Slashdot Mirror
Comcast Forging Packets To Filter Torrents
An anonymous reader writes "It's been widely reported by now that Comcast is throttling BitTorrent traffic. What has escaped attention is the fact that Comcast, like the Great Firewall of China uses forged TCP Reset (RST) packets to do the job. While the Chinese government can do what they want, it turns out that Comcast may actually be violating criminal impersonation statutes in states around the country. Simply put, while it's legal to block traffic on your network, forging data to and from customers is a big no-no."
say it ! and add a "lawsuit" to the end. Such "companies" deserve it.
Read radical news here
Is it just for throttling bit torrent traffic? Can't it also be used to report on potentially illegal bit torrent transfers, as well as legal ones?
In Soviet Russia, TCP packets reset you!
But when these huge companies work with other huge companies AND government agencies like the FBI and CIA, do you think you even have a chance in Hell?
Like many have said before me, we need to go pure encrypted communications to prevent this kind of violation. TOR, WASTE, and Linux based encryption techniques allows us these kind of tools to defend against attackers: our very providers of bandwidth.
Statute, not "statue." I can't help it, editing is what I do.
It could infringe on both legal and illegal bittorrent traffic. Unless the Bush administration pulls another 'national security' coverup on this lawsuit, which it easily could under some fabricated reason, it's an unlawful invasion of privacy... Then again, I'm not quite sure what Comcast has in its ToS. Perhaps it has some secret clause for fraud and impersonation... =P
Site slashdotted out? Use SharePapyrus under Site Directory
I am totally and unequivocally against this.
Of course, there is always DSL. But, wait, that brings AT&T into the picture, at least in California and several other states.
Is this what is called "Hobson's Choice?"
I am thinking that the vendor of their routers probably didnt disclose this bit of information.... Opps...
Legal questions aside, is there some technical merit to sending a RST instead of just blocking the packets? Is it less expensive to the ISP or something? I don't understand why they're doing it.
We use a popular web content filter. The way it works is by doing the same thing. So when we are blocking traffic, we block it by issuing a forged RST. It's either do this, or place the content filter inline ACTIVE. Right now it is passive It does packet capturing and RST to block. If it's down, then traffic still flows. If it were active, we could simply drop the traffic and not forge the RST. But performance and uptime are horrible on many products when these are inline.
Initially this sounded a lot worse to me.
take a look at http://www.dslreports.com/forum/comcast and you will note that plenty of examples of this impersonation exist. They disconnect by impersonation after about 10 seconds of seeding, and it seems to be courtesy of Sandvine. Gotta love lack of net neutrality here, although I am not in favor of extreme net neutrality, some would be, well, nice.
Last time this piece of news was discussed, someone helpfully posted a solution for your Linux firewall.
>north
You're an immobile computer, remember?
Causing you to get TOSed earlier.
If no one prosecutes.
This one stands an extremely low probability of actually improving comcast's service from a consumer-geek perspective. Quick and dirty reasons why:
1. Comcast is in up to their necks with municipal politicians. They need campaign contributions from Comcast.
2. Comcast is in up to their necks with state politicians too.
3. What's the penalty here? Certainly not meaningful enough to warrant the expense of a trial.
4. Since when do consumers Comcast's terms of service? They'll spew the usual free-market pablum as a polite way to tell unhappy customers to go elsewhere. Except they know there may be no elsewhere in many cases.... Not their problem.
For everyone that refuses to believe nothing will come of it, who's going to pay the law firm to drag Comcast into court on a state-by-state basis?
Got Trader Joe's? friendwich.com RSS feeds work now!
I'm so glad I live in Canada.
Of course, net neutrality is the golden solution to everything in the world. But i wouldn't expect it until we move to an open source government.
I realize that to the nerdish mind falsifying the sender of an IP packet is equivalent to "impersonating another", but no sane prosecutor would ever make such a case.
What I'm listening to now on Pandora...
They can do whatever they want with the TCP traffic on their network as long as they don't alter the DATA. If you don't like it, switch to DSL or wireless.
"Apothis 2036 - Surf the Big One"
"Impersonating statues", definitely a criminal offense.
I'm in to sadism, bestiality and necrophilia. Am I flogging a dead horse?
Yeah, it works better. Sending a RST packet closes the TCP connection. Just eating the packet would cause the computer to resend it, creating more traffic on the network. The forged-RST attack is "fire and forget." You identify a TCP connection that has bad traffic in it, and then you target the connection. It doesn't require matching every packet, you can instead look for patterns of packets that indicate types of traffic you dislike, and then just terminate it, and move on to the next connection. It may use deep-packet inspection, but it's not a 'packet blocking' attack. It's better, because it avoids having the computers retransmit packets that just contribute to the traffic you need to screen.
It's a fairly insidious way to block traffic, which is why the Chinese do it. Frankly it's a fundamental weakness of TCP: it wasn't really designed to cope with hostile intermediate nodes. (Flaky ones, sure, but not hostile ones.) You could configure your computer to reject RST packets, but then you'd end up leaving connections open all over the place and cause all sorts of other problems. It's not something that you can trivially work around.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Crazy. Almost makes me want to move to New York.
I always mod up spelling trolls.
Technical question: why does Comcast do it this way? Why not do flow control the normal TCP way - drop packets on the floor?
Maybe they are kinky and really into violating statues ...
You're nuts. Sending resets in both directions is the KIND thing to do -- they could more easily silently drop the packets, which only makes life more difficult for the parties on either end.
What ppl really don't like is the fact that their ISP has a say in how they use the network -- and if you want to fight that fight, go ahead. But don't do it by making life harder for yourself, which is exactly what dropping packets instead of sending RSTs would do.
I agree. This is exactly what I thought when I read the article submitter's summary. If I had mod points I would mod you up.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Comcast, like most large companies, tend to do things they wish to do assuming they are right unless they are slapped down.
IANAL, but I hope that Comcast IS running afoul of the law, and that one or more AG offices will bring it to their attention and force them to stop.
(No, I'm not a Torrent user, I just don't like companies assuming they are above the law.)
I won't hold my breath, though - I don't like turning blue and falling to the floor...
--
Tomas
This method is how most content filters do their jobs. Why not just drop the traffic you ask? Well here's why.. if you don't reset the connections, both sides will just continue trying to communicate with one another by retransmitting the packets. That's why it's TCP and not UDP.. the whole trying to guarantee the delivery thing. Now, they're not just blocking on IP addresses. If that was the case they could just drop the traffic altogether and not need to "forge" anything. However, since it's discovering the traffic is P2P related later on, it does it in such a fashion.
:)
Now the other thing is that the IP addresses being used are owned by the ISP. I am not so sure this is really forging something on behalf of the customer that's breaking laws. The customer doesn't own that IP. On top of that (and I am ASS-U-MING HERE) they are probably breaking the acceptable use policy for the ISP. If they don't allow P2P stuff, you're in violation. They could do a lot worse stuff to be a PITA than just reset your connections.
Sending a RST packet is a perfectly legitimate way to close an unallowed TCP connection. Equating this with the criminal impersonation of another human being is beyond ludicrous.
That solution as written doesn't work, and even if it did, might still screw up the connection (because you want to un-set the RST flag, not throw away the whole packet). Also, some people have indicated that Comcast is doing more than just forging RSTs, they are also eating packets along the way, so it's not a silver bullet.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
MANY legitimate downloads of software and movies are via torrent.
Blocking the legal and legitimate downloads is NOT what the users are paying their provider (Comcast) to do...
--
Tomas
Yes, yes I did laugh. :)
How about all the users of bittorent downloading linux distro's and public domain movies convince all the users of bittorrent that download pirated movies/mp3s ripped from CDs/cracked software/etc to stop doing so...then comcasts crap-tastic network wouldn't be saturated with bittorrent traffic and they wouldn't be trying to stop bittorrent at all.
