Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Admits Delaying, Not Blocking, P2P Traffic

Posted by ryuzaki0 on from the oh-yeah-thats-fine-then-nevermind dept.

haibijon writes "The executive declined to talk in detail about the technology, citing spammers or other miscreants who might exploit that knowledge. But he insisted the company was not stopping file transfers from happening, only postponing them in certain cases. He compared it to making a phone call and getting a busy signal, then trying again and getting through."

18 of 287 comments (clear)

  1. Cool by Rik+Sweeney · · Score: 1, Insightful

    That'll please everyone trying to download the latest version of Ubuntu. Just to make sure this doesn't happen in the future I'll hammer the server directly.

    But enough of my whining, Prison Break was on last night...

    --
    Summation 2
  2. He compares it to a phone call.... by OctoberSky · · Score: 5, Insightful

    I compare it to paying a gym membership, heading towards the treadmill only to be stopped by a trainer and told there is someone on it already. You look, see no one is on it, ask again and are allowed to use it. Sometimes the trainer comes over and tells you that you have to get off for someone else. Everytime you get off, no one else gets on. So you have to restart your workout whenever the trainer asks.

    1. Re:He compares it to a phone call.... by rtb61 · · Score: 4, Insightful
      I see it more like a courier. You call a courier, put you package in the van and away it goes travelling down a Comcast owned toll way. Along they way a bunch of Comcast hijackers jump out from behind a bush, pull the van over, grab your package and throw it into a ditch. The van driver informs you your package has been dumped, doesn't tell you exactly why, and you have to call another courier a hope this time the package makes it.

      By the way, you get charged each and every time the courier drives on the Comcast toll way, even when the additional traffic is as a result of their, fraudulent actions. The actions are fraudulent because, it is costing you in additional computer time, in additional energy usage, in your lost time and of course additional traffic charges (all traffic counts especially when unlimited, ain't really unlimited).

      --
      Chaos - everything, everywhere, everywhen
  3. Makes me wonder by The-Ixian · · Score: 3, Insightful

    if they are simply port blocking or doing deep packet inspection. If it is the former I would think it would be pretty easy to circumnavigate...if it is the latter....then I suppose SSL would be the solution.

    --
    My eyes reflect the stars and a smile lights up my face.
    1. Re:Makes me wonder by Anonymous Coward · · Score: 3, Insightful

      SSL isn't going to protect against a man-in-the-middle attack unless you're verifying certificates. That means web pages are likely safe from manipulation by some intelligent equipment in the middle, but it seems unlikely that bittorrent nodes have certificates signed by a CA (otherwise, the device in the middle can just make its own self-signed cert as needed and you'll never know).

      I'm pretty sure that equipment already exists which can do that for encrypted bittorrent traffic.

    2. Re:Makes me wonder by BosstonesOwn · · Score: 2, Insightful

      To make a point in spite of killing my ability to mod, what happens when they just start wiping out encrypted packets next ? One cable started throttling encrypted traffic as well and basically killed vpn for every one.

      The idea f this being a cat and mouse game should be absurd , they should stop mangling any data and design capacity to handle this issue. Move on to docsis 3.0 and then keep the uploads where they are , maybe see if bonding upstream channels are possible to loosen the network up a little.

      The thought I have to play cat and mouse to help FOSS community when seeding debian torrents, just pisses me off. I pay for the high speed tier and I help the community with a service I paid for. To me this sets a dangerous precedence and it could make this an option for other companies who don't want to develop their networks to deal with the coming generation of applications that may need more bandwidth. When they start breaking protocols but leave spambots and bot nets alone I have a real issue.

      --
      This package Does Not Contain a Winner
    3. Re:Makes me wonder by Andy+Dodd · · Score: 2, Insightful

      I agree.

      What the Comcast rep is describing in the article sounds like QoS - Any time there's a queue in a router somewhere, BT traffic goes to the back of the line. The end result is that if the network is being heavily used for other more latency/bandwidth critical uses, BT slows down, but if you use BT at 4 AM when no one else is using the network it'll be nice and fast.

      What Comcast is actually doing is forcing connections to close if they have certain traffic patterns, regardless of whether or not the network is busy at that time. i.e. BT (and other functions, such as Lotus Domino apparently) is adversely affected regardless of what time of day it is or whether it is even necessary to throttle BT.

      Unfortunately, since it's based on traffic analysis (and not content analysis) and their system conducts a MITM attack against the transport layer (TCP) instead of the application layer, application layer encryption such as SSL won't help. You need an encrypted transport, either a custom one layered over UDP, or TCP through a VPN tunnel to defeat Comcast's system. Also, the traffic-based analysis scheme significantly increases the chance of false positives, which is why Lotus Domino users are apparently getting shafted in certain situations.

      --
      retrorocket.o not found, launch anyway?
    4. Re:Makes me wonder by evilviper · · Score: 2, Insightful

      Comcast can't currently afford to intercept all SSL connections, inspect the certificate to see if they can forge it, and proxy the connection just to do packet inspection.

      No need for that:

      Require all users to add and authorize Comcast's cert.
      Proxy all SSL/TLS connections.
      Block all other encrypted traffic.

      Even if comcast tries to join the network to disrupt it, they can't disrupt communication between nodes when the chain-of-authority does not use their keys,

      What? Why would they need to "join" bittorrent in order to disrupt it?

