Comcast Admits Delaying, Not Blocking, P2P Traffic

haibijon writes "The executive declined to talk in detail about the technology, citing spammers or other miscreants who might exploit that knowledge. But he insisted the company was not stopping file transfers from happening, only postponing them in certain cases. He compared it to making a phone call and getting a busy signal, then trying again and getting through."

Sure, Comcast.

[EveryNickIsTaken]

On that note, I'm not "cancelling" my service with you. I'm merely "delaying" signing back up with your company (indefinitely).

Re:Sure, Comcast.

[Mille+Mots]

I think a more apt analogy would be something like, "I'm not refusing to pay my bill. Think of it as having the check returned for NSF and then having to resubmit it and it goes through." I'm sure that they wouldn't have a problem with that, considering all the Nigerian scammers out there trying to get your routing information.

Re:Sure, Comcast.

[mindmaster064]

The major problem is this is a classic man in the middle attack right out of the textbook. If I did this to a bank I would be going to jail. Who cares if it's traffic shaping or whatever? There are legitmate ways to shape traffic without manipulating the data path. This is a recipe for disaster when one of these transparent mediators decides to fail and inject garbage into the streams. Comcast is playing with fire here and they're gonna get burnt up with it. First it will be this, then it will be your World of Warcraft, http streaming videos from google or whatever. It doesn't just stop with bittorrent.

Re:Sure, Comcast.

[Rude+Turnip]

I worked for a bank in college...you can't post-date a check. Specifically, it won't matter if you post-date it; it's cashed or deposited when presented.

Re:Sure, Comcast.

[Merk]

Speaking of canceling your service, it sounds like a good time to talk alternatives. I, like many people here I'm sure, want a service that gives me the following:

• A static IP (or multiple static IPs)
• Honest usage caps, if it's unlimited, it's unlimited and maybe I pay a bit more. If it's limited, I want to know the limits
• High bandwidth, low latency
• No packet filtering or port blocking
• The option to run servers (web, mail, game, etc.)
• Something not too expensive (i.e. I don't want to pay for "business" service if I can avoid it, because business rates are much higher than home rates, probably because of the expectation of higher support costs)

Does anybody have suggestions for services which meet these goals? I am not currently a comcast user, I use speakeasy. They give you static IPs and let you run servers, but these days they're not exactly high bandwidth or cheap, so I'm looking at alternatives, especially after they were bought by best buy. I know some options are only available in some areas, but I'm sure there are a lot of people who want the same thing, so if you know of a good option even if it is only local, speak up.

"Postponing..."

[InvisblePinkUnicorn]

So they're not actually stopping the transfers, they're postponing them indefinitely.

*Sigh of relief*

Re:"Postponing..."

[dunkelfalke]

it's not dead, it's resting ;-)

Re:"Postponing..."

[Adambomb]

It is an Ex-Packet!

I'm not delinquent in paying my bill

[mandark1967]

I'm just delaying it...I tried to put my payment in the mailbox and there were other letters there so I waited until it was less congested....

He compares it to a phone call....

[OctoberSky]

I compare it to paying a gym membership, heading towards the treadmill only to be stopped by a trainer and told there is someone on it already. You look, see no one is on it, ask again and are allowed to use it. Sometimes the trainer comes over and tells you that you have to get off for someone else. Everytime you get off, no one else gets on. So you have to restart your workout whenever the trainer asks.

Re:He compares it to a phone call....

what is this "gym" you speak of?

Re:He compares it to a phone call....

[rtb61]

I see it more like a courier. You call a courier, put you package in the van and away it goes travelling down a Comcast owned toll way. Along they way a bunch of Comcast hijackers jump out from behind a bush, pull the van over, grab your package and throw it into a ditch. The van driver informs you your package has been dumped, doesn't tell you exactly why, and you have to call another courier a hope this time the package makes it.

By the way, you get charged each and every time the courier drives on the Comcast toll way, even when the additional traffic is as a result of their, fraudulent actions. The actions are fraudulent because, it is costing you in additional computer time, in additional energy usage, in your lost time and of course additional traffic charges (all traffic counts especially when unlimited, ain't really unlimited).

Makes me wonder

[The-Ixian]

if they are simply port blocking or doing deep packet inspection. If it is the former I would think it would be pretty easy to circumnavigate...if it is the latter....then I suppose SSL would be the solution.