Yeah, not very realistic. Too bad a fuck-ton of rotten eggs are out there ruining it for the rest that want to use the software to download legal software.
Insert funny smart-ass comment here.
First, Spyder was not saying that he was Rosa, but even ignoring that, why do you say with certainty that this is not the same? This is standing up to a MUCH bigger bulley who is trying to take what is not theirs. It was no different than when the geek stood up to a circuit city store and then the police. That is a case that may make a difference, as might this (keeping our rights from those that would gladly steal them). You can bet that at the time of Rosa, the locals just thought it was a silly disturbance.
I prefer the "u" in honour as it seems to be missing these days.
Doesn't matter what laws they break and what people may say. They simply will not be punished.
Christopher(Tue Sep 04 2007 17:54:47 GMT-0400 (Eastern Daylight Time))>
Please provide me with a complete list of TCP/IP ports which Comcast actively blocks/filters/or limits traffic to users??
analyst Tallilee.7304 has entered room
Tallilee.7304(Tue Sep 04 2007 17:54:50 GMT-0400 (Eastern Daylight Time))>
Hello Christopher_, Thank you for contacting Comcast Live Chat Support. My name is Tallilee.7304. Please give me one moment to review your information.
Christopher_(Tue Sep 04 2007 17:55:23 GMT-0400 (Eastern Daylight Time))>
Hi
Tallilee.7304(Tue Sep 04 2007 17:55:18 GMT-0400 (Eastern Daylight Time))>
The only ports that may be actively blocked on the Comcast network are 67, 68, 135, 137, 138, 139, 445, 512, 520, and 1080 at this time. Any ports that are blocked will not be unblocked. If the port you would like to use is on this list, please select another port to use with your software. There are over 10,000 ports available for use. Please be advised that Comcast reserves the entitlement to block any ports on the network without prior notice. We thank you for understanding this security policy.
Christopher_(Tue Sep 04 2007 17:56:14 GMT-0400 (Eastern Daylight Time))>
I have read that Comcast is now actively retarding bittorrent traffic.
Tallilee.7304(Tue Sep 04 2007 17:56:09 GMT-0400 (Eastern Daylight Time))>
That is not a true statement.
Those who cannot remember the past are condemned to think "profiling is worse than the slaughter of innocent people..."
pot kettle etc.
Nobody who is downloading copyrighted stuff has any right to complain about this. As a content provider, I'm glad this ISP is taking a stand on behalf of people who actually create new content. There is a commercial aspect to P2P... for example AOL (in2tv) offers free media downloads using BitTorrent. In fact, it's been a great boom to push older content which has little commercial value yet a nitch market. As for new content, BT is a great system of distribution with a low in cost.
If you are truly a content provider, you should respect the rights of other content providers in choosing how they wish their material to be distributed.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Yeah, it is their network ? They "sell" the usage to me as unlimited, no provision about no P2P traffic.
Let's turn this around.
I pay them money. I have an issue with them using MY money to create such filters. Would it be ok for me then to pay them using fake money ? It is MY money, after all, yes ?
I wish you continued fun waiting for 2 hours in a download queue at Fileplanet to get a 50 kb/s download slot.
Want to hear the voice of GOD? cat
Dude, you're a dumb asshole. I and every other sane person on this fucking planet have a problem with someone SELLING US ONE THING AND DELIVERING ANOTHER. It's called fucking fraud. Now why don't you go back to sucking comcasts dick?
I haven't done a packet capture recently, but my Comcast modem is usually pegged with crap packets (port scans). Why don't they send some resets for potentially harmful packets, then they wouldn't have to worry about a few torrents.
Have a look at the method on line 22330g ate/usr/src/uts/common/inet/tcp/tcp.c
http://cvs.opensolaris.org/source/xref/onnv/onnv-
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
Maybe in ideal-happy-mutual-cooperation-land.
In reality, if you are a content provider trying to make a profit, you'll band together with other content providers where there is a common interest (say, enforcement of copyright, lobbying for narrower scope of "fair use", etc.) and, at all other times, do everything possible to guarantee you have a competitive edge over other cotnent providers, including making sure their content doesn't get to consumers when you can block it without facing consequences.
As for pot... from what I've seen it's an excellent drug for people on chemo. You can grow it your self, it addresses many issues associated with treatment, with minimal side effects. It has a very accepted medical use. It does have something to do with the general population as a good portion of the general population have had to deal with cancer. I'm not a pot smoker, but in the event I have to endure chemo, I would want medical marijuana available as an option.
But this is neither here nor there. There is a legit application for web traffic, SMTP traffic, and BT traffic.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
They send the RST to both ends. It's no good unless both do it.
Then again, if anyone figures out a way to stop it, they could advertise that they're plagued by that curse as part of the BT protocol and only bother conversing with those who can handle it. It should still be obvious that someone is sending data to a connection that should've been reset.
Then again, NATs and things like that in between could go crazy, because the 2nd packet could be lost long before it ever gets to your computer...
I don't agree that this is withing Comcasts's rights at all. They are in the business of selling me access to the Internet -- not just the portion of the Internet they agree with. Their ToS says nothing about we prevent connections we don't want you making, and you have to live with it.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
...and like the war on drugs they should assume you're guilty, seize all your assets (house, car, anything you have). And arrest you and put you in prison for 20 years cause we all know what a menace and danger to society a non-violent hippy is smoking a joint in the privacy of their own home. Right up there with murder y'know?! Think of the children. Only terrorists use bit torrent (and next week we'll see linux declared a tool terrorists and it's only valid use is circumventing copyright and hacking... got nothing to hide? why don't you use windows then?! ahhhh you must be one of those evil terrorists they warned me about on Faux News).
It all gets highly emotional and I don't expect a reasonable or intelligent political solution any time soon. It needs to be addressed through technology definitely, and not wait around for someone to slap down comcast over this. I remember years ago people warning against comcast doing some shit like this years down the road and here we are. Big surprise.
Why don't they just admit they are logging all communication in compliance with DHS orders, and also announce they are cooperating with the RIAA.
:)
Boom, instant 90% drop in customer bandwidth usage, and the rest of us could have 30Mbit connections instead of 3Mbit
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
Good God! I expect corporations to do bad things, but violating statues is a new low. Aren't they in violation of public decency laws, or are they doing this in private?
I miss the good old days, when being covered in bird crap was the worst thing to happen to public statues.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
"It's their network, so they get to decide what they choose to allow on it."
It is not their network, it is our network. Comcast is not selling access to a private Comcast network, they are providing access to the public Internet.
Well, you could make an analogy about a 24/7 mid-city gym. The gym has a number of exercise machines and a whole lot more customers. There's some fixed costs - square footage and exercise machine leases, and staff. In order to cover these costs, you need more customers than there's available machines.
The model would be shot if a number of people started hogging machines 24/7. It's not humanly possible - or preferable to do so (hell, who'd want to live at the gym?), and this is what's different about bandwidth and ISP's - you let the computer hog the resources - and it don't mind living at the gym.
One option for the ISP would be to give each customer his/her share of the total - comparable to say, getting a whole lot of skip ropes (cheap) and provide the customer with one each, the fee covering the square footage required for a lot of skipping, nothing else.
The other option is to get all these sexy machines and hope that cooperative usage of the resources and best effort - waiting for the machine for a few minutes if all the machines of your preferred type are in use - but again, the model is shot as soon as people start hogging them 24/7.
I suppose the analogy works for any number of other scenarios. Try sitting at a restaurant for six hours every day, buying one coffee. You will get thrown out before long. You can claim your 'right' to sit there since you pay them money, but from their perspective, you're a freeloader.
That's not to say some ISP's aren't cheapskates or have to cover up bad hardware investments by being so, but if anyone thinks that it's their money-given right to use up the last bit of pipe given to them and do so 24/7, well, the option of your own 32kB of (quasi-)guaranteed bandwidth to use in any way you deem fit sucks more and that's what you're ultimately asking for.
