 24 pairs of copper (i.e. 6 lines)
Each neighbor prepays 6 months in advanced, 10 dollars a month. With this money i've managed to get the bandwidth up to 1.5down and 512up. Their kids can download on napster all day long and it still wont lag my gaming connection. Not only do I share an internet connection with them, but my fileserver as well. We have a central repository for music, a phpnuke based site for updates on the network status.
Our equipment is pretty nice too, everyone has intel pro100 management cards. Our main nat server used to be a linkcyst router, but it has evolved into a k62-300 running bbiagent. (nifty little firewall on disk, bbiagent.net)
So the question of when do I own the packet comes up again.
We don't have a classC subnet, we're all using nat on the 192.168.x.x range. I thought that range was set aside as a non routable "private" network. Private as in mine, err I should say our co-op. It doesn't belong nor resemble our providers network in any way shape or form. We maintain it, upgrade it, support it, ect.
It's really a pity that all these ISP exec's get paid so much money. That 10million a year spent for 1 CEO could buy a cheaper CEO for about 250k, and enough techs to upgrade the existing infrastructure.
Take for example, the DSL I use now. It runs on POTS telephone service, which has not seen any signifigant change since Alexander Bell said "hello" 100 years ago. Basically whenever you make a phone call, the line between you and the person on the other end is a complete circuit. The best analogy I can make is this would be like taking a trip from LA to Chicago, with all the freeways empty except for your car during the duration of your trip. It's a complete waste of resources.
Now imagine if this infrastructure was upgraded to packet switched networks. Bandwidth would become cheaper because circuits could be multiplexed, allowing many cars on the road at the same time.
With comcast, I would guess that %90 of their bandwidth on the wire is being sucked away by their old infrastructure (analogue video) You can see what a waste this is because you can only fit maybe 40 or so channels on the analogue wave, on the other hand, they have this newfangled digital cable, which uses just 1 or 2 channels of the original analogue, but because it is a packet based network, its better utilization of the bandwidth and they can fit 100-200 channels where they used to only be able to fit one.
On top of that, there is IPV6
This is really turning into a long rant.
I just don't see comcasts justification for eradicating NAT from their network.. If they want to control what kind of network I have at home, they can run the cable, and buy my hardware. Hunting down people that just want to share an internet connection is bullshit (pardon my french) and is just another way of deflecting from the REAL problem which is people are starting to wake up to the fact that what they have percieved for years as good internet service is not the truth. I think it's about time people stopped accepting what the providers try and shleff off as good service and start demanding that they upgrade their networks to handle the load, instead of taking it out on the customers that underwrite thier service.
Nat means that several ext. addresses are used.
If you are using just one public ip, it's NAPT/PAT(network addr. Port translation/ port address translation).
"Mommy, mommy! The garbage man is here!" "Well, tell him we don't want any!" -- Groucho Marx
I do this all the time under Windows XP. I don't use squid obviously, but another proxy program (there's plenty of free/cheap ones out there!) Put a decent IP stack firewall on the machine, shut down all unecesary services, make sure you don't open up too many ports, and you've got a reasonably secure machine. (No, I **WON'T** give you my IP "just to check". ;+)
I suppose it's *possible* for them to detect that I have more than 1 machine hooked up, but they're not savvy enough. Bottom line though is that if they come knocking for more cash, I will yank my cable service, my broadband PC service, and everything else. They won't get a dime out of me after that. I won't tolerate any more price jacking from those bastards. It's just not worth it. I send them almost $100 USD a month, and that's too much already. I sense I'm not alone.
(Side rant: You pay for cable right? They why do cable stations have so many f*cking ads??!!!)
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
I've had a cable modem since 1998 back when I don't think anyone had heard of "NAT" and wireless ethernet for the home didn't even exist. My roommates and I were one of the early customers of MediaOne, back before they merged with Road Runner and before they were bought by AT&T. We paid 40 bucks a month for our connection and, like most other cable services, our bandwidth was decent but it was shared with those who live in the same neighborhood as you. Now, between myself and my 2 roommates we had 10 computers between us.
There weren't any NAT boxes available, so we did it the old fashioned way - we used a 486 put together from spare parts running Linux with IP Masquerading installed. ("IP Masquerading" is what NAT was called back then.) All of our computers were hooked up to this box - and MediaOne only saw one computer on their network. Our setup worked well and we didn't feel like we were stealing - in fact we believed were helping relieve the growing shortage of IP addresses.
If cable and DSL providers want to restrict the number of computers connected to a single modem, they need to be more clear about what they are selling. Are they selling IP addresses? If so, I only want one IP address, thank you. Are they selling bandwidth? Well, if they are, give me a monthly bandwidth cap because despite the fact we have nearly a dozen computers we didn't use anywhere near as much bandwidth as the kid next door with one computer who downloaded pr0n 24-hours a day.
And finally, if they are charging for just having the connection itself then don't complain about how many computers are connected. Does the phone company care how many phones are connected to a single line? You may argue that a single phone line will only let you have one call going at one time. Well, the same is true of cable and DSL services. Anyway you look at it, there is only one packet being transmitted through the DSL or cable modem at any given time. This is very different from stealing cable television where you can watch multiple channels at the same time on different TVs.
Given all of this, the only thing that the cable and DSL providers can do is limit the bandwidth on a connection. If they did that then "Bob" wouldn't be as willing to share his bandwidth with his neighbors because it would either mean additional fees or slower access for himself. He should have the right to "timeshare" his connection anyway he wants. Just like if I were let my neighbors watch my cable TV while I'm not home or if I deleted my copy of Quake and lent the CD to a friend.
Besides, even if something like CAT is implemented, clever Linux users will still be able to customize their own little firewall/router to bypass this and this "problem" will still exist.
I am currently paying $89/month for DSL. Why? Because I get 1.5/384 with 4 STATIC IP addresses. It's worth every penny to me to get this service.
Comcast shouldn't bill me for how many people I have connected, they should bill me for how much I actually use. If I want 256 up/down, then they should bill me for that. If I want more IP addresses, and more bandwidth, I should be able to upgrade to pay for that. This is why I've avoided the cable modem services like the plague. None of them really provide exactly what I want at a reasonable price.
If I go to comcast's site they scream out all the features I get including for my low $39.95/month. They don't have a plan for people who like to do P2P file sharing or host websites. If instead of charging me more for two connections they would charge me $20 more for more guaranteed bandwidth, I'd buy into that in a heart beat. But no, they keep it deceptively simple and then tack on BS regulations on the back end agreement.
I'd have some sympathy for them if now, realizing their mistakes, they did something to change their pricing structure or at least make their advertisements clearer about what you were really getting. No, they are still advertising a cornucopia of high speed bandwidth, and then they get pissed off when people believe them and try to use it.
This sig has been temporarily disconnected or is no longer in service
Trying to "fool" your ISP with clever stealth-NAT schemes is lots of fun and all, but it does nothing to change the status quo of companies thinking that they can dictate how their customers should use the Internet.
Yes, I realize that some of you have no alternative. If that is the case, it is of course up to you whether you want to drop back to dial-up service, or continue to get dicked around.
I don't care if it's 90,000 hectares. That lake was not my doing.
Well, you know better, but chances are you dad or uncle don't.
I just e-mailed ComCast and told them that I have a Linux box set up as a firewall with 2 Windows 2K machines behind it. I look forward to their response.
My justification was as follows:
1: I don't trust Win2K to be directly connected to the internet because of the many security flaws of the past and surely in the future.
2: The 2 Win2K machines I use, 1 is for personal use, and one I use as a database server and to pcAnywhere into work. I never use both at the same time, I can't.
3: They're benefitting from the fact that I'm running Squid on my Linux box and therefore caching web pages and reducing my actual bandwidth usage.
If I get a response soon, I'll post it, but I've basically come straight out and told them the truth. How they react will be a judgement of their character as a company
I chose ComCast for 1 reason: I could get billing for cable and internet from one company. If they wish to deny me that, I'll simply switch to satellite TV and DSL modem, and they lose my business entirely ($100/month for them right now).
Most consumer level NAT boxes, like, say, the Linksys Cable Modem Router thingy, have the ability to change the MAC on the external connection.
Why? Well, a lot of cable modem setups use DHCP or some similar system to assign an IP address to the computer hooked to the cable modem. When they install the thing, they put it on the computer. Then the customer comes in later, tries to hook up the NAT box, and finds that they can't get an IP because the server is giving out IP's by checking the MAC address of the requesting computer. So you change the MAC that the NAT box sends to the world to be the same as the computer they originally set it up on, the NAT box can then get the IP and forward all the data needed to the internal network. So checking the MAC won't get them anywhere because the MAC they get can be whatever the heck you want it to be.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Sorry, this is complete bullshit.
i de.pdf
A TCP packet has a header area and a data area. The header has a number of fields in it; the ones that are important here are the source and destination MAC addresses, the source and destination TCP/IP addresses, and the source and destination Port numbers.
A TCP header does not include anything like MAC addresses. The TCP header contains EXACTLY the following fields:
Source Port (16bit)
Destination Port (16 bit)
Sequence Number (32 bit)
Acknowledgement Number (32 bit)
Header Length (4 bit)
reserved (6 bits - currently unused)
TCP Flags (6 bits)
Window size (16 bits)
TCP Checksum (16 bits)
Urgent pointer (16 bits)
Anyone who tells you the TCP HEADER holds anything else is WRONG.
