Slashdot Mirror
Comcast Hinders BitTorrent Traffic
FsG writes "Over the past few weeks, more and more Comcast users have reported that their BitTorrent traffic is severely throttled and they are totally unable to seed. Comcast doesn't seem to discriminate between legitimate and infringing torrent traffic, and most of the BitTorrent encryption techniques in use today aren't helping. If more ISPs adopt their strategy, could this mean the end of BitTorrent?"
here
iptables -A INPUT -p tcp -dport $TORRENT_CLIENT_PORT -tcp-flags RST RST -j DROP
it's not mine so don't blame me. it's ugly, don't blame me. if it doesn't work, don't blame me. blame Canada.
Wouldn't it be simpler for the telcos to charge per GB delivered in addition to the size of the pipe?
Give all your customers your fastest residential speed. Set your rate so 90% of your customers don't exceed the "monthly allowance" for your low-end rate plan.
For the other 10%, bill them on a pro-rated basis based on how much they use. If they use 2x the allowance, they pay 2x. If they use 100x, they pay 100x.
To prevent runaway bills, allow customers to set their own "caps" and "throttle-down speeds" that would kick in after the cap was reached. If a customer never wanted to pay more than $20, he could set his "monthly cap" at 80% of what $20 would buy, and set the throttle-down rate low enough that he could never use up the remaining 20% even if he was maxing out his connection.
This seems a lot simpler and fairer than traffic shaping by protocol.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I thought it might be some obscure router setting, but I've been having this problem for a few months. Since I barely download things anymore (re: Linux ISOs), it hasn't affected me nearly as much as it would have, say, 2 years ago. Still, this entire situation is pretty ridiculous. Comcast basically says "You can get this speed for $xx.xx a month! It's Comcastic!" but then they act like a bunch of little girls when somebody actually uses what they're paying for. For that reason alone, The guys in suits just want to be able to milk their current infrastructure for longer, and I don't have any sympathy for them. What I find funny about this is that broadband probably wouldn't have gotten as big as it is right now (At least in the U.S.) without warez. Stop and think about how many of your local broadband ISPs were pushing the ability to get music, movies, and games more quickly a few years ago. Comcast was doing that back before legal download services got big. It's like they baited us with the promise of more warez in less time, and now that we're locked in, they want to screw everybody.
God dam it so annoys me when the ISP's bitch and moan about the customers actually using the bandwidth they have signed a contract, and paid for to use.
I have no sympathy for ISP that oversell their services and fail to invest profits in infrastructure.
GPLv2: I want my rights, I want my phone call! DRM: What use is a phone call, if you are unable to speak?
No one will like this suggestion, but I think it's a valid one. ISPs should start charging for bandwidth used just like electric, gas, and other utilities. Right now, they have "unlimited" plans. This gives ISPs a great incentive to try and control what you do online. It just doesn't cost the same to serve the user who just browses the web (at maybe 100k a page which happens sporadically as users have to take time to read the page) and the user who decides that they want to use their cable modem as a movie downloading service - or even legitimate uses like downloading a new Linux distro every week. ISPs shouldn't care how you use your connection - they should only care how much bandwidth you use. ISPs shouldn't even care whether your bittorrents are illegal or legitimate. That has no affect on them. The amount of data transfered does. So, for the sake of network neutrality, for the sake of our freedom to use the internet how we want to use it, we need usage fees.
Metered billing is the easy part. In the long run, it's even easier than the cat-and-mouse game of fighting a particular popular protocol.
The other features, like giving the customer control of monthly caps and throttling, will take a bit of work.
One unintended side-effect is the effect on home users who run wireless networks. "Stealing" bandwidth from an inadvertently unsecured or under-secured wireless connection without permission will now be literally stealing, as the poor subscriber will be stuck with the bill. Expect a few prosecutions under theft or fraud statutes if this becomes commonplace.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Someone should sue Comcast for false advertising. I constantly hear commercials on the radio about how much faster their Internet connections are than DSL's, about how "the other guys" sell you slow connections and make you pay extra for higher speed connections, and all sorts of other crap.
Of course, they don't bother telling you that if you get Comcast, you might not even be able to use your connection, or that they're going to play mommy and tell you what you can and can't do, and punish you for doing things they don't like.