It shouldn't be. These companies are advertising access to the internet, there are decades old standards that describe how the internet is supposed to work, and "dropping packets because an router owner might not like the contents" isn't in any of the RFCs. There's a reason why Prodigy, AOL, MSN, Compuserve, and all the old proprietary networks had to become ISPs or become bankrupt, and that's because consumers demanded unrestricted networks. Giving us restricted networks but just calling them "internet access" is fraud.
So comcast has a few million customers.. and a handful are getting low bandwidth through bittorrent, I have comcast and Azeurus is smoking fast all depending on the amounts of seeders and leechers.. /. sheep.
There are so many variables but becuase some torrent providing site says so must makes it so.
However, I also have no problem with Comcast restricting the type of traffic that comes across their network.
This is all well and fine, if they actually said in their TOS that bittorrent traffic is not permitted. But they don't, do they?
Let's not pretend that most torrent traffic is legitimate...we all know it isn't. That's like suggesting legalization pot for everyone because it may help with some the side effects of chemo (there is no glaucoma benefit, btw). That argument has nothing to do with the general population.
The current drug laws work on the theory of "Some people use this substance for illegitimate purposes, so let's make it illegal even for those who want to use it legitimately.". I guess the same applies to bittorrent as well.
Frankly, blocking torrent traffic is the only sure way Comcast could secure themselves from lawsuits by copyright holders, which, I am sure, scares them a lot more than some nerds on Slashdot.
ISPs are common carriers, which makes them immune to such copyright lawsuits, in much the same way the RIAA won't sue AT&T if you decided to sing "Like a Virgin" over the phone. Under the DMCA all they have to do is take down alleged infringing content and notify alleged infrigers - if they do that, they have no liability.
I realize that to the nerdish mind falsifying the sender of an IP packet is equivalent to "impersonating another", but no sane prosecutor would ever make such a case.
Many business lawsuits these days hinge on distinctions about "where" a person is when they're online, "where" a company is when it operates online, "where" the transaction is taking place, and so on. A prosecutor who didn't at least argue the "impersonating another" in the alternative might be even acting negligently. This stuff isn't new to the courts. The 9th Circuit in particular is chock full of decisions that hinge on difficult line-drawing about identity and place.
It's not much of a stretch to say that if we can say someone is impersonating a minor in a chatroom, we could also say that impersonating the location from which a message was sent is also a form of impersonation.
Read the EFF's Fair Use FAQ
There was an incident several weeks ago where I was unable to upload anything on BitTorrent for several days (though downloading worked fine). Looking at what was happening, it looked like new connections were getting instantly terminated in a variety of ways - everything from time out (gotta love 0 ms time outs) to connection actively refused by target computer. Only a few days before the incident BT was working, so this came as quite a surprise. This led me to suspect that my ISP (Yahoo! DSL through SBC/AT&T) was also forging a variety of packets to kill BT uploading. However, about a week after this began, it stopped, so I'm not sure if it was a test run of something to come, or what. I haven't been able to find anything online about AT&T blocking BT uploads, but all the information I was able to gather suggests that's what was happening.
You have tried to support your argument with faulty reasoning! Go directly to jail; do not pass Go, do not collect $200!
When did the ISPs become common carriers?
Cable Internet Service Not Common Carrier
Is this article telling me NAT is illegal? Wow, seems like IPv6 should pick up the pace.
It is always better to be a first grade version of yourself than a second grade version of someone else.
Just to add my two cents, at least on my comcast connection, my torrent seeding has returned to normal after being nearly 0 for weeks including the time when the original story was posted on here a few weeks ago. i think they got scared :)
"Senator, I served with Jack Kennedy. I knew Jack Kennedy. Jack Kennedy was a friend of mine. Senator, you're no Jack Kennedy."
10001001111001110110011000011101110
Press - Nontechnical Summary
Comcast is in violation of Internet standards as well as United States Federal law in its use of devices which send "specially crafted packets" to its own users in order to disrupt those users' Internet Communications.
Executive Summary
Comcast's use of the Sandvine devices to prohibit its clients point-to-point Internet traffic is in violation of Internet standards as well as Federal law. Comcast's Terms of Service ("ToS") do not trump Federal Law. Further, Comcast's methods for blocking this traffic negate its claim that it offers "an Internet connection."
Press - Technical Summary
Comcast uses devices manufactured by Sandvine Incorporated ("http://www.sandvine.com"). These devices inject specially crafted RST packets purportedly from upsteam P2P peers to Comcast customers, which destroy existing legitimate TCP connections. By doing so Comcast not only violates the TCP standard, but also the Host Requirements standards, and by crafting the packet to appear as if it came from the remote upstream peer is violating Federal Law.
ROADMAP
This memo will address the following:
1. What makes one "part of the Internet" or "connected to the Internet"
2. What standards and specifications spell out what is allowed and disallowed on the Internet.
3. What laws exist that govern these in the United States
4. What Comcast does which violates these standards and specification.
BEING CONNECTED TO THE INTERNET
Connection to the Internet in 2007's "Broadband America" is a simple matter of three items:
1. Get a carrier to provide a connection
2. Have a piece of hardware (typically a PC, a Mac, or a Router) which can connect to that connection
3. Make sure that hardware has the right software (Windows, MacOS, or embedded IP) to speak the right protocols.
Getting a Carrier
In most areas, the dominant carrier for "broadband access" is the local cable company, most of which have their own dedicated coaxial and fiber infrastructure, and a franchise agreement or otherwise similarly codified effective monopoly. Alternate access may exist in the form of lower-speed via the telephone company's Digital Subscriber Loop ("DSL") or a wireless Internet Service Providers ("wISP"). These latter two offer speeds that rival 1/10th the Cable Companies advertised speeds* to 1/2 at best. Thus definitionally the only true "broad" band coverage is that provided only by the cable company. Getting the cable company to install a circuit is a simple matter usually handled by one telephone call, requiring no special contract or signature, and in most cases not even requiring a supervised site visit. (An unsupervised site visit by a technician to remove a high-pass or low-pass filter is sometimes required depending on the cable company's network.)
* Based on advertised speeds available in Tucson AZ, June-August 2007
Having a piece of hardware
A Personal Computer (PC) is available ubiquitously, and complete systems are sold throughout the Internet (e.g. eBay, Dell.com, etc.) and in stores (e.g. Best Buy, Circuit City, Walmart, etc.)
Having a piece of software
Most PCs come preloaded with a form of the Windows operating system. Mac systems come preloaded with MacOS. Either can be converted to running the popular and free open-source operating system Linux. Embedded routing devices run their own embedded operating system, often based on Linux.
INTERNET STANDARDS AND SPECIFICATIONS
1. There are standards all hosts on the Internet must adhere to. This includes all routers and end users' systems. (End-Systems and Intermediate Systems in ISO-speak.)
2. These are protocol standards that specify how a protocol is to be implemented
Hosts Requirement RFCs
RFC 1123 is the Host Requirements RFC. It is an official specification which "...supplements the primary protocol standards relating to hosts."[RFC-1123, para 1 "Status of This Memo"]. The "primary protocol standards relati
Please write that out long hand 1000 times.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
IANAL, but "criminal impersonation" seems like a bit of a stretch here. An IP address is not a person (remember we Civil Libertarians make exactly that same case when defending against the RIAA fishing expeditions, can't have it both ways). Comcast could also conceivably make that argument that since they reserve the right to block connections at their discretion they have the corollary right to inform the client that the connections are being blocked in the only way that the client will recognize and accept that information i.e. by forging the source address.
Doesn't Comcast have firewalls that are easily disrupted by the same sort of forged RST packets?
Perhaps some creative cyber-activism is in order? Someone teach them not to fuck with content.