The IP HEADER doesn't even contain MAC information:
Version (4 bits)
Header Length (4 bits)
Type Of Service (8 bits)
Total length (16 bits)
ID (16 bits)
Fragmentation info (16 bits)
TTL (8 bits)
Protocol (8 bits)
Header Checksum (16 bits)
Source IP Address (32 bits)
Destination IP Address (32 bits)
A diagram of the TCP and IP headers can be found at http://www.utdallas.edu/~cantrell/ee6345/pocketgu
I don't see anyone else saying this: I think we shuold all say a big THANK YOU and WELL DONE to the friend who resigned his job over this - especially in today's economic climate. This sort of courage, to put one's own neck on the line over a principle, is sadly lacking amongst most of us. Well done, and best of luck finding another job with an more ethical employer.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Why skew the stats in MS's favor? Change it to someother company that can use the market share reports. (Opera would be my pick, but I am sure you have your own.)
______
Once: you're a philosopher. Twice: a pervert.
near as I can tell, they just don't give a rat's ass what you run or how you run it as long as it won't actually get them into trouble. Linux, web/ftp/whatever servers - no sweat. Of course, trying to get a real tech on the line when your service is down varies between good and awful...
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Cox is forcing DHCP. I've had a fixed IP from at home for three years. For a short time I had DSL, but that died when I moved. Last week I got a cardboard toolbox with a letter and a CD in it. It warned me that I had to apply the software soon, using the authorization code printed in the letter, or lose service. The CD, needless to say, contained M$ and Mac binaries.
Cox decided to force a switch of my IP the other day. This was after a week of my wondering where the bloody hell my "lunchbox" with the useless CD was. It showed up 2 days *after* the bastards forcibly changed my IP on me. I've also noticed several dozen unique IPs in the Comcast/Cox 68.x.x.x block hitting my firewall on port 80 since the switchover (Cox had been blocking 80 and 25). Three guesses as to what all the ones that respond are running.
Needless to say, I'd already initiated the process of switching over to DSL. Phone line was changed from a Cox-provided (they do phones here in Orange County, CA too) to a PacBell-provided line. As soon as the number switches (any day now), I call up Earthlink, get told again that they don't have static IP available in my area, and I tell them that PacBell (who is their sole provider here) has already told me I can get static IP from them.
Only 2 things make broadband worthwhile for me: static IP, and good news servers. Unfortunately, it's looking like it's going to be an either/or decision, and static will win every time.
Funny, before this, Cox was supplying cable, phone, and broadband to me. They've just now lost me as a phone customer, are about to lose me as a broadband customer, and if I can find a good deal on satellite, they'll also lose me as a cable customer. Good job, Cox!
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
I have a friend who uses a router with comcast. This concerned him enough to call them (in hopes of making a rightous big-stink!). They said there is NO problem with someone using a router (and using multiple computers). The only (no so) negative thing the tech said was "we offer multiple IP's; if you don't want to buy a router". This went down in SE PA.
Well, roadrunner is also not cracking down on it (yet). I lived in the Albany area when RR first started up a few years ago and man it was blazing fast for awhile. Back then we had to use their crazy client to login to the network. They got rid of that, but ever so slowly the bandwithgot smaller and smaller. Never could tell if it was because more people were using it all the time or if they were limiting us.
I've got Aldelphia in LA now, and their scheme for limiting bandwith... it's the best so far! They just simply stop traffic for random amounts of time, at random times. After the @Home bust, they assimilated some (unknown) number of those guys and ever since, my cable modem service has really sucked. I don't know why.
I can almost guarantee the first thing their
scanners will do is dramatically cut down the
scan time and horsepower needed by scanning only
responsive hosts.
my nat box passes and returns nothing except
22/tcp - fixed!
they will not have the manpower, computing power,
or budget to scan every computer on their network
to eliminate the tiny percentage using NAT when
NAT will not save them shitloads of money if
eridicated completely.
the people they WILL target fiercely will be those
using 20 people worth of bandwidth connecting on
kazaa ports 24/7
and yes, I am *very* close to a few insiders in
high places at comcast.net and not just spouting BS
A year spent in artificial intelligence is enough to make one believe in God.
Don't even bother with analogies like this, they are complete crap and inapplicable. You can interpret the situation however you like. In this case, I could say each "car" is an IP and the "road" is the ISP's pipe. Each computer system behind NAT would be considered passengers and that would be legal. Of course, then you have 4 people going 70 MPH and the entire anaolgy goes to pot there.
My stance is simple, pay per IP. You can play name games all you want with bandwidth versus speed, but the reality is that whether you call it bandwidth or speed, in computers it can be divided differently. The fact that there are multiple clients in a residence getting service in no way impacts the service any differently than a single client. Maybe four systems would generate 4x the traffic on average, but that is why our cable modems are capped anyway, right?
I'm just glad my AOL-Time-Warner owned roadrunner service explicitly tells me it is ok to run NATed systems and even that so long as I don't run for profit, I can operate whatever services I want on my connection. If they went out to screw me over though, then I would be mad as I have no alternative (too far from a CO for DSL, dialup is too crappy for NAT or services to be at all worth it).
XML is like violence. If it doesn't solve the problem, use more.
Why is it that I can sign for service from a provider, that provider can change the rules of the game by sending me a letter saying "these are our new rules...by continuing to use...you agree...", and then call me a thief when I continue to use the service in the manner which was acceptable to them when I first subscribed?
That's ridiculous; by that logic someone can complain because they can't keep paying the same telephone service rates they had back in 1950. Who said that contracts can't change? Certainly not your provider, which is why I'm sure they had a section in the contract saying that the terms could change.
The cable companies are trying to achieve the same benefits that OS software companies enjoy. Just like you can't install one copy of Windows on multiple computers (legally anyways), the cable companies don't want you using more than one computer on the network at the same time. Does it increase the amount of bandwidth? Unlikely. Websurfing and gaming uses such a miniscule amount of bandwidth that even additional computers don't significantly add to the load, and any warez junkie will far outweigh the load that a multi-user network adds.
The point is, they want to be able to charge extra for multiple computers. Of COURSE there are technical ways to get around this, but those don't provide the cable company with extra revenue.
You say it doesn't cost the cable company any extra for you to host multiple computers on a single connection. This is true. Its also true that installing one copy of Windows onto more than one computer doesn't cost Microsoft more. But it deprives them of revenue they would have if you were legal. The cable company sees this the same way.
If its in the user agreement, and you signed on knowing this, you have nobody to blame but yourself. And cable companies are in a better position than Microsoft in this regard. Chances are, you probably signed an actual contract, not some EULA that you blindly clicked through without reading. You don't have to use them. Use a competitor. Vote with your wallet.
And now, you're going to tell me there ARE no other options. They're the only broadband provider in your area. Well, guess what. There are places that don't even have ONE broadband option. You at least HAVE a choice. Accept it, start an alternative service on your own, move somewhere there are more (or better) options, or keep cheating and hope you don't get away with it.
Personally, I don't get into this argument. The service I have allows me 16 static ip's and allows me to resell the bandwidth if I want. But I also pay for it, probably a lot more than you're paying. I could probably get away with far less, but I actually prefer the idea of having a service that I know is unrestricted. If you buy a service that comes with restrictions, you better make sure you can live with those restictions before you sign your name and start paying for it.
-Restil
Play with my webcams and lights here
While I don't work on the phones (my job is to keep the client machines that tech support personnel use for logging calls running) I do end up listening to quite a few calls in that account. In fact I was listening to call today, where a gentleman was trying to get his Linksys four-port NAT-enabled router working with Comcast's service. Not only did the tech not mention anything about not supporting NAT, but the tech support agent helped him set up the router, made it work with one machine, waited while this gentleman went to his other machine, and helped him ensure that his tcp/ip settings were correct. He was using the 192.168 network locally.
Hmmm maybe we're just slow to get the news?
Lousy facepalm.
The TTL is unimportant. The first thing my Broadband installer suggested was to install a firewall.... There is absolutely no way they can differentiate between a Firewall and a NAT as far as TTL or OS guessing. Heck, if they could get as far as actually knowing that I do have a NAT, I could simply say it's part of the firewall protection scheme I have in place (can't connect to a non-routable IP now can ya?).
So far noone has mentioned anything that can't be attributed to other VALID applications. It looks like it justs comes down to them wanting to intimidate the low-tech users that buy a $50 3 Port router and don't put a second thought into it.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
... This is the same Comcast that wouldn't hunt down Code Red-infected machines on their network? Seems that one's a whole lot easier than the others.
And what about folks running, say, Red Hat? NAT can easily be enabled even if it isn't doing anything.
*smack* Silly Comcast.
In Soviet Russia, sig types you!
All the fees for my telephone service and /27 routed to me with proper DNS,
my DSL connection cost me somewhere in the ballpark
of $2400.00 per year. For that amount, I get
two phone lines, a fairly decent voicemail package
plus all the add-on services that Qwest sells
(caller-id and so forth), a 1.5/1.5 Mbit ADSL
connection, a
a Cisco 678, webspace, mail addresses, nntp access,
yadda yadda, from a clueful ISP that provides
connectivity and not bullshit.
People keep going on and on and on about how MSN
this and AOL/TW that and now Comcast the other thing.
In my WAY NOT humble opinion, when you go for the
cheap option, you're going to get treated like a
commodity consumer, NOT like a customer. If you
are unfortunate enough to live in an area which is
not well-served by competing broadband providers, well,
you have my sympathies. There are downsides to the
area where I live as well. But if you do have a choice,
and you've gone with the lowest priced option when
better though more expensive alternatives are available,
you should stop complaining, and take responsibility
for the consequences of your decisions.