If they're going to do this kind of shit, the FCC and/or the FTC needs to make them disclose it in their commercials. It's a substantial factor in the decision whether or not someone might want to subscribe. And I'd love to see what happens to their subscription numbers when they have to say something like, "We will restrict or forbid some popular services you might want to use on the Internet. Oh, and we require you to use the browser that we prefer, even if you have a Mac and don't have access to it. And last, but not least, if you actually use the Internet, we'll cut you off entirely."
It is flawed because the ISP just needs to look at your HTTP usage and see you connect to a tracker. They can even get the port you are listening on from there! Even if you connect to the tracker via HTTPS, they can still see you connecting to a known tracker IP. Once they know you are on a tracker they can start limiting all traffic that looks like it's encrypted with RC4, because apparently this is identifiable.
It is too much because you don't actually need strong encryption to stop traffic limiting. Simply adding some random padding and XORing the protocol with the torrent's infohash would be enough - it is a private key random enough that they couldn't check them all. The RC4 encryption was seriously over-thought, and what did it give us? Nothing, because apparently it is still identifiable as bittorrent (or at least as RC4 encrypted traffic).
The only solution is to replace the current encryption and always connect to trackers via Tor or some other encrypted proxy. And even then it wouldn't be perfect, because it's plausible they could start limiting traffic on listening ports that get a lot of traffic.
The telephone companies do the same thing. Dating back for decades, they've price the "unlimited local calling" plans knowing some users will under-utilize and some will over-utilize.
When a shift in usage happens faster than they can adjust, as happened during the BBS era of the '80s and early '90s, their expenses go up and their revenue remains constant.
Back in the '80s, telcos in some states put a dent in the problem by limiting the number of lines you could have in your house without paying higher "business" rates. Some multi-line BBS owners paid out of pocket, others charged their users or solicited donations, others reduced their number of lines.
There was also talk of a "modem tax" but thankfully that never went anywhere.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
As a guide,Europe has more internet users than the entire population of America itself. Oh, and then there's the other billion or so internet users in those other countries.
America is certainly a fairly big country but it's far from being a lone influence of the world's technological development and trends.
Mr. Universe: "They can't stop the signal, Mal. They can never stop the signal."
Thankfully that will likely never happen since it would kill VOIP and many online game protocols use UDP. Killing UDP won't happen, since it would kill too many legitimate uses.
A much better idea would be to simply make the connections look as much like HTTP over SSL as possible. They can't block that.This can, theoretically, already be done. (Sort of...) Since BitTorrent already runs over TCP and SSL (actually, TLS now) is simply a presentation-layer protocol, there's no reason BitTorrent can't be run over TLS.
The problem is the "sort of." Since BitTorrent involves a lot more back-and-forth than HTTPS would (HTTPS would be small upload followed by large download), it's still almost certainly possible to block BitTorrent traffic that runs over TLS. There's really no way around this - the send/receive ratios for BitTorrent will always be different from HTTPS ratios.
Besides, the ISP doesn't even really need that to throttle BitTorrent or P2P in general. All they really need to do is start blocking SYN packets from reaching their subscribers, or at the very least, throttle the number of SYN packets their subscribers can receive to, say, five every 30 minutes. About the only "legitimate" uses for subscribers accepting connections are active-mode FTP and various chat protocols. And even then, the only times chat protocols generally require the client to accept a connection is for direct peer-to-peer transfers, and the ISP won't care to kill those.
You are in a maze of twisty little relative jumps, all alike.
It seems that they're now directly interfering with the connections, above and beyond sending RST packets. If I stop my client and then restart it, it will send for a while, then quit, even with the RST packets being dropped. I tested this by running a client on a backbone-connected server that I have. Aside from dropping the RST packets, I've been logging them as well, and they are being dropped. Since my server doesn't have any arbitrary restrictions or throttling, it's clearly something being done by or on behalf of Comcast.
My choices:
- Only seed torrents from my server
- Switch to AT&T (yuck, and they'll no doubt be doing the same crap)
- Switch to Speakeasy (the Best Buy deal gives me the creeps)
- Switch to Covad (expensive)
- Switch to a local fixed wireless provider (my employer has this, and it sucks for VoIP)
- More cat & mouse games with Comcast
Oh, no! You have walked into the slavering fangs of a lurking grue!
No, it wouldn't help. I have had this issue with my ISP Atlantic Broadband for a good two months now. Incoming torrent connections are flat out blocked (you can open the port and test it, but once the first incoming torrent connection comes in, the port gets blocked). And while you tout UDP may be the answer, they do the exact same with KAD... first incoming KAD packet and the port is blocked.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
God dam it so annoys me when the ISP's bitch and moan about the customers actually using the bandwidth they have signed a contract, and paid for to use.