If I want a static IP, I pay more. If I want more bandwidth, I pay more. If I want to run a mail server, you guessed it, I pay more. I think the solution is simple for ISPs if they're not too chicken to try it. Offer a premium "file monster" service for an extra $5/month. Don't phrase it that way of course, just roll out the usual price increases and a couple months later offer a "$5 discounted, non-p2p" service.
I almost feel dirty for posting this, but somebody else has already thought of it who didn't post to /. and seeing it here will make it sound familiar when they start doing it. Doubtless this will come as some vague fine print like ISP reserves the right to terminate disruptive traffic buried at the back of a bill.
Back in my day when we chiseled our bits into stone and sent them by mule train from village to village...
How long will it be until all major ISPs disallow incoming TCP connections and UDP packets? The benefits to ISPs are enormous:
1. 70% bandwidth reduction
2. No need for IPv6 because no customer needs their own IP address anymore
3. No need for customers to update software (UDP can be allowed to ISP's DNS servers)
4. Kickbacks from the MAFIAA for ending online piracy
5. 90% of customers would not notice the difference
6. Blizzard and Xbox Live will adapt by necessity
7. There's no way for a competitor to rise up and fill the void
8. Collusion will be overlooked because they're already regulated monopolies
9. Kickbacks from Congress and the NSA because it's much easier to monitor the few servers
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Sigh. Agreed. Sometimes "geeks" is too kind a word. We've had this discussion in the recent past and apparently no one's learned anything from the last time. We all can sit here with our internet bravado and talk lawsuit. But I'd be willing to bet my last paycheck that nothing will come of it. And I'll have to wade through all the excuses why, never mind that the why is because the geek is outside his element and it shows.
Face it, it's going to be the classic move, counter move and the ISPs have home court advantage. None of the complainers can clearly demonstrate that the world needs them more than they need the world. So lets pretend that piratebay is really Linuxbay and P2P is not really being used to move illegal content around. The rest of the world are "idiots" after all and they'll believe anything we say.
We told you that you'd regret breaking IPsec with NAT, but did any of you people listen to us? No. Now, you're going to have to set up VPN's if you want your Torrent love to flow. We told you this would happen.
Love, your pals, the end-to-end zealots in the IETF.
jhw
That analogy involved two things which I would have never expected to see related. Yet it actually seems both reasonably accurate and unstrained - why are you posting it to Slashdot?
(Worse, it doesn't have any cars in it - you know that's not how we do things round here!).
Who is John Cabal?
"I don't agree that this is withing Comcasts's rights at all. They are in the business of selling me access to the Internet -- not just the portion of the Internet they agree with."
Clue me in Mr keyboard. Why is it when we talk about YOUR rights? No one addresses the rights of the other customers affected by P2P clogging the network?
Shouldn't Comcast be looking out for MY rights as well? Does the Tragedy of the commons mean anything to you?
The reset packet is really only used during an aberrant 3 way handshake closure. There is no reset packet sent during a graceful teardown of the 3 way handshake. Modding your tcp stack or installing a firewall to ignore the rst packet will take care of this, likely with very little downside (haven't tried it yet). The open source IDS Snort can spoof a rst when it detects an attack (or anything else you told it to look for). The real question is: Does Comcast spoof a rst in both directions? Therefore not only spoofing a reset to a host on its network, but traversing how many other networks to send a reset to the other host. Hmm, very naughty.
The tcp/ip protocol evolved from a DARPA project. It was designed to route around failures. I think one reason why it is better to spoof resets when you are trying to squash traffic is that silently dropping packets is too easy to detect and route around. It is, after all technically a failure, albeit a deliberate one.
A few last thoughts. I saw somewhere that it might work if you inspected the hop counts on all incoming packets with the rst bit set and rejected the ones that were too low. Also what about good ole' Fragroute. Anybody tried using it while torrenting? It would at least make onlookers have to work a bit harder to ID the traffic.
It seems to me that the problem has more to do with IPsec's inclusion of the address in its hashes. If the address were ignored by the hash, NAT wouldn't be a problem. To identify senders, a second kind of address could be attached to the packet. This is how Xbox Live works.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Considering that most WoW players get their patches via torrents from Blizzard, wouldn't that be a pretty big, multi-million-person Class-Action lawsuit? Would Blizzard themselves have some footing to sue from as well (say, compensation for tech support issues caused by Comcast fucking with the internet)?
:-\
I less-than-three my shitty DSL.
I am Jack's Savage Beats.
My family has the same unlimited DSL connection that was sold to Jolly Roger next door who has BitTorrent pegging the block's bandwith allocation for 168 hours a week. This is partially responsible for the constant service outages and poor performance they experience (or, in family parlance, "It's Comcastic!"). Slashdot seems to get rather excised about Jolly Roger not getting the "unlimited" dirt-cheap bandwidth he thought he was going to get when he signed up for Comcast. Can you guys explain why my family needs to put up with terrible speeds on their moderate Internet usage to subsidize Roger's piracy, when they both bought the same package at the same price?
(Sure, sure -- blame Comcast. Believe me, we already do. The fact is, though, that if you're offered unmetered amounts of a finite resource and you then employ technology specifically designed to maximize your use of that resource that something will have to give. It might be Comcast's pricing model, but that would probably be pretty sucky: how many folks here would enjoy having bandwidth on the cellphone pricing plan, with a certain amount included, overages charges galore routinely affecting anyone with above-average needs, and a flat-rate plan costing about the price of your PC every month?)
Help poke pirates in the eyepatch, arr.
If a politician had complained about RST, how many Slashdotters would have blasted the guy for being an idiot and not knowing how firewalls work? How many *decades* have firewalls been sending RST packets, with nobody complaining? Note, I'm not defending them shutting down BT. I'm just saying that if they are using a RST packet, that's been an accepted practice for quite some time. It's the application of that RST packet that's an issue here.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Try NAT Traversal.
now we need to go OSS in diesel cars
I feel bad for you and your family. I really do.
The facts:
Comcast advertises unlimited throughput. (not Bandwidth which is different.)
The consumer has a reasonable expectation of unlimited throughput. (not Bandwidth which is different.)
The Internet of today takes up far more bandwidth than the Internet you're used to.
DSL does not share bandwidth with neighbors. Cable internet does.
I need that much bandwidth AND throughput.
Bandwidth is how much data the line can handled at any given moment.
At current, for comcast, it's 20Mbit downstream / 1.5Mbit upstream.
here are some more Facts.
I have a RIGHT to download Linux distributions which are often more than 4GB.
I have a RIGHT to download games from steam and direct2drive which are more than 4GB.
I have a RIGHT to stream videos from youtube, stage6, metacafe, and netflix.
I have a RIGHT to download game demos from fileplanet which are usually more than 1GB.
I use the Internet 24 hours a day. I have a queue of game demos and whatever else I want to download that day.
Your family not being able to get any bandwidth is not my fault.
Users do not control bandwidth. The ISP does. If you're not getting your fair share, it's their fault.
quit your whining and realize that you're not getting your fair share because you're not assertive enough to use your service for such needs.
They're using their grammar skills there.
Well, I'm normally a Comcast customer, but am away on vacation, and
hooked into the Internet on a broadband connection provided by another
cable company.
All weekend long, access to Comcast's stuff - splash page(s), e-mail
(via POP using Thunderbird), etc. has been extraordinarily S L O W.
I mean, e-mail was download at dial-up speeds if it downloaded at all,
mail servers were refusing to take passwords, etc., etc.
For an "ISP" the size of Comcast, it was absolutely inexcuseable and
deplorable. Of course, they'll deny to the hilt that there was any
kind of problem at all, and I didn't bother to call them because I run
Linux (although my wife suffers with Windows, and had the same issues).
If I had an alternative where I normally live, Comcast would be booted
ASAP.