-fb Everything not expressly forbidden is now mandatory.
My guess would be that they woul dprobably get a list of the default MAC addressess for all these "cable/dsl routers" by linksys and the like and deny dhcp requests for those addresses... That would probably get the largest chunk of the customers. If they did this, Windows ICS and Linux IP MASQ/NAT (or OpenBSD, or FreeBSD, or whatever), would be immune...
XML is like violence. If it doesn't solve the problem, use more.
Lemme guess...Adelphia East San Fernando Valley, eh?
BTW one GOOD thing about Adelphia...they actually ENCOURAGE the use of hardware firewalls. Of course, they won't support the fool thing but they know that the more hardware firewalls, the less hassles they will have with people's boxen being broken into.
A friend of mine in Australia tried to break into my network. Used all the usual tools and some unusual ones too. Most of the time he couldn't even SEE anything beyond my external IP address. The SMC Barricade ABR might not be stateful as yet but it's nigh impermeable. I rest easy at night knowing it's on guard.
Knowledge is power. Knowledge shared is power multiplied.
Ok, new list with some other points:
I've been a Comcast customer for some time and have had relatively no problems with them to date. I am a little concened that since my IP changed on the 22nd (our area's cutover) I'm unable to ping it from work. Something to do tonight I guess.
I'm against picketing, but I don't know how to show it.
I work for Road Runner, we dont care if you are NAT'ing. In fact its better cause it saves IP addresses. We just dont support it, meaning dont have any reps to troubleshoot that type of connection. Not sure why Comcast would take that route. If a customer wants to do that, then fine. They only get a set amount of bandwidth anyway.
Perhaps they want to charge for each IP address you would need by NOT using NAT.
They must have done some kind of analysis where they estimate the cost of customers walking away vs. the enhanced revenue from additional fees. Given the robust sales of NAT devices, I think their analysis is way off. Then again, maybe this whole thing is a "troll for data" operation where you broadcast your intentions to see how much resistance there really is.
I remember the old days when @Home assigned one static IP per household, with no provision whatsoever for additional addresses. The tech. staff would say "There is a way to connect multiple computers, but we don't support it.", meaning "Set up Linux IP Masquerade -- we don't care, just don't ask us to fix it."
Of course the real problem with NAT is the 802.11b Wifi dilemma. In an apartement scenario, a single broadband subscriber can share with many neighbors, especially if they are light users (the kind the ISPs covet the most). I guess Comcast has figured this out and views it as a doomsday scenario.
The proper way to kill the anti-NAT practices is to see which ISP takes the lead and then boycott them into bankruptcy. After all, the service is not very useful without NAT, so walking away is not just the morally correct thing to do, it's almost a necessity anyway.
As others have observed, if you want another IP they charge you for it. So does AT&T, @Home, and many other cable modem providers. If you can cram all your systems into one IP through NAT, they don't seem to have any problems with it.
From what I read, Comcast prohibits you from supplying bandwidth outside your household. That's reasonable.
It also appears that it's not that that they want to prohibit NAT, but, rather, that they don't understand how it could be used. The FAQ clearly implies that they believe that each computer will need an IP from them. So they are limiting it to three per household, and charging for it.
And for many people, who don't understand / care about firewalls, they may just go with that solution.
I think Comcast's only concern is conservation of their IP pool, not the computers themselves.
I bet if someone offered to work with them, they'd modify their FAQ's.
I had people connecting to my anon ftp server back in the Slackware 96 days when I still connected to Worldnet on 14K serial modem. If you have services exposed to the net, PEOPLE WILL FIND THEM.
Your wishful thinking simply does not correspond well to the world we actually live in.
Locking the door to your house or car won't keep out a motivated intruder. However, it will typically dissuade the more common drooling moron hoodlum. Such corporeal security principles are no less true online.
A Pirate and a Puritan look the same on a balance sheet.
How will they tell that someone is using NAT? Are they actually going to examine packets looking for matching source and destination ports??? What if I want to hide my computer behind private IP for security? These boneheads don't want computer savvy people as customers, they want computer dolts that can't keep their machines virus and trojan free and cost them money!
I operate a bunch of computers behind a NAT, SPI firewall on a cable modem connection with anti-virus and my own DNS server! I'm their smallest liablity since I don't stress their DNS servers, I trouble-shoot my own problems (their tech support sucks anyway) and I pay my monthly bill.
They should want more customers like me; not less.
-ted
Applying your argument to the case at hand, my doing NAT on my connection equates to riding in a Car Pool. It's still only one car (IP).
God, this example sucks.
Good for you! When some company like comcast calls you up to threaten you about using NAT, tell them that they better like it, or you're switching providers. Vote with your dollars, most areas have both cable and DSL, and many providers of each. Use the competition to you advantage.
If you have a box between you and the net which substitutes addresses or wraps packets, then the company providing you access can determine this is occuring from things in the TCP/IP datastream.
OTOH, if your box connects to a box (we'll call it a proxy server) and that proxy server connects to your target URL itself, and receives any data requested by you, then the only IP the outside world ever sees is that of the proxy. The proxy never references your internal IP (because it is always connecting ITSELF to the external system and so it looks like one computer is at your end). It does incur the overhead of two TCP connections, a bit of request translation and reply translation (some lag), but it does make your packets appear to all originate from one place. Anyone who knows HTTP and TCP/IP sockets can write one of these (for TCP).
The only thing that isn't so good for is FPS or other online games. It'll work fine (really well in fact) for web surfing or file downloading.
But really, if I'm buying X bandwidth from my ISP, provided I don't violate a law, what in the Blue Blazes gives them the right to pry into my internal network setup? If my smartFridge wants to talk to e-Grocer to order me some new lettuce, the ISP shouldn't be snivelling. They sold me the bandwidth.
If they are having problems with some users using more than their bandwidth then they have a network bandwidth throttling problem. This should be solved by a quality-of-service approach and bandwidth throttling, not pursuing those who happen to have a home network and don't suck bandwidth beyond the permissible and agreed upon amount.
This is a case of solving the wrong damn problem. But it is just this kind of blinkered thinking that has helped in the demise of so many high-speed service providers. It isn't that the market isn't there, they just want good service for their dollar. And this and other examples just illustrate that most services don't deliver.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
That's it : if your ip is typical from a home subnet, you'r using NAT.
Or, maybe you're just running a separate firewall to prevent your Windows box from being a sitting duck to script kiddieZ.
Myself, there are about 8 machines running behind my DSL. But a system I set up for a friend is OpenBSD on a Rogers cable modem, driving a Windows box. There's not even a hub involved - just a crossover.
He and I agree: Running Windows on a routable IP address is an act of great stupidity. The ISPs should be grateful for the reduced liability.
This setup doesn't violate the spirit of the service agreement - there's still only one computer connected to the ISP's network. And, in this particular case, it doesn't violate the spirit of the TOS agreement - the OpenBSD box does nothing more than ZoneAlarm, only better.
Heh. Of course, the ISPs will act short-sightedly.
Fire and Meat. Yummy.
Actually, that is the AUP...there TOS is here. And depending on how you define it, it kinda prohibits it.
6vii....FOR ANY BUSINESS ENTERPRISE, OR AS AN END-POINT ON A NON-COMCAST LOCAL AREA NETWORK OR WIDE AREA NETWORK, OR IN CONJUNCTION WITH A VPN (VIRTUAL PRIVATE NETWORK) OR A VPN TUNNELING PROTOCOL...
Assuming that you have multiple computers in your residence, I would think that your NAT/Router/Whatever box would fit the strict definition of an "end-point on a non-comcast local area network". Don't get me wrong, I think the policy is bunk between that and the whole VPN prohibiting thing...Let me use my account how I want as long as I don't abuse it.
Let them cancel my account...there is always DSL in my area.
From FreeBSD (/usr/src/sys/i386/conf/LINT):
# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
# packets without touching the ttl). This can be useful to hide firewalls
# from traceroute and similar tools.
Simply add "option IPSTEALTH" to your kernel config and rebuild. *poof* Firewall? What firewall?
Of course, you'll probably want to couple this with the standard anti-stack finger printing methods of IPF/IPFW, but the idea of "Stealth NAT/firewall" isn't particuarly new.
My
... trust "me", and anonymous coward posting on slashdot.
Gee , you inspire a lot of trust, eh ?
- sigs are for wimps.
Just when we thought that MicroSoft licensing is ridiculous, something more stupid comes along.
I repeat: this is RUMOUR. Why is it on Slashdot? This is not responsible journalism.
But, since everyone else seems to be hopping on the bandwagon taking this as fact I'll chime in anyways.
The solution is to play it smart and don't ever ever tell tech support you're using more then one computer. If they accuse you of using more then one, deny it. They're going to have fun proving that one.
Adelphia Powerlink flipped their freaking lid when the guy was trying to troubleshoot my connection by pinging it and I told him I'd gotten his ping.
"How do you know that? It's coming up as host unreachable here."
"Yeah I know I'm running a firewall on my machine."
"What?! You're not allowed to use a firewall on our network!"
"Uhm, why not? Oh maybe I should turn it off so all these people trying to DoS me can mess up your network a little more?"
So remember, when calling tech support:
1) You are using 1 computer.
2) You are using Windows.
3) Never mention the words: firewall, router, linux, server. They are verboten.
Always "follow" their absurd troubleshooting suggestions no matter how stupid they sound. Hey.. sometimes they do work, but otherwise just take what they tell you and translate the steps into your OS of choice. Or if you already tried it give them the answer they're looking for.