      See encrypted traffic using lots of bandwidth? Send forged TCP RST packets to source and destination. Disconnected.

      Standard (host-to-host) encryption can't do anything to prevent such man-in-the-middle DoS tricks. Full-fledged IPv6 does, but that's another story.

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    5. Re:Makes me wonder by Husgaard · · Score: 2, Insightful

      From what I understand, they are forging packets that make your BT client think that peers have hung up on you.

      Technically this means they are lying to the customers using BT. And the purpose of their lying is financial gain.

      But isn't this the definition of fraud? Why is nobody going to jail for this?

  4. Merely delaying the packets - beyond the TTL by GuyverDH · · Score: 3, Insightful

    Sorry about that - oh, did your precious cargo expire?

    What, you were transporting critical medical records via Torrent? and someone died? Too bad - we were preventing you from pirating movies / music / software.

    See, the problem here is that they cannot know what is being transported. The protocol by itself is not bad. If that were the case, they'd have to block TCP/IP - as all bad things over the net come through via TCP/IP - of course - all good things come that way too....

    --
    Who is general failure, and why is he reading my hard drive?
  5. First Class or Coach? by hyades1 · · Score: 2, Insightful

    This sounds a lot like getting the camel's nose into the tent. Once it's established that there are two or more "classes" of information, and those classes can be treated differently, there's endless opportunities to make some customers "a little more equal" than others. And charge them a premium, of course.

    I'm thinking of an airline that's planning to ensure that if you fly coach, your bags will be the last ones off the plane.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  6. Just shy of the bullseye... by glindsey · · Score: 5, Insightful

    He compared it to making a phone call and getting a busy signal, then trying again and getting through Hey, good phone analogy, but you're not quite right, Mr. Comcast Executive. Let me try to lend you a hand: it's like already being on a phone call and having it dropped in the middle of your conversation. Over and over and over. And it makes you so angry you vow you're going to cancel your service and switch to a competitor, except you can't, because they're the Phone Company, the only game in town.

    At least, that's the way it works for a huge portion of Comcast's service area, including large swaths of Chicagoland.
  7. it's against the TOS by m2943 · · Score: 1, Insightful

    Comcast's TOS explicitly disallow running any form of public server or P2P services, so I really don't see why people are complaining about it. If you want to run P2P, subscribe to a plan or provider that permits it.

    Or, if you think that people should be permitted to run any service they like, then stand up for government regulations that force all providers to let them do this.

    But I'm tired of this pseudo-libertarian bullshit where people complain about evil big business writing restrictive contracts on the one hand, and whine about big bad government on the other.

  8. Bad analogy.. by bleh-of-the-huns · · Score: 2, Insightful

    I disagree with comcasts analogy. Its not like getting a busy signal, its like an operator coming on the line mid conversation and tell both partys please try again later and disconnecting them. The busy signal occurs when you initiate the call and the receiving end is busy an unable to answer. What they are doing is at a certain threshold (that no one knows of course), getting into the middle of the connection, pretending to be each other, and disconnecting the connection.

    A better analogy for comcast to use would be something along the lines of we are promoting identify theft by pretending to be the recipient and closing your connection so we can redirect the traffic and steal whatever you are downloading :) (okay the last paragraph is sorta absurd.. but still it amused me when I read that back to myself so it stays)

    --
    I came, I conquered, I coredumped
  9. Re:Sure, Comcast. by mindmaster064 · · Score: 2, Insightful

    The major problem is this is a classic man in the middle attack right out of the textbook. If I did this to a bank I would be going to jail. Who cares if it's traffic shaping or whatever? There are legitmate ways to shape traffic without manipulating the data path. This is a recipe for disaster when one of these transparent mediators decides to fail and inject garbage into the streams. Comcast is playing with fire here and they're gonna get burnt up with it. First it will be this, then it will be your World of Warcraft, http streaming videos from google or whatever. It doesn't just stop with bittorrent.

  10. Re:Forged RST Packet Traffic Shaping by mikeee · · Score: 2, Insightful

    That's clever. What you really want is a router/NAT in front of your home net that held incoming RST packets for, say, 250ms, and then dropped rather than forwarding them if they were followed by data packets. (Any of the current traffic-shaping modules easily capable of this?)

    Comcast could still *block* the connection, but then they'd have to be using some kind of statefull firewall, which is much more expensive and doubtful to be worth the bother.

  11. Bad Analogy by SeaFox · · Score: 2, Insightful

    He compared it to making a phone call and getting a busy signal, then trying again and getting through.


    In the case of getting a busy signal, the party you are trying to reach is already on the phone, thereby denying you the ability to reach them.* This is more like you try to call someone and get the "all circuits are busy" message, then try again and get through. The point is in the example he used, the reason you can't connect is because of the answering party, not your phone company. Which closer to what is happening. And getting the "all circuits is busy" message is a sign of too little capacity, and considered poor service. Which is really what's going on at Comcast, too.

    ------
    * We'll ignore CallWaiting, and the fact most phone companies let you have two calls running at the same time, alternating between them. Heck on some can combine them into a conference call on the fly.
  12. Postponing by nobodymk2 · · Score: 2, Insightful

    Request Timeout. Request Timeout. Request Timeout. Request Timeout. 100% loss. That's basically the effect of postponing. You don't *need* to postpone it indefinitely, you can delay it until it times out... and send bogus data to everyone that fails in the checksum so it looks like they aren't actually modifying your transmission speed.