The only problem I can see is if you have your BiTorrent Client set to "asshole" something like 100% of your upstream bandwidth. I have mine set at a fairly moderate 50% of my actual uploading bandwidth but even 75% would not screw your neighbors.
If you don't like what I write don't be a CS and mod it down. Refute it.
Yea I can't spell. So what is your point?
They route all your packets, without the normal IP bias, including: AppleTalk, NetBEUI, IPX, DecNET, SNA...
Packets containing unrecognized protocols are broadcast to all users on their network.
"I would guess about 10% of video is legal."
Besides the fact that almost all videos on YouTube (and other sites) are legal or fair use (or SHOULD be fair use), what about fansubs? Fansubbing is in that gray area where it's technically illegal, but anime companies would be crazy to crack down on it. Because of the honor code amongst most subbers, when an anime gets licensed, it stops being subbed. Furthermore, the benefits that fansubs have on anime in America are incalculable. Besides the fact that fansubs are originally what made anime popular here, they also serve to make series popular, and, in turn, serve as spectacular free marketing research for anime companies.
For instance, when Naruto was still only in Japan, it was a massively popular series in the fansub community over here. Anime licensing companies could see this and it showed them that bringing Naruto over to the US would be financially sound. This concept takes away much of the risk involved in localizing animes.
And, for some numbers to back me up, when The Melancholy of Haruhi Suzumiya was finally released here in America, the first DVD sold 60,000 copies. Compare this to Japan's 80,000 copies sold, and then consider the fact that those 60,000 copies were almost solely from the publicity of the fansubs.
DHCP and BOOTP, Microsoft file sharing vulnerability, RIP router protocol, socks attack/spam proxy, and port 512.
I have port 512 listed as "exec". While that sounds rather dangerous, it also sounds REALLY extinct. I think it's for accepting and running shell commands from any random place on the internet, kind of like rsh. Probably this is not the port 512 we're looking for.
Don't blame your neighbor, a single person isn't going to wreck your whole connection anyway. Blame Comcast for having such a crappy system and blame the government for rigging the playing field so that Comcast can get away with it. And agitate for more competition in this business, it's the best way to ensure we will get better service for less money.
Theres also a difference between the ISP slowing torrents say to 1/10 your normal speed(to me on the mean side) and cutting it entirely. If to make it so that the ISP can provide fair bandwidth to all its customers it needs to slow the heavy bandwidth traffic, thats something that most people can deal with(certainly not happy but its understandable) When an ISP just starts blocking a type of traffic is when they are really crossing the line on providing what they are selling.
Huh? Have you ever even set up a firewall? Assume you do a real one where the firewall system sits in the middle of all connections. There's various ways to handle the blocking of ports. One way is to outright block the port. Another way is to send something like an ICMP service unavailable (in response to UDP) or a TCP reset (in response to TCP). Either way, the firewall basically must forge the source address of the packet.
When I set up a firewall I often outright drop anything coming in from the internet destined for windows file sharing ports (135, 137, 138, 139, and 445 among others). The traffic simply never passes the firewall and just goes into a black hole. However, if the traffic came from the network I am firewalling (the "inside" so to speak) then I'll usually configure the firewall to respond with a TCP RST. Why? Because if you respond with a TCP RST then the Windows client will immediately recognize that it can't connect rather than waiting for 60 seconds or longer. If I accidently mistype an IP of some machine I really don't want to have to wait 60 seconds while Windows Explorer completely HANGS because there is basically no way to cancel a request.
By your logic, I should now be brought up on charges because I forged a TCP RST.
Now, in this case their firewalls aren't in the middle but are merely snooping on traffic. When they want to drop a TCP connection they simply send a RST to both ends which does the job nicely without having to have the firewall pass all traffic. If it drops a packet, it's not that big of a deal. If it goes down there's simply no longer a firewall.
What most people seem to be mad about is that Comcast is using a firewall on their traffic. But ask yourself what would you do if you were in Comcast's position. There is no way in hell they could afford to provide the full advertised downstream and upstream bandwidth 24/7. That's why your cable modem costs a whole lot less than a bandwidth-guaranteed T1. And it's not just for consumers. Businesses who just want an internet connection are now able to get cable modems as well and it's a huge money saver over a T1 because it means you get to burst at much faster speeds and aren't paying for the full bandwidth all the way to an internet backbone which you aren't even using anyway.
BitTorrent is by design a very greedy protocol. It is fully intended to suck up every last drop of available bandwidth. Comcast has a number of customers to serve with its limited uplink bandwidth. What it does have is pretty amazing but it's still nowhere near capable of saturating every subscriber's line simultaneously. When you got your cable modem service you agreed to this. That's what the whole "speeds may vary" footnote that accompanies cable and DSL advertisements is for.
Comcast is not in fact outright blocking BitTorrent traffic. It seems instead that they send a RST to both ends of BitTorrent TCP connections to force them to close. BitTorrent will turn around and make another connection with different peers. My guess is that they aren't killing all connections, just a random subset of them. This has the effect of throttling BitTorrent down without actually preventing anyone from using BitTorrent, just preventing BitTorrent from taking up all available network bandwidth.
What would you suggest that Comcast do? Not throttle anything? They'd have to increase their uplink bandwidth considerably. Do you suggest the government force them not to firewall anything? Now what.. who do you think is going to pay the added cost? It sure as hell isn't going to be Comcast, they'd sooner exit the business entirely, as would any other sensible business person.
The bottom line is that it really makes no difference what BitTorrent is being used for. Even if you're using it only to download the latest ISO of your favorite Linux distribution it still costs Comcast a lot of bandwidth. A lot more than if you were to just find a fast mirror with the ISO you want. I am pretty
hahaha busted!
For cable modems and DSL, the local distribution transmission technologies are asymmetric, but the upstream media from the head end or DSLAM on up normally has more slack, so the technology tends to limit the amount of resources P2P can consume. It's obviously better if you're uploading material that's being downloaded by somebody on your local distribution network, but for general applications that's unlikely - too few people want too many different files. (Large Universities are a special case, where the bulk of the traffic is probably for relatively popular material, students have more shared tastes than random neighborhoods, and upstream is usually faster and often symmetric.)
The "backbone" bandwidth, which is what costs broadband companies money based on traffic levels, is going to be more affected financially than technically - it's a small number of locations, and broadband companies can monitor it fairly easily so they can keep up with growth. The scalability issues are really critical here - if people usually upload material to other users of the same carrier and in the same geographical area, they're not touching the backbone for high-volume media, only for tracker support, and since _everybody_ on the consumer broadband networks is primarily an information consumer, not producer, the traffic's more likely to stay local, and the traffic ratios which affect what the broadband company pays for traffic are very skewed and P2P balances them a bit rather than exacerbating them. Overall backbone downstream traffic can still increase, but carriers that care about that should be encouraging their customers to use protocols that download locally when possible, and can put up their own P2P caching servers (i.e. fast user machines) if they want to reduce imports from outside.
Napster had centralized databases tracking who was downloading what songs, so if they wanted to they could easily enough have made sure that users stayed within their local networks whenever possible, especially for universities that had scaling problems. BitTorrent trackers can provide somewhat the same capability, if they want to. The fancy way to do it is to look at BGP autonomous system numbers to determine who's sharing with whom, but even just trying to keep systems in the same
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
the real hazard to their infrastructure is the marketing department's insistence on overselling (basically, fraudulently misrepresenting) their capacity.
If opportunity came disguised as temptation, one knock would be enough.
3^2 * 67^1 * 977^1
But throttling or cancelling transfers based upon the content being carried means that they are exercising editorial control over the traffic they carry. This puts them under a different set of rules; if they block or cripple transfers of content types that they prohibit, then they are demonstrating that they are capable of monitoring the content of the transmissions and exerting control over what content is carried. This makes them liable for any illegal / actionable transfers - they were watching the transfers, they knew the laws - so if something "wrong" slips through it's because of negligence or a willful omission on the ISP's part.