Found in a basic FAQ about firewalls at www.robertgraham.com:
Q: I've seen many DNS requests from many low port numbers below 1024. Aren't they supposed to be reserved? Aren't they supposed to use 1024-65535 range?
A: These are coming from machines behind NAT firewalls. A NAT doesn't necessarily have the concept of reserved port numbers.
Maybe they only have to examine the DNS packets looking for source ports below 1024?
You know, you can do wireless without doing NAT. Just because your little AP defaults to NAT'ing from 802.11b to the WAN port doesn't mean that it's the only way to work. I'm quite happy paying an extra $5 to my ISP for 5 IPs (that's just a buck a pop for those of you in Buffalo) and using a wireless AP with it's NAT turned off.
Think outside the... Hey, where'd the friggin' box go?
Who said you couldn't run wireless? Just because they don't want you to NAT to multpile devices doesn't mean that the devices you _do_ pay for can't be wireless...
Think outside the... Hey, where'd the friggin' box go?
The "average geek" uses way too much bandwidth for stupid things though. Like how many of us really need to download 50GB/month of MP3's and pr0n (which usually just gets deleted shortly after DL anyway)? Why do we do it then? Because we can!
Start metering a bit and people will trim down their consumption of bandwidth. Give me a 5GB cap and charge me a set amount for every 1GB after that. But, DO NOT tell me you're going to charge me per month for every PC I hook up on my connection. THAT pisses me off and it isn't even fair.
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
I like the way theirs is writtenp
http://www.charter.com/products/internet/aup.as
Basically it says don't be a dickhead. Only thing iffy in there is the if we determine you use too much bandwidth item. Items that are up to vague interpretations are not good.
On the contrary. Having a bunch of nodes behind an OpenBSD NAT firewall with state modulation should, it seems to me, look the same to an outside observer as having a single OpenBSD node.
Nevertheless, the documented point of state modulation isn't to hide the fact that you're doing NAT. It's to correct for the fact that many operating systems pick initial sequence numbers poorly, and are thus vulnerable to sequence prediction attacks. So there may well be ways to tell the difference -- though it would surprise me.
In the end, though, I agree with the sentiment expressed elsewhere under this topic: that ISPs are misguided in trying to penalize intelligent use of their services, but also that users are misguided in playing hide-and-seek with bad ISPs' policy enforcement rather than choosing more honest and professional ISPs.
I beleive that this so called department at comcast that enforces the AUP is a bunch of HOO-HA. All these people do all day is port scan users all day long looking for open socks servers. And when they find one they send a pre-formed 'assertive but peaceful' letter explaining that the user is violating the AUP and to stop pretty please. Just like when the cable TV portion of the company comes to your house to install or repair something. After they do the repairs, the tech will take you downstairs, show you the splitters that he had to disconnect because it violates their service agreement, and then he shows you how to reconnect them after he's gone. He doesn't care, and the cable company doesn't really care because they know that when push comes to shove, if they start disconnecting people for using more than 1 TV, or computer in their house, they'll end up losing in court, just like the telephone companies did in the 70's or 80's or whenever. If you pay for a certain ammount of bandwidth to your household, once inside your household, what you do with that bandwidth is your business and your's alone. In St. Louis, there is actually a company that offers to configure your broadband connection (cable, dsl, etc..) for NAT and firewalls, etc. They're called "The Digital Closet" I WILL LOCATE URL 4 U.. http://www.thedigitalcloset.com/ oh god their website sucks.. but it exists i guess. If all else fails and someone calls you threatening you with a disconnect.. just pretend to be a confused old man or woman, and say that your young trial lawyer grandson set-up your LAN. If that doesn't scare them, then use the method where you fall down on the ground and soil yourself and shake violently. That will work too.
How many people do you know that have free cable TV? Wouldn't it make more sense for these idiots to spend their time trying to bill people the $30/month for cable tv rather than $6.95 for an extra IP address? I guess prioritizing business goals is not a characteristic of cable broadband providers (see "Excite@Home").
And "affordable" hardware is very cheap if you look at solutions like the one at www.dubbele.com
And in the FAQ (NOT from the TOS):
Those were the only references to multiple computers I could find anywhere in the TOS or FAQ.
As you can see, it doesn't say anything about multiple computers sharing access not being allowed. However...
This paragraph gives Comcast considerable leeway in deciding what degrades another user's service, so they could conceivably argue that having multiple computers simultaneously connected could degrade other user's service (though I don't think paying more money for extra addresses would improve other user's service any).
So, what's the problem?
Furthermore, the fact of the matter is, if you split the line you are able to watch two different shows at the same time, which is why cable companies are allowed to charge for extra outlets. Phone companies cannot, because you get the same service on each outlet.
But a cable TV line IS the same service on each outlet: some RF energy run down a cable. What is on the cable is not different at each outlet... only what you choose to filter out of it varies.
Sucks that you can't split cable for free in Canada, legally anyway.
I just switched my DSL service from SBC to Covad today. Although it was not my reason for leaving SBC (they don't seem to prohibit NATing either), one reason for my choice of Covad was that the salesperson I spoke to was actively pushing all of their DSL services as NAT-friendly. I told him I was going to put up a wireless NAT box for my neighbors to use and my salesperson told me that they think that's perfectly OK.
Going off topic, I feel compelled to warn anyone who follows my recommendation that if you use Covad's "TeleSurfer" DSL service, you'll need to use PPP-over-ethernet (requiring a patched version of PPP which I believe is already in some distributions), and your PPP login will be username @covad.net, as opposed to just username.
Come to think of it, if 2) is properly done you don't even need 1).
It's the same principle used in law-enforcement:
Make people believe that if they break the law:
- It's very likely that they get caught
- If they do get caught the punishment is hard and certain
(As a side note i believe that the big difference in driving styles between mediterranean countries and northern europe countries with similar driving laws, is due to different perceptions of the answers to the "will i get caught?" and the "if i get caught will i get punished?" questions).In what way is that not a network?
A new kind of meat designed to appeal to vegetarians.
In Japan this happened with the government-run NHK which is two terrestrial and some satellite TV channels. NHK is the channel you go to when there is a big bumpy earthquake or a typhoon, and sometimes they have not so dry kind of interesting stuff too.
So NHK got the government to let them go door to door demanding cash from people all across the country, since people are watching their channels with no commercials on them, which means they must owe them something. Just started a couple years ago after many many years of free government TV.
The idea is if you pay, you get a shiny sticker which you post on your house, one a year. Of course everybody and his or her brother says to their question "Do you watch TV?", "Yeah! But I never watch NHK." Which is possible but difficult because you scan through two of their channels to hit the other five or so you get in Tokyo anyway.
When's the last time this happened? Not for a long time, then they showed up on 9-11 or within a day or so of it I remember. I best remember of course my intense anger (from the New York area doncha know) and I got really pissed off at the person who came to the door.
They went off never getting it, you know, that they could have been in the wrong. Even if technically they might not have been, though of course I never watch NHK intentionally now except when there is a typhoon or an earthquake.
Maybe Comcast could be reduced to a more pathetic lifeform like NHK, which also happens to be made of some quite corrupt and very nasty people at the top. Lucky they don't have spyware for the tv, yet.
Subscriber Agreement
a sp or you may disable cookies on your browser as follows:
This Agreement (the "Agreement") sets forth the terms and conditions pursuant to which CoxCom, Inc., together with any applicable Cox affiliate and/or distribution partner (collectively "CoxCom") will provide the Cox High Speed Internet service (the "Service") to the customer ("Customer") referenced on such order form. Such Service will be delivered over cable transmission facilities provided by CoxCom.
CoxCom may modify this Agreement, and the Service provided hereunder, at any time. CoxCom will notify Customer of any such changes by posting notice of such changes at http://www.cox.com/ and sending notice via e-mail. Customer's continued use of the Service following notice of such change shall be deemed to be Customer's acceptance of any such modification. If Customer does not agree to any such modification, Customer must immediately stop using the Service and notify CoxCom that Customer is terminating this Agreement in accordance with Section 12(a) of this Agreement.
1. Computer Equipment Requirement
Customer's computer equipment must comply with CoxCom's current minimum computer requirements, which are available at http://www.cox.com/ The minimum computer requirements may change and CoxCom will make reasonable efforts to support previously acceptable configurations; however, CoxCom is not obligated to continue to provide such support.
2. Customer Premises Equipment ("Equipment")
Customer may rent or purchase a cable modem from CoxCom or may purchase a DOCSIS-compliant, CoxCom-approved cable modem from a third party provider. CoxCom reserves the right to provide service only to users who have CoxCom-approved DOCSIS-compliant modems. Subscribers are strongly urged to check with local CoxCom Customer Support or online at http://www.cox.com/ for the most current CoxCom-approved cable modem list.
3. Access Provided
The Service will allow Customers to access the Internet, online services and other information. Customer may incur charges, including, without limitation, charges relating to the purchase of "premium" services, such as additional web space, unified messaging, online faxing, business class services, or access to certain gaming sites in addition to those billed by CoxCom. All such charges, including all applicable taxes, are the sole responsibility of Customer.
4. Payment Terms
a. Agreement to Pay. Customer agrees to pay all monthly fees and installation charges, including applicable franchise fees, taxes, customer service fees, late fees and door collection fees. Monthly fees will be billed one month in advance. If payment is not received by the due date, late fees and/or collection charges may be assessed and the Service may be terminated. Customer may be required to pay a reconnect fee and/or a security deposit in addition to all past due charges before the Service is reconnected.
b. Payment Methods. Customer agrees to pay CoxCom in accordance with the payment terms on the back of the invoice received by Customer for the Service and agrees that CoxCom has the right to change the structure and amount of its fees at any time subject to applicable law.