Re:Makes me wonder

SSL isn't going to protect against a man-in-the-middle attack unless you're verifying certificates. That means web pages are likely safe from manipulation by some intelligent equipment in the middle, but it seems unlikely that bittorrent nodes have certificates signed by a CA (otherwise, the device in the middle can just make its own self-signed cert as needed and you'll never know).

I'm pretty sure that equipment already exists which can do that for encrypted bittorrent traffic.

Re:Makes me wonder

[walt-sjc]

From what I understand, they are forging packets that make your BT client think that peers have hung up on you. Since they (comcast) are the man-in-the-middle, they can easily perform these types of attacks.

And that's what this is. An attack. QOS would just slow things down, this kills. I don't mind QOS. I do mind active damage.

It's time to take p2p to the next level - implementing some of the concepts of the old freenet (the encryption part) and make the traffic unidentifiable. Maybe move it to UDP and make it look like DNS. Or Skype.

Re:Makes me wonder

[BosstonesOwn]

To make a point in spite of killing my ability to mod, what happens when they just start wiping out encrypted packets next ? One cable started throttling encrypted traffic as well and basically killed vpn for every one.

The idea f this being a cat and mouse game should be absurd , they should stop mangling any data and design capacity to handle this issue. Move on to docsis 3.0 and then keep the uploads where they are , maybe see if bonding upstream channels are possible to loosen the network up a little.

The thought I have to play cat and mouse to help FOSS community when seeding debian torrents, just pisses me off. I pay for the high speed tier and I help the community with a service I paid for. To me this sets a dangerous precedence and it could make this an option for other companies who don't want to develop their networks to deal with the coming generation of applications that may need more bandwidth. When they start breaking protocols but leave spambots and bot nets alone I have a real issue.

Re:Makes me wonder

[norton_I]

Technically that is certainly true. You could make the legal argument that presenting a certificate as belonging to another organization if fraud.

Not that it matters for the moment. Comcast can't currently afford to intercept all SSL connections, inspect the certificate to see if they can forge it, and proxy the connection just to do packet inspection.

Furthermore, I think you can prevent that. Essentially, create a new "CA" key whenever you create a .torrent file, and include the public key in the .torrent. Then, on-the-fly build a chain of authority stemming from that key. Then, whenever you get directed to a new peer, the message includes a public key for that peer, signed by your current peer, and so forth. Even if comcast tries to join the network to disrupt it, they can't disrupt communication between nodes when the chain-of-authority does not use their keys, and if tampering is detected, their keys can be revoked, un-authenticating any bogus keys they have generated and signed.

Sounds like a fun project, actually, assuming it doesn't already exist.

Re:Makes me wonder

[rriven]

it also had a policy to outright block all encrypted traffic that wasn't coming over port 80

I feel sorry for your friend. Https is done over port 443 not 80. (http://en.wikipedia.org/wiki/HTTPS)

Every https webisite I have tried to view over port 80 has given me an error. https://www.bankofamerica.com:80/

Re:Makes me wonder

[Andy+Dodd]

I agree.

What the Comcast rep is describing in the article sounds like QoS - Any time there's a queue in a router somewhere, BT traffic goes to the back of the line. The end result is that if the network is being heavily used for other more latency/bandwidth critical uses, BT slows down, but if you use BT at 4 AM when no one else is using the network it'll be nice and fast.

What Comcast is actually doing is forcing connections to close if they have certain traffic patterns, regardless of whether or not the network is busy at that time. i.e. BT (and other functions, such as Lotus Domino apparently) is adversely affected regardless of what time of day it is or whether it is even necessary to throttle BT.

Unfortunately, since it's based on traffic analysis (and not content analysis) and their system conducts a MITM attack against the transport layer (TCP) instead of the application layer, application layer encryption such as SSL won't help. You need an encrypted transport, either a custom one layered over UDP, or TCP through a VPN tunnel to defeat Comcast's system. Also, the traffic-based analysis scheme significantly increases the chance of false positives, which is why Lotus Domino users are apparently getting shafted in certain situations.

Re:Makes me wonder

[evilviper]

Comcast can't currently afford to intercept all SSL connections, inspect the certificate to see if they can forge it, and proxy the connection just to do packet inspection.

No need for that:

Require all users to add and authorize Comcast's cert.
Proxy all SSL/TLS connections.
Block all other encrypted traffic.

Even if comcast tries to join the network to disrupt it, they can't disrupt communication between nodes when the chain-of-authority does not use their keys,

What? Why would they need to "join" bittorrent in order to disrupt it?

See encrypted traffic using lots of bandwidth? Send forged TCP RST packets to source and destination. Disconnected.