Of course, these corporate ISPs like having it both ways; all the benefits of common carrier status, but not having to carry all the bits they promised to carry in their customer contracts.
I see several in this thread claiming that it's unreasonable to expect Comcast to supply the unlimited access they sold. Some state that overselling their capacity is a normal practice. I call BS here: they willingly contracted with their customers to provide unlimited internet access. Intentionally providing less than the contracted bandwidth / access is fraud. The claims that they don't have enough bandwidth available to support the demand (while true) isn't an excuse - it's further proof that they intended to defraud their customers. They knew they didn't have the necessary resources but continued to sign up customers - knowing full well that these customers would not receive what they paid for.
The problem isn't that people are using more bandwidth than they "should". The problem is that Comcast / Others sold internet access when they didn't have sufficient resources to support that access. If they are forced to upgrade their systems, buy more bandwidth, or upgrade data centers - it's their problem, not ours. They wouldn't need to make those expenditures if they hadn't sold more than they had available to sell in the first place.
They'll cripple and monetize internet access to the extent that we'll allow. If filtering Bit Torrent works out OK for them, then they'll move on to other bandwidth-heavy transfers. What happens now will determine what happens to YouTube in a few months...
By your logic, I should now be brought up on charges because I forged a TCP RST.
Well, you are forging it from your own domain, not a third party. I would be okay if my dauther told the salesman on the phone that I was not in. I wouldn't want my operator to step in and do that.
I will work to elevate you, just enough to bring you down
This is a bit of a tangent from the parent post, but I'm curious, and there's a lot of smart people here so I'm sure someone can answer:
I understand the benefits of having a shared connection: if neighbors A, B, C, and D use the internet for nothing but email all day, except for every now and then downloading a big file or two, then A can get more bandwidth for his download by sucking up some of the unused bandwidth from B, C, and D; instead of getting only his share (25% )of the shared connection to their block, he can use 85% of it for a little while, and nobody minds because they weren't using it anyway. It's better, in some ways, than having a guaranteed amount of bandwidth which is usually more than you need and occasionally less than you need.
But, why can't it be set it up so that if A is using 85% of bandwidth, while B, C, and D are each using their normal 5% for email, and then suddenly D wants to use his full 25% for a bit, A gets kicked down to 65% of the bandwidth until A is done with his more intensive usage? In other words, why can't they BOTH guarantee that you'll get, say, 5Mbps at all times you want it, but ALSO let you use more than that if not everyone on your block is maxing theirs out?
Like on the LAN at my house here; we've got four people living here, one of whom uses BitTorrent a lot, another one of which is a gamer who can't stand the damn lag that the torrenter's constant downloading causes, so we configured the router so that BitTorrent gets lowest priority, and whenever anything else wants to use the connection, torrent gets throttled. Why isn't that possible to do on a per-household basis: you get full priority up to (e.g.) 5Mbps, and while you're free to use more bandwidth beyond that if it's available, if any other household on the block wants to use some portion of the remaining bandwidth, you get throttled to make room for them.
Seems like it'd be the best of both worlds.
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
If you set up a firewall, you can send RSTs as much as you want, since you represent the systems behind the firewall. Looking at the the physical traffic, it is indeed not the systems themselves declining the connection, however, at the logical and organisational levels, it is definitely your systems (and in case of a company, that means you the company) that are declining connection. Therefore, no forgery.
Comcast however, is doing no such thing. They are sending RST packets on behalf of unrelated third parties, unasked for, while pretending to be said third party. That is forgery.
And yes, I am a firewall administrator.
Mart"I know I will be modded down for this": where's the option '-1, Asking for it'?
I'm skipping the TCP RST as I mostly agree with what you are saying, though I would say that comcast doing it is MUCH more irritating than myself doing it. I agree with many posters above that it should call into question their common carrier status if they are only doing it to file sharing protocols. You can't have it both ways.
"But ask yourself what would you do if you were in Comcast's position. There is no way in hell they could afford to provide the full advertised downstream and upstream bandwidth 24/7. That's why your cable modem costs a whole lot less than a bandwidth-guaranteed T1. And it's not just for consumers. Businesses who just want an internet connection are now able to get cable modems as well and it's a huge money saver over a T1 because it means you get to burst at much faster speeds and aren't paying for the full bandwidth all the way to an internet backbone which you aren't even using anyway."
Therein lies the problem - at least where I live Comcast runs tons of commercials showing people cheering about the money saved with no loss going with them. Were I in Comcast's shoes and I were not able to provide that I wouldn't advertise it as such - especially if it was something I was artificially throttling through TCP resets (MUCH harder to defend in a lawsuit). Had they sold their service under a different idea then yea, I would fully agree. But at is they heavily commercial one thing, have their service contract vaguely say something else, and finally do something totally different from both and hope people bend over and take it because "what else are they to do - it costs too much money".
There is no reason to quote the rest of your stuff as I agree - Bittorrent is a bandwidth hog and Comcast has WAY oversold what their bandwidth can service. But then, that is their fault for advertising things they can not hope to even come close to covering. There is no other consumer market where that is acceptable. Lets face it, if Denny's ran commercials with normal ingredients as caviar, swallows nest, sea bass, truffles, and other high end items, put a small note in the bottom "ingredients may differ", and then you got spam, American cheese, and old lettuce there would be a VERY strong legal case against them. No difference here - they shouldn't commercial what they will not give and the small print isn't going to save them. With them also heavily commercialing their home service for streaming videos this is only going to get worse.
That being said - I use Comcast and have had no real issues. In fact, I'm constantly surprised what I do doesn't get any note sent to me. This month I have over 70 gigs down and an unknown amount upstream and not a peep from them, this was not really a heavy or light month and I've been a customer for about 6 years now (and there have been months where I have gone WAY over that). I've had their service technicians be as courteous as can be expected (though since I generally knew what the issue was I just pretended to do what they wanted until I got to who I needed to talk too, I understand why the lower level people wouldn't just move me on and stayed very polite) and I even had my cable modem replaced at no charge or questions when I told them it "quit working" (I spilled a bottle of soda in it).
But, if I had the above happen to me I would be quite irritated - they sold me a service and I expect the service they advertised to be provided. I can pay the same price to the local DSL provider and have *none* of those issues though their advertised bandwidth is less you *do* actually get all of it (and it is greater than what many are reporting). That type of little finger to mouth rationalization doesn't work in almost any other field and I suspect it will not work if this type of thing goes to court. My guess is that I live in a fairly rural area and they do not have bandwidth issues so I get to hog all I want.
------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
Slap a filter on all your web sites and torrent trackers that keep Comcast customers out.
Give the reasons that all the bogus resets cause wasted connections and time and deny legitimate users from using the service effectively.
That's just the technical end. No effective net changing strategy will work on only that basis. It requires social fixes also.
Notify Comacst customers what's happening and why. Tell them the action is against Comcast, not them, that you're sorry for them, but have no other choice due to Comcast's actions. Tell them to contact Comcast to tell them to either remove the block or they'll change services or call a class action suit.
The Comcast users become collateral damage. It's a sad thing, but it's what happens sometimes. If it's presented to them in the right way, they'll become and loyal and effective allies.
It's worked before. Against Worldcom/UUNet, PSINet, the pipe into India via their country's long distance, network and satellite company affecting 90% of India, and others. It was called the Usenet Death Penalty. Look it up. It made news stories all over the world. The biggest, against Worldcom, was launched on a Friday evening so they couldn't react until Monday, and by Thursday afternoon John Sidgemore made them change their corporate policy to cut off their downstreams that were major spam sources (which was the reason all these were done). In all cases I/we got many emails from effected customers decrying the need for this, but supporting the action and us, most of them promising to step up complaints against the company involved.