5. Access to Customer's Premises
Customer authorizes CoxCom, and its employees, agents, contractors, and representatives to enter Customer's premises (the "Premises") at mutually agreed upon times in order to install, maintain, inspect, repair and remove any CoxCom-owned Equipment and/or the Service. If Customer is not the owner of the Premises, upon request, Customer will supply CoxCom with the owner's name and address, evidence that Customer is authorized to grant access to the Premises on the owner's behalf, and (if needed) written consent from the owner of the Premises.
6. Relocating/Removing Equipment
Customer will not remove any CoxCom-owned Equipment from the Premises or connect the Equipment to any outlet other than the outlet to which the Equipment was initially connected by the CoxCom installer. CoxCom may relocate the Equipment for Customer within the Premises at the Customer's request for an additional charge. If Customer relocates to a new address, this Agreement shall automatically terminate and Customer will be required to enter into a new Subscriber Agreement and may be charged a new installation fee to initiate Service. Customer will not connect any equipment, other than Equipment authorized by CoxCom, to the cable modem outlet. Customer understands that failure to comply with this restriction may cause damage to the CoxCom network and subject Customer to liability for damages and/or criminal prosecution.
7. Contact Address
For any inquiries or notices required in connection with this Agreement, Customer should contact the local CoxCom customer service center, at the address or phone number listed on Customer's bill.
8. Acceptable Use Policy
Customer agrees to use the Services only in accordance with the Acceptable Use Policy currently located at http://www.cox.com/, which may be modified by CoxCom from time to time, and which are incorporated herein and made a part of this Agreement.
9. Monitoring and Enforcement
CoxCom has no obligation to monitor the content on the Service and expressly disclaims any responsibility for any offense or injury arising out of the Customer's access to or dissemination of such content. However, Customer agrees that CoxCom has the right to monitor the Services and to disclose any information as necessary to satisfy any law, regulation or other governmental request to operate the Service properly, or to protect itself or its subscribers. CoxCom reserves the right to refuse to post or to remove from the Service any information or materials that, in its sole discretion, are inappropriate, undesirable, or in violation of this Agreement.
To promote good citizenship within the Internet community, CoxCom will respond appropriately if it becomes aware of inappropriate use of its Services. CoxCom prefers to advise Customers of inappropriate behavior and any necessary corrective action required. However, if the Services are used in a way in which CoxCom, in its sole discretion, believes violates this Subscriber Agreement, including the Acceptable Use Policy, CoxCom may take any responsive actions it deems appropriate. Such actions include, but are not limited to, temporary or permanent removal of content, cancellation of newsgroup posts, filtering of Internet transmissions, and the immediate suspension or termination of all or any portion of the Service. CoxCom will have no liability for any such actions. The above described actions are not CoxCom's exclusive remedies and CoxCom may take any other legal or technical action it deems appropriate.
By using the Services to publish, transmit or distribute content, Customer is warranting that the content complies with this Agreement, including the Acceptable Use Policy. Customer also authorizes CoxCom to reproduce, publish, distribute, and display the content worldwide only as necessary for CoxCom to provide the Services. The publication, transmission, or distribution of Customer content pursuant to our providing the Services shall not provide CoxCom any ownership rights or license to use that content for any purpose other than allowing CoxCom to provide the Services.
10. Customer Information
a. Credit Inquiries. Customer authorizes CoxCom to make inquiries and to receive information about Customer's credit history from others and to enter this information in Customer's file.
b. Information Collection and Disclosure. Customer agrees that CoxCom may collect and disclose information concerning Customer and Customer's use of the Service in the manner and for the purposes set forth in CoxCom's privacy policy currently available at http://www.cox.com/, and as the same may be modified from time to time in accordance with its terms.
11. Customer Service
CoxCom expressly reserves the right to institute fees for providing certain customer support services if, at its sole discretion, it determines such fees are warranted. Except as expressly provided herein, CoxCom shall not be liable for any damage to Customer's equipment resulting from or arising in connection with its provision of technical service and support for the Service, even if such damage results from the negligence or gross negligence of the CoxCom installer, technician or customer service representative.
12. Terminations and Expiration
a. Termination Rights. Either party may terminate this Agreement at any time without cause by providing the other party with no less than twenty-four (24) hours written notice of such termination. In the event of termination by Customer, Customer must notify CoxCom by telephone or by a non-electronic written submission. E-mail submissions shall not constitute effective notice. In the event of termination by CoxCom, CoxCom may notify the Customer of such termination by electronic or other means. In those cases where annual prepayment terms are elected by Customer, Customer agrees and understands that the calculation of any refund for unused Service will be based upon the normal rate for the Service and not upon the discounted annual prepayment rate.
b. Obligations Upon Termination. Customer agrees that upon termination of this Agreement:
1. Customer will pay CoxCom in full for Customer's use of any CoxCom-owned Equipment and Service up to the later of the effective date of termination of this Agreement or the date on which the Service and any CoxCom-owned Equipment have been disconnected and returned to CoxCom. Customer agrees to pay CoxCom on a pro-rated basis for any use by Customer of any CoxCom-owned Equipment or Services for a part of a month.
2. Customer will permit CoxCom to access Customer's premises at a reasonable time to remove any CoxCom-owned Equipment and other material provided by CoxCom.
3. Customer will ensure the immediate return of any CoxCom-owned Equipment to CoxCom. Customer will return or destroy all copies of any software provided to Customer pursuant to this Agreement.
4. CoxCom is authorized to delete any files, programs, data and e-mail messages associated with such account.
c. CoxCom Retention Rights. Nothing contained in this Agreement shall be construed to limit CoxCom's rights and remedies available at law or in equity.
13. Limited Warranty
ANY COXCOM-OWNED EQUIPMENT AND SERVICE ARE PROVIDED BY COXCOM "AS IS" WITHOUT WARRANTY OF ANY KIND. COXCOM DOES NOT WARRANT UNINTERRUPTED USE OF THE EQUIPMENT OR THE SERVICE. COXCOM DOES NOT WARRANT THAT ANY DATA OR ANY FILES SENT BY OR TO CUSTOMER WILL BE TRANSMITTED IN UNCORRUPTED FORM OR WITHIN A REASONABLE PERIOD OF TIME. ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF NONINFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY ARE HEREBY EXCLUDED AND DISCLAIMED. Some states do not allow the exclusion or limitation of implied warranties, so the above exclusions or limitations may not apply to you.
14. Back-Up Requirements
Customer agrees that he/she understands that the installation, use, inspection, maintenance, repair and removal of the Equipment may result in service outages or potential damage to Customer's computer. Customer therefore accepts full responsibility for backing up all existing computer files prior to such activities involving the Equipment. Customer expressly releases CoxCom from any liability whatsoever for any damage to or loss or destruction of any of Customer's software, files, data or peripherals.
15. CoxCom Performance and Reliability Rights
Although CoxCom will make commercially reasonable efforts to deliver a high quality residential Internet access service, unless otherwise specified by CoxCom in writing, Customer is purchasing a residential data service with no performance or reliability warranty either expressed or implied. CoxCom reserves the right to manage its network for the greatest benefit of the greatest number of subscribers including, but not limited to the following: rate limiting, traffic prioritization, and protocol filtering. Customer expressly accepts that such action on the part of CoxCom may affect the performance of the service. CoxCom reserves the right to enforce limits on specific features of the Service, including, but not limited to, e-mail storage and web hosting maximums.
16. Damage to and Encumbrances on Equipment, Computer, Software
a. Ownership of Equipment. All Equipment, except for equipment purchased and paid for in full by Customer, will at all times remain the property of CoxCom. Customer may not sell, transfer, lease encumber or assign all or part of the CoxCom-owned Equipment to any third party. Customer shall pay the full retail cost for the repair or replacement of any lost, stolen, unreturned, damaged, sold, transferred, leased, encumbered or assigned Equipment or part thereof, together with any costs incurred by CoxCom in obtaining or attempting to obtain possession of any such Equipment. Customer hereby authorizes CoxCom to charge Customer's Visa, Master Card, other credit card or other payment method authorized by Customer for any outstanding Service and Equipment charges. CoxCom may, at its option, install new or reconditioned Equipment, including swapping existing Customer equipment for DOCSIS-compliant equipment, for which the Customer may incur a fee.
b. Customer's Hardware and Software. Should the hardware of Customer's computer be damaged as a result of the gross negligence of CoxCom or the gross negligence of an authorized agent of CoxCom, CoxCom will pay for the repair or replacement of the damaged parts up to a maximum of $3,000.00. CoxCom shall have no liability whatsoever for any damage to or loss or destruction of any software, files or data, including any damages or losses resulting from any virus, lock, key, bomb, worm, Trojan horse, or other harmful feature.
c. Customer Purchased Equipment. Customer agrees to only connect CoxCom-approved equipment to the CoxCom network.
17. No Liability for Content
There may be content on the Internet or otherwise available through the Service that may be offensive to some individuals, or that may not be in compliance with all laws, regulations, and other rules. CoxCom assumes no responsibility for the content contained on the Internet or otherwise available through the Service. All content accessed by Customer through the Service is accessed and used by Customer at Customer's own risk, and CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to access to such content by Customer. CoxCom specifically disclaims any responsibility for the accuracy, quality and confidentiality of information obtained through the Service.