We're the people who build and run these systems. Comcast...or anyone for that matter...can't win that fight. I've worked with you wankers for 15 years, you're clever, relentless, and infinitely creative in a mischievous kind of way. If Comcast closes off BitTorrent, you'll find another way to disguise the traffic. They'll figure it out after a while and you'll figure out something else or go somewhere else. It may be difficult some days to motivate you at work, but you'll drive yourself until the early hours of the morning figuring out how to get around whatever filters they put in place. I've seen this arms race take place in every type of communication technology out there and you've won every time. Telephones, mainframes, PC networks, the internet. The road of technology is littered with the bodies of people who underestimate the technical genius of people who don't like being regulated.
We run your switches, your networks, firewalls, databases and your web sites. We are root and domain admins, we have the back door passwords to your routers. We run packet sniffers and Snort, know what a clever fella can do with xp_ extended stored procedures and javascript, we grew up on ping and tracert....we don't need no steeking GUI.
You can work with us or spend your life on an endless treadmill fighting a losing battle. But one thing history should have taught you...
....do not fuck with us.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
You want to run a server without hassle? get a business account. I have Comcast workplace at my home and I get 6m/768k with 6 static ip addresses and no port blocking or restriction on servers for $100/month.
Look, I'm not totally happy about it, but this is how it works today. You want a restrictive, "client only" connection to the internet you can do that for $20-$60 a month. You want a real internet connection you are going to have to pay $100+ a month in most places (in the US).
Frankly, I am hoping the ISPs finally just come clean and admit that their bottom tier service is client only, practically web/email only. There is a market for that and there is nothing really wrong with them selling it that way.
Verizon's FIOS service supposedly has a comparably priced business tier as well, and they are laying fiber on my street as we speak. I might check that out when it lights up (although I generally find Verizon slightly more evil than Comcast).
Finkployd
I would know the answer as to how and why they do it because I help set up the hardware that does it locally for my system. It doesn't affect all markets nor does it affect customers all of the time. They can do it because of the no server clause in the contract. It doesn't however have to be determined by someone that you're running a server. How it works is there is an actual piece of hardware that is placed into the routing of packets. It inspects the header bits of the packets and determines if the packets being sent are p2p or simply network/server traffic. If it is p2p traffic then the routing priority level for those packets matching those identified are dropped by one level. This is exactly the same way the voip works, but in opposite manner so as voip packets have a higher routing priority than any of the other user traffic. This being said it leaves us with a packet routing priority from top to bottom of user generated traffic looking like: VOIP, Network/HTTP, P2P. Looking at this it's easy to see why some people would experience 'throttling' as it's being called. Unless you can figure out a way to bypass traffic being generated to or from a bunch of private (ie individual ip's not registered with DNS)then your out of luck. This does still leave newsgroups untouched however since the traffic is being routed through a registered server. One more thing. Many of the Comcast systems are implementing what they have termed 'Powerboost'. It doesn't cost anything and it's being done at the server/CMTS level. There is no way to sign up for it or anything. It's either on, off, or hasn't been implemented in your area yet. The rollout of this has been detemined by network capacity for whatever fiber node you're being fed out of. In my current location we've implemented it in appx 90% of our nodes on the downstream and 60% of the nodes on our upstream channels. What this does is allows a user trying to push through large files use of the unallocated bandwidth above and beyond their provisioning rate. Some people here are consistently seeing more than 20Mb/s downstream and 2.4Mb/s per second upstream (being provisioned for 6Mb downstream and 512k upstream). However the servers will not allow that rate to be sustained. It holds a small percentage of the bandwidth available for other demand and keeps the total usage under X% capacity or else it will suspend the additional bandwidth to that user. ****Take notice I didn't say it allows the user to make use of all or even most of the unallocated bandwidth, but just more than they are provisioned for. This is being tightly controlled and regulated to make sure capacity and network stability are maintained while allowing bursts of up to and over 20Mb's. I wouldn't expect to see the number much more than about 20/22 Mb's though depending on the market. Some of the higher capacity/speed markets are running more than the standard 6Mb we're running here in my market. Those people might see something a little more out of powerboost, but don't bet on it for now anyways. Hope this helps, but I don't think it will resolve any of your difficulties any more than just an understanding would do.
As someone said on the linked site, selling a service without mentioning that it is severely restricted is fraud.