A key is to get individuals participating in doing this based on a publicized suggestions from someone who doesn't participate. That makes the people doing it a temporary autonomous group, not an official body or organized group with a membership or leadership. The result of that is each individual has to be pursued one by one, and they can just drop off if and when they need to, and come back on at another point. Best way is to set aside a few people who aren't participating themselvess, but are holding forth the whys and wherefores, and acting as contacts for the affected users, the press, and inevitably the company.
It works, oh my yes. Combine technical and social tactics, and you'll have them by the nadgers. As big and bullying and rich and litigious as the companies are, they all rely on a user base. When that base threatens to jump ship, they listen and things get done.
The 70% to 80% figure doesn't hold water. The same was said about the increase in traffic on usenet binaries groups, and that was fought off in some cases and gave rise to companies advertising specifically to provide them in others. There's nothing in their TOS that says what sort of programs the users can and can't use, just as when they decided to start dropping and blocking alt.binaries.*. There's stuff about illegal activities which is good and for a good reason, but it's up to the company to prove that's going on. If they don't, forcing their customers to drop P2P connections regardless of content is denial of service, and that's illegal. Since their doing it to people who are paying them to provide the service their denying, it's also fraud. With those points made to the media prior to and during the action, and with some affected but supporting Comcast members having their word in, it'd be damn hard for Comcast to defend itself without looking like thugs, and if they don't defend themselves they look like hypocritical and greedy thieves.
I'm serious. This works a charm. Set up and laid out properly, its the perfect media fodder to garner support -- the little guys inside and out fighting the awful corporate ogre to take back the net. And, it stirs up righteousness more of the affected users, bring them on board, and it's enormous fun for those doing the actual fighting against the suits.
Not planned and executed properly, it falls apart when the press is able to make the action look like a blackmail attempt. P
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Haven't you heard? Comcast has just landed the contract to be the ISP of Hell.
...because "hacker" sounds way sexier than "code drone."
Bottlenecks.
...because "hacker" sounds way sexier than "code drone."
"Comcast (and the other large ISP firms) evade responsibility for the traffic they carry by being "common carriers". The law recognizes that if they just move bits then they're not responsible for - or even aware of the content being transferred."
Let's get this nonsense out of the way.
I suggest you read this before parrotting slashdot.
"But throttling or cancelling transfers based upon the content being carried means that they are exercising editorial control over the traffic they carry."
Not only incorrect (content!=type) but with all the encryption going on impossible.
"I see several in this thread claiming that it's unreasonable to expect Comcast to supply the unlimited access they sold. Some state that overselling their capacity is a normal practice. I call BS here: they willingly contracted with their customers to provide unlimited internet access."
Well it's not only "common carriers" who interprete agreements for their own ends. If you actually read the agreement you sign, it doesn't say you have unlimited bandwidth. Physics would tell you that, let alone common sense.
"The problem isn't that people are using more bandwidth than they "should". The problem is that Comcast / Others sold internet access when they didn't have sufficient resources to support that access. If they are forced to upgrade their systems, buy more bandwidth, or upgrade data centers - it's their problem, not ours."
Unless all the above are free? I'd say it's definately YOUR problem.
"They'll cripple and monetize internet access to the extent that we'll allow. If filtering Bit Torrent works out OK for them, then they'll move on to other bandwidth-heavy transfers. What happens now will determine what happens to YouTube in a few months..."
The same thing that happens to anything using a shared resource.
"Well, you could make an analogy about a 24/7 mid-city gym. The gym has a number of exercise machines and a whole lot more customers. There's some fixed costs - square footage and exercise machine leases, and staff. In order to cover these costs, you need more customers than there's available machines."
Nice analogy. Try this one on for size. Think of a long hallway a given width. Now march people down it single file. I could do this all day, right? I could even send others side by side to the limits of the width. Now Imagine everyone all trying to get down that hallway at once. Chaos and everyone suffers. Now hopefully people understand that bandwith is finite, while throughput is unlimited over time.*
I should also point out that for a geek forum peoples knowledge about TCP/IP is woefully inadequate. That knowledge is very important in understanding why P2P has such a negative impact on networks.
"That's not to say some ISP's aren't cheapskates or have to cover up bad hardware investments by being so, but if anyone thinks that it's their money-given right to use up the last bit of pipe given to them and do so 24/7, well, the option of your own 32kB of (quasi-)guaranteed bandwidth to use in any way you deem fit sucks more and that's what you're ultimately asking for."
Problem is that a lot of people are doing it without an understanding of the issue like you explained. e.g. ignorance.
*I'm ignoring the "walking vs running" aspect which has limits of it's own.
Personally, I am quite convinced that anti-encryption interests have been actively involved in the IPSEC standardization process in order to make the standard complicated and hard to understand, use and implement properly. Can there be any other explanation for the baroque complexity of IPSEC?
Why are they using such an arcane method of filtering?
It's a cable network. Comcast owns all the endpoints. Why don't they just use QoS and traffic shaping?
Using TCP RST packets seems like such an error-prone and arcane method of doing this.
I have a cable modem connection from Comcast. Being in the habit of working from places other than home and trying to sync files and whatnot with my machines at home, I was very irritated when they started doing this. I noticed it immediately. After I had made a few SSH connections, (around 5 or so,) all of my open SSH connections would cease responding, and I couldn't successfully connect again for a substantial period of time -- maybe 30 minutes or so. After doing some research, I discovered that Comcast was using some sort of system from Sandvine. (http://www.sandvine.com/) I don't really have proof that Sandvine is providing whatever they are using to do this, but the behavior seems consistent with the type of capability that Sandvine claims to offer.
I was able to work around this by keeping an SSH session open with a tunnel to the machine in question, (thereby not triggering the Sandvine gear by only having initiated one connection over the timeframe.) One day, I was irritated enough by the situation to attempt to communicate my displeasure to Comcast and see if they would do anything about it. Being a regular customer trying to maintain the level of service I previously had from a large company whose greed steadily increases, you can guess what happened. I saved the chat session. I'm not going to post it, because they probably have it stored somewhere as well, and will sue me into oblivion if I post it, but I will provide the relevant details.
I asked the guy why they started disconnecting my TCP sessions every time I try to make more than a very small number of connections in a decently-sized period of time. He replied something like: " I know of no recent changes to the connection protocol that would do what you're describing. "
Thinking this was a slightly strange answer, I forwarded him links to all my research about Comcast's use of Sandvine gear that is advertised as having the capabilities that I suspected they were using, and he didn't say anything. I told him that this was causing me substantial difficulties and asked if they would disable this "feature" from my account. He said he couldn't do that, and that if I wanted a "remote session" that I should upgrade to the "Comcast Workplace" service that was almost twice the price of my current service. I then very clearly asked him something like: "so, basically, if I want to continue having Comcast as my internet provider, I have to pay twice as much as I am now, (already about $50/month) or I have to deal with Comcast messing with my TCP sessions?" He said something like, "Pretty much, yeah."
So there you have it. It isn't a myth -- they've reduced the value of your service without telling you, instead just letting you find out by having to debug your stuff, and then lie to you about having done it until you shove it in their face that you know what is going on.
I'd jump ship immediately, but Verizon has decided that they aren't going to support DSL at my address, so I'm either going to have to pay a lot more, live with this crap, or move. I haven't fully decided what I'm going to do yet. Needless to say, I'm extremely pissed off.
Forgery of packets is still forgery.
There is little legal distinction between allowing SOME illegal activity, and allowing someone to do whatever the hell they damn please in the area. A system of forging packets simply can not lend itself to being an inherently trustworthy system. There will ALWAYS be false positives, false negatives, etc., this is the axiom of enforcement, which will hurt customers and reduce the reliability of the system as a whole. If a company wishes to enforce network traffic, then they also must be held accountable for the impact that their actions have on the traffic that they do and do not allow, both lawful and unlawful.