18. No CoxCom Liability For
a. Eavesdropping. Other cable and Service subscribers may be able to access and/or monitor Customer's use of the Service. The risk of such "eavesdropping" exists not only with cable transmission facilities, but also on the Internet and other services to which access is provided by CoxCom as part of the Service. Any sensitive or confidential information (such as credit card numbers or other financial information, medical information or trade secrets) sent by or to Customer is sent at Customer's sole risk, and CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to such actions by Customer.
b. Security. Customer agrees that when using the Service to access the Internet or any other online service, there are certain applications, such as FTP, HTTP, proxy, peer-to-peer based applications, or gateway server applications, which may be used to allow other Service users and Internet users to gain access to Customer's computer. CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings resulting from, arising out of or otherwise relating to the use of such applications by Customer, including, without limitation, damages resulting from others accessing Customer's computer or from any loss of data maintained on any network.
19. Limitation of Liability
Customer agrees to indemnify CoxCom from any claims arising from Customer's use of the Service, including the use of the Equipment or the Service in any manner prohibited under this Agreement. Unless otherwise specifically provided in this Agreement, CoxCom shall not be liable to Customer or to any third party for any claims, damages, losses, liabilities expenses, or costs (including legal fees) resulting directly or indirectly out of or otherwise arising in connection with any allegation, claim, or proceeding based on:
a. The use of the Service by Customer or any other use of the Equipment, including, without limitation, any damage resulting from or arising out of Customer's reliance on or use of the Equipment or Service, or mistakes, omissions, interruptions, deletion of files, errors, defects, delays in operation, failed deliveries, misdeliveries, transmission failures, or any other failures of performance whether from a failure of the Equipment or Service or from any other computer or network;
b. The termination or reclassification of Customer's account by CoxCom pursuant to this Agreement;
c. A contention that the use of the Equipment or Service by Customer or a third party infringes the copyright, patent, trademark trade secret, confidentiality, privacy, or other intellectual property rights or contractual rights of any third party;
d. In no event shall CoxCom have any liability for any consequential, special, incidental, or indirect losses or damages, including lost profits, loss of data, lost business opportunities, and personal injuries (including death). The limitations set forth in this Section 20 apply to the acts, omissions, negligence and gross negligence of CoxCom, and each of its respective affiliates, subcontractors, employees and agents, which, but for this provision, would give rise to a cause of action in contract, tort or any other legal doctrine; and
e. Customer's sole and exclusive remedies under this Agreement are as expressly set forth herein. Some states do not allow the limitation or exclusion of incidental or consequential damages, so such limitations or exclusions may not apply to you.
20. Installation/End User Software Licenses
a. If the installation of an Ethernet card is required, it may be necessary to open Customer's computer. System files on Customer's computer may be modified as part of the installation process. CoxCom neither represents, warrants, nor covenants that such modifications will not disrupt the normal operations of Customer's computer. CoxCom shall have no liability whatsoever for any damage resulting from the above or other file modifications. CoxCom is not responsible for returning Customer's PC to its original configuration prior to installation.
b. CoxCom or its agents will supply and install certain software, and if required an extra cable outlet, a cable modem and an Ethernet card for a fee determined by CoxCom. CoxCom will also provide a "getting started guide" and online instructions on how to use the Service. CoxCom shall use reasonable efforts to install the Service to full operational status, provided that Customer's computer fulfills the minimum computer requirements set out above in Section 1.
c. Customer agrees to comply with the terms and conditions of all end user license agreements accompanying any software or plug-ins to such software distributed by CoxCom in connection with the Service. All end-user software licenses shall terminate upon termination of this Agreement.
d. Customer may transfer the software provided by CoxCom to additional computers within the home, but service and support for these additional machines is limited and/or may incur an additional fee. Customer agrees that CoxCom has no responsibility to provide service and support for in-home networks. If Customer intends to transfer the software, Customer must give CoxCom prior notice of such transfer.
21. Multiple Users
Customer agrees that Customer is executing this Agreement on behalf of all persons who use the Equipment and/or Service provided to Customer. Customer shall have sole responsibility for ensuring that all such other users understand and comply with the terms and conditions of this Agreement. Customer further agrees that Customer is solely responsible and liable for any and all breaches of the terms and conditions of this Agreement, whether such breach is the result of use of the Service and/or Equipment by Customer or by any other user of Customer's computer.
22. Governing Law
This Agreement shall be exclusively governed by, and construed in accordance with, the laws of the State of Georgia. Customer may not bring any claim, suit or proceeding more than one (1) year after the date the cause of action arose.
23. General
This Agreement constitutes the entire agreement and understanding between the parties with respect to its subject matter and supersedes and replaces any and all prior written or oral agreements. In the event that any portion of this Agreement is held to be unenforceable, the unenforceable portion shall be construed in accordance with applicable law as nearly as possible to reflect the original intentions of the parties and the remainder of its provisions shall remain in full force and effect. CoxCom's failure to insist upon or enforce strict performance of any provision of this Agreement shall not be construed as a waiver of any provision or right. Neither the course of conduct between the parties nor trade practice shall act to modify any provision of this Agreement. This Agreement may not be assigned or transferred by Customer. This Agreement is freely assignable by CoxCom to third parties.
Acceptable Use Policy
CoxCom, Inc. and any Cox affiliate and/or distribution partner referenced on the order form/Subscriber Agreement (collectively "CoxCom") provides a variety of Internet services that allow Customers to connect to CoxCom's high-speed Internet network ("Services"). In order to provide Customers with high quality Service, CoxCom has adopted this Acceptable Use Policy ("Policy") for CoxCom Customers. Please read this policy prior to accessing the CoxCom Services. By using CoxCom Services, CoxCom Customers agree to abide by, and require others using the Services to abide by, the terms of this Policy. CoxCom may revise this Policy from time to time without notice. Accordingly, CoxCom Customers should consult this document regularly to ensure that their activities conform to the most recent version. ANY USER WHO DOES NOT AGREE TO BE BOUND BY THESE TERMS SHOULD IMMEDIATELY STOP USE OF THE SERVICES AND NOTIFY THE COXCOM CUSTOMER SERVICE DEPARTMENT SO THAT THE USER'S ACCOUNT MAY BE CLOSED. For any questions regarding this Policy, complaints of violations, or cancellation notices please contact CoxCom via E-mail at abuse@cox.com, by mail to the cable system address listed on the Subscriber Agreement or by telephone to your local cable system office.
Prohibited Activities
CoxCom Customers may not use the Services in a manner that violates any applicable local, state, federal or international law, order or regulation. Additionally, CoxCom Customers may not use the Services to:
Conduct, participate in, or otherwise facilitate pyramid or other illegal soliciting schemes.
Take part in any fraudulent activities, including impersonating any person or entity or forging anyone else's digital or manual signature.
Invade another person's privacy, stalk or otherwise harass another.
Post, transmit, or disseminate content that is threatening, abusive, libelous, slanderous, defamatory, incites hatred, or is otherwise offensive or objectionable.
Restrict, inhibit, or otherwise interfere with the ability of any other person to use or enjoy the equipment or the Service, including, without limitation, posting or transmitting any information or software which contains a virus, lock, key, bomb, worm, Trojan horse or other harmful feature.
Collect or store personal data about other users.
Use an IP address or client ID not assigned to Customer.
Use the Services on more than a single computer, unless otherwise authorized by CoxCom.
Violate any other CoxCom policy or guideline.
Harm to Minors
CoxCom Customers may not use the Services to harm or attempt to harm a minor, including, but not limited to, by hosting, possessing, disseminating, or transmitting material that is unlawful, including child pornography or obscene material.
Intellectual Property Infringement
CoxCom Customers may not use the Services to post, copy, transmit, or disseminate any content that infringes the patents, copyrights, trade secrets, trademark, or propriety rights of any party. CoxCom assumes no responsibility, and CoxCom Customers assume all risks regarding the determination of whether material is in the public domain, or may otherwise be used by Customer for such purposes.
Copyright
If you believe that your work has been copied in a way that constitutes copyright infringement, please provide CoxCom's Copyright Agent the following information:
An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright or other intellectual property interest;
A description of the copyrighted work or other intellectual property that you claim has been infringed;
A description of where the material that you claim is infringing is located on the site;
Your address, telephone number, and email address;
A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright or intellectual property owner, its agent, or the law;
A statement by you, made under penalty of perjury, that the above information provided in your notice is accurate and that you are the copyright or intellectual property owner or authorized to act on the copyright or intellectual property owner's behalf.
CoxCom's Agent for Notice of claims of copyright or other intellectual property infringement can be reached as follows:
By mail: Cox Communications, Inc.
Attn: Wanda Moore
Leslie Spasser
1400 Lake Hearn Drive
Atlanta, GA 30319
By fax: Attn: Wanda Moore
Leslie Spasser
404-843-5845
By email: copyrightabuse@cox.com
User Content
CoxCom Customers are solely responsible for any information that they publish on the web or other Internet services. CoxCom Customers must ensure that the recipient of the content is appropriate and must take appropriate precautions to prevent minors from receiving inappropriate content. CoxCom reserves the right to refuse to post or to remove any information or materials from any CoxCom Service or system, in whole or in part, that it, in CoxCom's sole discretion, deems to be offensive, indecent, or otherwise inappropriate.
Commercial Use
The CoxCom residential Services are designed for personal use of the Internet and may not be used for commercial purposes. CoxCom Customers may not resell or otherwise charge others to use the residential Services. The residential Services are for personal use only. Customer agrees not to use the Service for operation as an Internet service provider, or for any other business enterprise, including, without limitation, virtual private network ("VPN") usage, IP address translation, or similar facilities intended to provide additional access.
