Slashdot Mirror
Comcast Forging Packets To Filter Torrents
An anonymous reader writes "It's been widely reported by now that Comcast is throttling BitTorrent traffic. What has escaped attention is the fact that Comcast, like the Great Firewall of China uses forged TCP Reset (RST) packets to do the job. While the Chinese government can do what they want, it turns out that Comcast may actually be violating criminal impersonation statutes in states around the country. Simply put, while it's legal to block traffic on your network, forging data to and from customers is a big no-no."
There are a lot of legal bittorrent downloads. Most linux distros are available this way as well as a large number of public domain movies.
http://www.publicdomaintorrents.com/
http://www.starwreck.com/download.php
http://www.zeitgeistmovie.com/
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
take a look at http://www.dslreports.com/forum/comcast and you will note that plenty of examples of this impersonation exist. They disconnect by impersonation after about 10 seconds of seeding, and it seems to be courtesy of Sandvine. Gotta love lack of net neutrality here, although I am not in favor of extreme net neutrality, some would be, well, nice.
Blocking bittorrent causes the client to find other open ports (if you are using port-based blocking). As an ISP, by throttling it way back to almost nil, but keeping it as an established connection, you have a better chance at keeping bittorrent traffic from overcoming your own upstream/downstream connection to your provider.
Yeah, it works better. Sending a RST packet closes the TCP connection. Just eating the packet would cause the computer to resend it, creating more traffic on the network. The forged-RST attack is "fire and forget." You identify a TCP connection that has bad traffic in it, and then you target the connection. It doesn't require matching every packet, you can instead look for patterns of packets that indicate types of traffic you dislike, and then just terminate it, and move on to the next connection. It may use deep-packet inspection, but it's not a 'packet blocking' attack. It's better, because it avoids having the computers retransmit packets that just contribute to the traffic you need to screen.
It's a fairly insidious way to block traffic, which is why the Chinese do it. Frankly it's a fundamental weakness of TCP: it wasn't really designed to cope with hostile intermediate nodes. (Flaky ones, sure, but not hostile ones.) You could configure your computer to reject RST packets, but then you'd end up leaving connections open all over the place and cause all sorts of other problems. It's not something that you can trivially work around.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Christopher(Tue Sep 04 2007 17:54:47 GMT-0400 (Eastern Daylight Time))>
Please provide me with a complete list of TCP/IP ports which Comcast actively blocks/filters/or limits traffic to users??
analyst Tallilee.7304 has entered room
Tallilee.7304(Tue Sep 04 2007 17:54:50 GMT-0400 (Eastern Daylight Time))>
Hello Christopher_, Thank you for contacting Comcast Live Chat Support. My name is Tallilee.7304. Please give me one moment to review your information.
Christopher_(Tue Sep 04 2007 17:55:23 GMT-0400 (Eastern Daylight Time))>
Hi
Tallilee.7304(Tue Sep 04 2007 17:55:18 GMT-0400 (Eastern Daylight Time))>
The only ports that may be actively blocked on the Comcast network are 67, 68, 135, 137, 138, 139, 445, 512, 520, and 1080 at this time. Any ports that are blocked will not be unblocked. If the port you would like to use is on this list, please select another port to use with your software. There are over 10,000 ports available for use. Please be advised that Comcast reserves the entitlement to block any ports on the network without prior notice. We thank you for understanding this security policy.
Christopher_(Tue Sep 04 2007 17:56:14 GMT-0400 (Eastern Daylight Time))>
I have read that Comcast is now actively retarding bittorrent traffic.
Tallilee.7304(Tue Sep 04 2007 17:56:09 GMT-0400 (Eastern Daylight Time))>
That is not a true statement.
Those who cannot remember the past are condemned to think "profiling is worse than the slaughter of innocent people..."
See the WP for a list of a few things (including WoW updates) that use BitTorrent.
If the ISPs filter based on torrent source, then they cease to be common carriers, and lose common carrier protection. Then they immediately become liable for every case of copyright infringement that they are accessory to.
I don't think they'd like that choice.
If they are common carriers, then they are supposed to be indifferent to WHAT they are carrying, like the mail or the phones. If an extortion threat is transmitted by mail, you can't sue the post office. Not just because it's acting as an agent of the govt, but because it's a common carrier. (UPS is just as protected.) They aren't supposed to know or care what they're carrying. If they did, and demonstrated the capability of filtering it by filtering some of it, then they would lose their common carrier status, and become liable as accessories to extortion, e.g.
OTOH, I don't want them pretending to be me. Not at all. That should be grounds for a suit. It should also be grounds for criminal prosecution not only of those who implemented it, but of all of their supervisors, managers, etc. also. Including the boards of directors. It shouldn't have a particular onerous penalty...say 10 days for each separate offense. Cumulative. I'll be generous, and say 1 day per instance. I.e., 1 day per false packet.
I think we've pushed this "anyone can grow up to be president" thing too far.