In other words you can no longer enjoy the freedoms of a common carrier. It's all or nothing baby, no half-assing it is allowed.
I mean, DUH.
From the terminal application: [Substitute '12345' for whatever port you run BitTorrent on] sudo ipfw add 00300 drop tcp from any to any dst-port 12345 in tcpflags rst
It's about advertising fraud. Let me repeat, it's about advertising fraud, not about "fairness" or "sharing".
If the gym in you analogy promised 24/7 access for any length of time without clear limitations, and you decided to hang out on the equipment for that whole time, they could not throw you out. If you paid the coffee house a monthly fee to have 25/7 access to the coffee house, and then they threw you out for spending too much time there, once again, they'd be in trouble.
What 'sucks', genius, is that a company feels they are legally safe in selling what they can't actually redeem. The only good analogy is airlines, who overbook and then bump you. But note, that even in that case, they will then actually give you a seat of the same class on a later flight - they don't reserve the right to simply bump 10% of the traffic without any recourse.
See, the "pipe" is not given to them ; it's not an academic network where we all share nicely. It was sold to them with explicit promises. Those promises are fraudulent if they can not be redeemed.
But I guess this is just a bit too sophisticated for some. Simply demanding that Comcast et. al., simply honestly advertise their product - say "Up to 10Gbytes/week" or such would be too much to ask for. It might hurt their feelings.
Remember, back in the days of dialup? You'd advertise say 80hrs/month, and maybe actually give a bit more if your infrastructure allowed it. But you couldn't sell "24/7" and then cut someone off because they had their connection on "24/7". Unfortunately, today most broadband vendors have a monopoly or duopoly, so they can defraud people as much as the like. That's why for phone service, electricity and water we have public commissions to at least limit the fraud and abuse.
Gahh, what a country full of moronic lapdogs we have today.
All comcast customers, on Friday the 14th, try to connect to a P2P network for "Legit" reasons.
Then when they shape/change your TCP packet, go to the small claims court in your county and sue them for that months service charge. If enough people do that for the next 6 months, it will stop.
They do not breed enough lawyers to defend the cases, that and the cost would drive them out of business.
I am not on comcast or I would join the battle...
-- I am the NRA, enough said...
The reasonable solution is simple. Tie the TCP RST injection to the usage data they're already collecting (statement based on the fact that they send high bandwidth users that breech their invisible caps letters) and use it to throttle the people who are the problem. If I use bittorrent to download upload a few GB a month, I shouldn't have to suffer not being able to seed because bittorrent on the whole is a problem. It's not a problem with limited usage, it's a problem with constant, abusive usage (outside of everyone on the node using it simultaneously). Limit the abusers, not the regular users.
...and you've eaten your pen. simply stunning.
I know this has been widely reported but, as a Comcast customer, I have to say that I have not yet had any issues with BitTorrent downloads. Perhaps Comcast in the Seattle, Washington area has not yet deployed this tactic and/or is experimenting in other area's of the country before rolling it out to every area they service?
I am Jack's smirking revenge.
It is obvious, then, that if the network itself cannot be trusted, then it is COMCAST downloading MP3s these days.
;)
It'd make for interesting reading, the "Oh yeah? My ISP has a track record of forging network traffic." defense.
We've secretly replaced Slashdot with new Folgers Crystals - let's see if it notices.
Comca$t can't break the law. They are the law. Blocking local channels, forging torrent traffic, doubling rates every 3 years. It's all in a day's work for the Com.
It looks like the times for Christopher and for Tallilee are just coming from different sources (their client machines, perhaps?) and are off by a few seconds to a minute. Notice how each of her responses has a timestamp earlier than his previous message. I think it's probably legit.
Dr Superlove 300ml. I use my powers for awesome
They're lying. Christopher DID read that.
Intron: the portion of DNA which expresses nothing useful.
Even worse, these packets count towards your cap...
Causing you to get TOSed earlier.
Yes, this is a real problem. RST packets are several hundred megabytes in size, so a few blocked connections and you will go right over your monthly transfer limit. You are absolutely right to be concerned about this particular aspect of the issue, you fucking idiot.
Define a user of BitTorrent vs. an abuser? I don't believe Comcast is disallowing seeding completely, they are simply dropping connections when bandwidth is tight which has the effect of rate-limiting BitTorrent. It most likely allows 1 in x connections to go unscathed and/or allows connections to last only for a certain amount of time (enough to get a few chunks through) which means you aren't really prevented from seeding and BitTorrent still works for everyone, just not as quickly. The BitTorrent program by design will go seek another peer.
Essentially, the point is that use of BitTorrent at all beats the shit out of Comcast's network. If bandwidth is available, it can be allowed to work. If bandwidth is unavailable then it needs to be throttled down because BitTorrent is a very abusive protocol.
It's not about the guy next door. It's about me who uses bit torrent once in a blue moon and comcast keeps resetting my #$@$ connection everytime I try!
I have Comcast and noticed my uploads were no longer working as of 3-4 weeks ago. Downloads still work fine. However, if you use a client like Azureus, you can enable encrypted uploads and downloads, and all is well again.
While there is a lot of debate about net neutrality and protocol throttling there are some fundamental problems developing that I don't see great answers to.
I have found that sites typically experience a 50% to 100% bandwidth growth per year. While we all talk about the need for more bandwidth, this bandwidth is being used more thoroughly. It isn't just bursting up to peak, it is more sustained throughput, denser traffic. This is just the reality of internet growth. This trend is only going to continue with things like WAN acceleration, heavier use of UDP, heavier and more integrated use of P2P and distributed file transfers. I think the ISPs are afraid to accept this reality.
I think what frightens the the ISPs is that the bandwith growth and utilization is tracking to exceed what they can economically deliver. There is a big cost difference between 100Mb, Gig and 10 Gig when looking at switches, routers and firewalls. To some extent, network costs are quantized. You can put in a NxT1 solution, but once you get past about 6Mb you start looking at a DS3 with much more expensive routers, much higher access charges, greater port costs. Then once you need more than 45Mb you jump up to OC3 and packet over SONET cards and significantly more expensive routers, etc., etc., etc.
All this while there is heavy price competition. I just don't see good options on the horizon for the amount of growth that needs to happen. The options then become acceleration, byte level caching and packet shaping. Doing more with the same amount of bandwidth. I worry less about the last mile problem and more about the capacity of the providers.
Doesn't work for P2P networks like BitTorrent.
jhw
Well this story is off the page but a link I read earlier makes the point that it was subscribers who footed the bill. While the government may have given the needed permissions. That's not the same thing as taxpayer funding. Plus I noticed he dragged cable companies and "other" into this discussion which just tells me it's a "big business" rant than any kind of conclusion based upon facts.
BTW I think this (1.6 MB) is the PDF that slashdot claims proves their point.
"You are correct. I note that a number of phone company shills that have tried to discredit your statement, so I will respond here instead of trying to correct each one."
Riigght. Correcting someone who throws truths, half-truths, and flat out wrong information makes one a shill. Buddy, it's people like you that make America the A**hole country it is today. Arrogant to the point that your right, always right, and if anyone dares say otherwise, you'll invade...or at least namecall.
--- A man with a briefcase can steal more money, than any man with a gun. [Don Henley]
I've often thought that I should be allowed to just pay something "up to" whatever my monthly bills amount to. I mean, is it MY fault if I oversubscribe my monthly income?
For example, Comcast's Acceptable Use Policy:
Here are a couple of the "Prohibted Uses and Activities":
Also note (emphasis mine):
I'm suffering from the Comcast BitTorrent blues, and have read that the issue seems regional. Is it possible that Comcast has only unleashed this weapon in markets where they have a broadband advantage, with few/no competitors?
Sure would like for this to be the case, and even more for it to be illegal.