Servers
CoxCom Customers may not operate, or allow others to operate, servers of any type or any other device, equipment, and/or software providing server like functionality in connection with the CoxCom residential service.
Misuse of Service
CoxCom Customers are responsible for any misuse of the Services, even if a friend, family member, guest, employee or customer committed the inappropriate activity with access to the CoxCom Customer account. CoxCom Customers must therefore take steps to ensure that others do not gain unauthorized access or misuse the Services.
Hacking/Attempted Unauthorized Access
CoxCom Customers may not use the Services to breach or attempt to breach the security of another user or attempt to gain access to any other person's computer, software, or data without the knowledge and consent of such person. The equipment and the Services may not be used in any attempt to circumvent the user authentication or security of any host, network or account. This includes, but is not limited to, accessing data not intended for Customer, logging into or making use of a server or account Customer is not expressly authorized to access, or probing the security of other networks or computers for any reason. Use or distribution of tools designed for compromising security, such as password guessing programs, cracking tools, packet sniffers or network probing tools, is prohibited.
Security
CoxCom Customers are solely responsible for the security of any device connected to the Services, including any data stored on that device. CoxCom recommends that users take appropriate security precautions for any systems connected to CoxCom Services.
Disruption of Services
CoxCom Customers may not disrupt the Services in any manner. Nor shall CoxCom Customers interfere with computer networking or telecommunications services to any user, host or network, including, without limitation, denial of service attacks, flooding of a network, overloading a service, improper seizing and abuse of operator privileges or attempts to "crash" a host.
Equipment
CoxCom Customers may not alter, modify or tamper with any CoxCom-owned equipment or service, or permit any other person to do the same that is not authorized by Cox.
Viruses, Trojan Horses, Worms and Denial of Service Attacks
Software or other content downloaded from the Service may contain viruses and it is Customer's sole responsibility to take appropriate precautions to protect Customer's computer from damage to its software, files and data. Customers are prohibited from posting, transmitting or disseminating any information or software that contains a virus, Trojan horse, worm or other harmful program or that generates levels of traffic sufficient to impede others' ability to send or retrieve information. Prohibited conduct of this type includes denial of service attacks or similarly disruptive transmissions, as well as transmissions containing other harmful or malicious features.
Electronic Mail
CoxCom Customers may not use the Services to send unsolicited bulk or commercial e-mail messages ("spam"). Any unsolicited e-mail must also not direct the recipient to any web site or other resource that uses the CoxCom Service. The Services may not be used to collect responses from unsolicited e-mail sent from accounts on other Internet hosts or e-mail services that violates this Policy or the acceptable use policy of any other Internet service provider. In addition, "mail bombing," the sending of numerous copies of the same or substantially similar messages or very large messages or files with the intent to disrupt a server or account, is prohibited.
You may not reference Cox, CoxCom or any portion of the Cox network (e.g. by including "Organization: Cox" in the header or by listing an IP address that belongs to the Cox network) in any unsolicited email even if that email is not sent through the Cox network. Further, forging, altering or removing electronic mail headers is prohibited.
Bandwidth, Data Storage and Other Limitations
CoxCom Customers must comply with the current bandwidth, data storage and other limitations on the Services. Customers must ensure that their activities do not improperly restrict, inhibit, or degrade any other user's use of the Services, nor represent (in the sole judgment of CoxCom) an unusually large burden on the network itself. In addition, Customers must ensure that their activity does not improperly restrict, inhibit, disrupt, degrade or impede CoxCom's ability to deliver the Services and monitor the Services, backbone, network nodes, and/or other network services. CoxCom may terminate, suspend, or require a Customer to upgrade its Services and pay additional fees if CoxCom, in its sole discretion, determines that that a CoxCom Customer is using excessive bandwidth.
Newsgroups
Messages posted to newsgroups must comply with the written charters or FAQs for those newsgroups. Advertisements, solicitations, or other commercial messages should be posted only in those newsgroups whose charters or FAQs explicitly permit them. You are responsible for determining the policies of a given newsgroup before posting to it.
Posting or cross-posting the same or substantially similar messages to more than eight newsgroups is prohibited. Our news software will automatically cancel any messages posted to nine or more newsgroups.
Binary files may not be posted to newsgroups not specifically named for that purpose. Users posting binary files to groups with policies concerning the permissible daily volume of posted files are required to observe those limitations.
Forging, altering or removing header information is prohibited. This includes attempting to circumvent the approval process for posting to a moderated newsgroup.
CoxCom reserves the right to discontinue access to any Usenet newsgroup at any time for any reason.
You may not attempt to "flood" or disrupt Usenet newsgroups. Disruption is defined as posting a large number of messages to a newsgroup which contain no substantive content, to the extent that normal discussion in the group is significantly hindered. Examples of disruptive activities include, but are not limited to, posting multiple messages with no text in the body, or posting many follow-ups to messages with no new text. Messages may not be canceled, except by the author or by official newsgroup moderators performing their duties.
The Usenet news service included with a CoxCom residential service account is provided for interactive use by the subscriber, using a commonly-available NNTP client such as Netscape Communicator. Non-interactive clients that download Usenet articles in bulk are prohibited.
Conflict
In the event of a conflict between the Subscriber Agreement and this Policy, the terms of the Subscriber Agreement will prevail.
COX COMMUNICATIONS, INC.
PRIVACY POLICY
Cox Respects Your Privacy
At Cox Communications, Inc., we respect your privacy. This privacy policy explains our commitment to your privacy and describes how your information is maintained and used by us.
Information We Collect
Information You Provide to Us. When you sign up for our services, including Internet, cable television, and/or video on demand (the "Services"), you provide us with information including your name, address, telephone number, and other billing information. We maintain this information along with billing, payment, deposit, complaint, and service information, and your choices regarding equipment and service options.
Information Used in Connection with Service Management, Maintenance, or Security. We collect information about your usage of our services for network management, maintenance, performance, and security. We may collect information regarding the choices that you make in connection with your use of the Services we offer, any Services ordered, and Internet usage, including the Internet Protocol number assigned to you, bandwidth utilization, and Internet resource requests (e.g. requests to view a web page) made by you.
Information for Personalization Services. We may collect and maintain information such as your address and content and service preferences to provide a more personalized online experience.
We Do Not Monitor Your Personal Communications in the Course of Normal Operations. We do not read your email messages, instant messages, online chats, or the content of other online communications that reside on or pass through our Services. We may however, retain and provide such communications in accordance with a valid court order or if we are otherwise legally required to do so or in response to an emergency situation. Please be aware, however, that once your communications leave our network and enter the public Internet on their way to their recipient, your communications may be monitored or intercepted by third-parties or other Internet service providers over which we do not have control.
We Do Not Record Any Information You Provide to Non-Affiliated Web Sites in the Course of Normal Operations. We will not record any information that you provide to third-party websites or Internet services in the course of our normal operations. When you submit information to any website or Internet service operated by us or an affiliated company, that information will be used only in accordance with the terms of service and privacy policy on that website or Internet service. Since we cannot control websites or Internet services operated by third-parties, we recommend that you review the terms of service and privacy policies of those websites.
Information Usage
We May Use Your Information for Service Related Purposes. We may use the information we collect to maintain and manage the Services, verify billing accuracy, communicate with our customers about service-related issues and maintain financial, tax and legal records. We also may transfer the information we collect in connection with the sale, merger, or transition of our system to a third-party.
We May Use Your Information for Our Internal Business Purposes. We may make your information available to our employees, agents and contractors for our internal business purposes, as well as to our outside auditors, attorneys and accountants, potential and actual purchasers of our business, and local franchise authorities. We also may disclose your information to collection services to the extent such disclosure is necessary to collect past due bills, or to other third-parties as may be necessary to render the Services and conduct other legitimate business activities related to your use of the Services. Third-parties that we retain to perform activities on our behalf (such as executing e-mail communications or collecting past due bills) and which necessarily have access to your information to carry out their assignment, are obligated to maintain the privacy of your information. We require those third-parties to use your information only for the limited purposes for which the disclosure is made and in accordance with this privacy policy. The frequency of any such information disclosure will vary in accordance with our business needs.
We Will Not Provide Your Information to Non-Affiliated Third-Parties for Marketing Purposes. We will not provide your information to any third-party for its use in connection with mailing lists or marketing purposes, other than those parties that we retain to conduct our mailings, surveys, contests, or marketing campaigns, or who act on our behalf.
We May Use Your Information to Send You Our Marketing and Service Related Information. We may send you marketing and informational materials from us or on behalf of our business affiliates or partners. If you do not wish to receive marketing or informational materials from us or our partners, please let us know by sending us a written request, including you name, address, and account number to the address listed on this notice.
Disclosure Policies
We Treat Your Information as Confidential. We treat the information we maintain about you as confidential and take precautions to prevent unauthorized access to your information.
We May Disclose Aggregate, Anonymous Information. We may disclose aggregate, anonymous information (i.e., information that does not reveal your name and address in connection with your general viewing or usage habits or any other transactions made using our Services that are personally indefinable to you) collected from our Services. This aggregate, anonymous information cannot be linked to you or any other individual.
We May Disclose Your Information if Required To Do So for Law Enforcement Purposes. We may disclose your information, including your name, address, email address, and other information, to a government entity if required to do so pursuant to law and as otherwise provided in the Acceptable Use Policy.
We May Disclose Your Information for Certain Other Purposes. We may disclose your information, including your name, address, email address, and other information to other system administrators at other Internet service providers or other network or computing facilities if necessary pursuant to our Acceptable Use Policy or in response to emergency conditions such as imminent threat to life or damage or destruction of property.
Limitations on Disclosures If you wish to prohibit or limit our disclosure of your information, you must notify us in writing at privacy@cox.com, and include your name, address, account number, and the information that you do not wish to be disclosed. Please note that we still may be required to disclose certain information if required to do so by law.
Retention
We maintain your information in our regular business records as long as you are a customer and for a longer time if necessary for our business purposes. Unless a court has asked us for access to this information, we will destroy it once it is no longer necessary for our business purposes.
Inspection
We will make personally identifiable information about you contained in our business records available to you within ten (10) days of our receipt of your written request to examine such information. You may only inspect records containing information about you. You are responsible for the cost of copying any documents you request. We will make this information available during normal business hours at the Cox office listed on the front cover of this notice, and will give you an opportunity to correct any error in the information we maintain.
Other Issues to Beware of - When you travel across the Internet, you may come across the following:
Spam - We do not condone or encourage the sending of unsolicited email, often called spam. Although we take steps to block spam from coming onto our network, no spam prevention method can stop all spam. You can help reduce the amount of spam you receive by not posting your email address on Internet news groups and message boards, and by not providing it to services that are unknown to you.
Cookies - Websites may use cookies to provide you with customized services and other features to enhance your experience. A cookie is a small amount of data that is sent to your browser by a website and is stored on your computer's hard drive that may contain data that allows that website to identify you. A cookie cannot read unrelated data off your hard drive. Every website you visit, and the advertisers on that website, can send cookies to your browser if your browser's preferences allow it. Although cookies can help websites provide you with customized features, they may also allow your activities and choices to be tracked. If you are concerned about cookies you may opt out of major advertising networks use of cookies at http://www.networkadvertising.org/optout_nonppii.
Internet Explorer (IE) users:
On the main toolbar of your browser, go to View (IE 4.0 or earlier) or Tools (IE 5.0 or later):
Select "Internet Options"
Go to the "Security" tab
IE 4.0 or earlier, look for "cookies" and select "enable" or "prompt" to enable cookies or "disable" to disable cookies
IE 5.0 or later select "custom level", scroll down to "cookies" and select "enable" or "prompt" to enable cookies or "disable" to disable cookies
Netscape users:
On the main toolbar of your browser:
Go to "edit"
Select "preferences"
On the left half of the window, select "advanced"
Select "accept all cookies" to enable cookies or "disable cookies" to disable cookies
Clear GIFs - Web pages may contain invisible electronic images, often called clear GIFs or web bugs, that allow third-parties to gather information about users who have visited the web page containing the clear GIF. Email you receive also may contain clear GIFs that may allow the sender to know if you have opened the email.
Malicious Activity - People with malicious intent may try to access or otherwise damage your computer when you are on the Internet. We therefore recommend that you take precautions to protect your computer when you are online. A firewall will help protect your system from attackers, and a virus checker will help prevent a virus from damaging your system.
Changes to this Policy
We may change this privacy policy from time to time to take into account new or changing circumstances. In the event that we change this privacy policy, we will provide you with written or electronic notice at least 30 days before the changes take effect. Any changes to this privacy policy will be prospective and will therefore not change the way we use information collected prior to the changed policy. Additionally, any written notices you provided to us regarding your preferences as to how we use your information will remain in effect.
OK, we've established that we can hide NAT from the cable companies if were saavy enough. Squid/Socks Claiming you have multiple stacks on one machine. They should look at this and realize we will keep right on top of thier technology and won't be detected if we dont want to be.
What these ISPs need to realize is all they are doing is pissing off thier good (technical)customers. At last glance my provider (AT&T) was selling linksys routers at a discount and didn't restrict NAT. Good.
I would prefer to see a bandwidth abuse policy. After all, thats what the ISP is trying to conserve here. If you go over 200MB download a day on average for example...then it may be a reason to investigate. Maybe they are really trying to quash the neighborhood 802.11b service provider.
If they outlaw NAT, only outlaws will have NAT.
This is bogus reasoning. A team of network engineers could never in a million years "Detect" and "force to pay" enough NAT users to make paying that team of network engineers a profitable venture.
Look at he numbers: Team of network engineers (assume 5) @ $40/hr each. That $200/hr for the team. Weekly, you're paying $8,000. That means that, to make money, the team must find people with (and convince them to pay for) "extra" machines connected.
By my math, at $6 per machine, they'd have to "sell" about 440 extra IPs per week, and for those 440 "sales", those users must continue paying for at least three months. Otherwise, they're losing money on the operation.
If AT&T Broadband called and said I had to remove my firewall or pay extra, I know what my response would be...
(Starts with "F", ends with "u" and has "uck Yo" in the middle.)
Who did what now?
It's a great NAT / firewall box that lets you statically open incoming ports to local machines if you desire, and prevents you from having to have their REALLY SUCKY software installed on your machine.
Slay a dragon... over lunch!
I can just as easily use the maximum bandwidth with one computer as I can with 10.
THEORETICALLY, this is true. You COULD be a warez host, setup up your machine to continuously download Britney Spears songs from Morpheus or some other bandwidth hogging setup.
But its MORE likely that if you have multiple machines in your home you are using MORE bandwidth than if you only had one.
Now, Its not as simple as "You have three machines, so you are using three times the bandwidth" but the simple fact is that you are using MORE bandwidth in some manner.
"I don't use as much bandwidth on my four computer network as some Morpheus addict uses one just one machine" is not a valid argument to the ISP b/c they want the "cost" of YOUR use to be as low as possible.
Its backwards I agree, but thats how they are looking at it.
Flame, troll, moderate me as a troll all you want, I can handle it.
Its not as if I'm the ISP and I'm going to make money off of you...
---"What did I say that sounded like 'Tell me about your day?'"---
Comcast is a big company. They should be able to monitor bandwidth usage and charge by the average percentage of bandwidth used per month.
I would probably price it between $50 and $150 a month. $150 would be for those extreme examples where the user used between 80% and 100% of thier bandwidth ALL the time (on average), where as $50 would be for the lighter users. (Make up your own pricing scale, but keep it simple)
Not many people will use 80%-100% of thier bandwidth all the time, and those who do would have to pay a premium.
This sounds a lot more fair than telling me I can't use NAT for my many computers.
"Communism is like having one [local] phone company " - Lenny Bruce
I don't understand why this is so terribly hard to figure out. I mean, that's the way you pay for electricity and gas. The only reason you don't pay that way for local phone service is because of some antiquated rules. And the only reason ISPs likely don't do it is because they don't have the necessary accounting software. Well, they should get it rather than try to establish non-sensical and invasive rules.
companies always grow at the expense of their customers. that's the definition of a customer.
They just simply stop traffic for random amounts of time, at random times.
I have RoadRunner here in Columbus, OH and I used to have something similiar to your problem. You may want to call tech support. They sent a tech out who noticed that whenever my traffic stopped the noise was higher than my signal. They then ran me new lines outside the apt and it's been great since. Maybe your lines just corroded and they need replacing. Just a thought.
... is like stealing from Nike, right?
Or worse, buying used sneeakers is also stealing.
The moment I'm under obligation to pay any other private entity money for a service I do not wish is the moment that I become a slave.
Just because someone expects their customers to behave in a particular way doesn't mean that they are obligated to, or it is wrong for them to behave differently.
Because only a communist would deprive Nike of the revenue of a sneaker sale.
Excellent observation, and thanks for the pointer to the "real" Terms of Service.
Now for me to go pick through my current provider's (revised WAY too often to keep up with) Terms of Service to see how nastily I violate them without knowing...
This from "Cindy" a tech at Comcast. Background: I was set as static from day 1 by the tech who said there were problems with the DHCP server at the time. Now that its crunch time, I've been trying to convert to DHCP, but haven't been getting a lease. Found out that CC changed my cust id number, so I would have never gotten an IP until I called them. Hats off to Comcast for calling my house with a prerecorded message stating that I'm still using static and have a week to convert to DHCP, lest my connectivity will be dropped.
Anyway, in talking to Cindy tonight, I said, "I can't believe you guys are going after users with Linksys boxes!" She asked, "what do you mean 'going after'?" I said, "like, pulling the plug! I have one that does wireless so I can work on my laptop anywhere in the house, and now you guys want to chain me to my desk in my basement."
"Oh, I don't think that's what they meant. See, those little firewall boxes won't work with the new network because they're only static, and can't do DHCP at all, so you're box isn't going to work after we change over the network."
"I see. Well then, uh, thanks, I guess!"
Intelligent Life on Earth
No, I don't work for a telecom or ISP of any sort. I've just tired of seeing stories and comments which basically whine about actually being held to the terms of a deal. If, as you assert, there's nothing in the deal to prevent you using NAT, then I fail to understand why any Comcast users care about this other then to tell Comcast where to go when they hear anything about using NAT. We get rabid when anyone even hints about not obeying the letter and spirit of the GPL, but we're ready to throw everyone else's equally binding agreements out the window. If using NAT is permissible under Comcast, I don't see a problem and fail to see the point of Comcast bothering to determine who's using it if they can't do anything about it.
Is there some legitimate way for this to happen, or were slashdot editors manually editing the moderation points on my post? Is there even a way to tell?
If it's the latter, then I'd love to know what about the parent post is so terrible that this was neccessary. Is the mere idea that perhaps slashdot could have been given incorrect information so objectionable?
I appreciate any input from those knowledgeable about how slashdot moderation really works.