Standard (host-to-host) encryption can't do anything to prevent such man-in-the-middle DoS tricks. Full-fledged IPv6 does, but that's another story.

Re:Makes me wonder

[Husgaard]

From what I understand, they are forging packets that make your BT client think that peers have hung up on you.

Technically this means they are lying to the customers using BT. And the purpose of their lying is financial gain.

But isn't this the definition of fraud? Why is nobody going to jail for this?

Merely delaying the packets - beyond the TTL

[GuyverDH]

Sorry about that - oh, did your precious cargo expire?

What, you were transporting critical medical records via Torrent? and someone died? Too bad - we were preventing you from pirating movies / music / software.

See, the problem here is that they cannot know what is being transported. The protocol by itself is not bad. If that were the case, they'd have to block TCP/IP - as all bad things over the net come through via TCP/IP - of course - all good things come that way too....

Re:Merely delaying the packets - beyond the TTL

[BlowHole666]

TCP/IP - of course - all good things come that way too....

Yes like my porn, and that order for my new wife.

First Class or Coach?

[hyades1]

This sounds a lot like getting the camel's nose into the tent. Once it's established that there are two or more "classes" of information, and those classes can be treated differently, there's endless opportunities to make some customers "a little more equal" than others. And charge them a premium, of course.

I'm thinking of an airline that's planning to ensure that if you fly coach, your bags will be the last ones off the plane.

Re:First Class or Coach?

[CRCulver]

I'm thinking of an airline that's planning to ensure that if you fly coach, your bags will be the last ones off the plane.

You must be thinking of them all, then, since it was established in the discussion to that story that most airlines have offered these services for years already.

I've noticed this behavior

[Maestro485]

I like to leave my Slackware downloads seeding just for the hell of it, and I've noticed that Comcast doesn't exactly block the traffic but does something similar to what this article describes. During certain hours (typically mid-morning and evening, roughly), all torrent activity will cease for a minute or two and then resume normally. This only happens at certain "peak" times and usually rather infrequently. Torrent speeds are generally quite good later on at night and on the weekends.

Not that I agree with Comcast screwing around with traffic and killing off connections, but they at least appear to be telling the truth here.

False advertising?

[DoofusOfDeath]

Does Comcast advertise very high transfer speeds? Because if they advertise that, knowing that they intentionally force lower speeds for some kinds of traffic, that sounds like fraud.

Comcast is still lying -- and not just about this

[Arrogant-Bastard]

As has been noted in numerous places, Comcast isn't just forging RST packets to disrupt P2P traffic -- they're also doing it to disrupt Lotus Notes traffic...which makes the "we're doing it to stop the bad guys" excuse a transparent lie.

Moreover, disrupting P2P traffic will have no effect on "spammers and other miscreants", as they have far more sophisticated, self-organizing C&C methods already deployed. (No doubt having anticipated that use of traditional P2P would leave them vulnerable to such countermeaures.)

But the truly galling part is that Comcast continues to repeat the same big lie they trotted out years ago: "We take the spam problem seriously". This is utter nonsense, of course; spam emission levels from their network continue to steadily increase, as they have for half a decade, to the point where their only serious rival for the #1 spot on the world's list of top spam-sending network is Verizon.

So what this episode tells us is that Comcast has the capability to monitor and modify traffic, but only chooses to do so when it might affect their profits -- not when it might could the unceasing flow of abuse outbound from their network.

Just shy of the bullseye...

[glindsey]

He compared it to making a phone call and getting a busy signal, then trying again and getting through Hey, good phone analogy, but you're not quite right, Mr. Comcast Executive. Let me try to lend you a hand: it's like already being on a phone call and having it dropped in the middle of your conversation. Over and over and over. And it makes you so angry you vow you're going to cancel your service and switch to a competitor, except you can't, because they're the Phone Company, the only game in town.

At least, that's the way it works for a huge portion of Comcast's service area, including large swaths of Chicagoland.

Should have used tubes...

[MosesJones]

Comparing with a phone service is correct, if they did this to a commercial customer and deliberately stopped a certain percentage of calls that had to then be re-dialled they would be accused of blocking calls.

He should have said "its like a set of tubes its just that P2P traffic is heavier so it sinks to the bottom, and as everyone knows with rivers they flow slower at the bottom so we aren't delaying them its just that P2P traffic is like a Pike, its a heavier fish that swims at the bottom while the normal internet stuff is like a salmon at the surface. Pike also eat cute little ducklings so P2P is evil"

Re:Comcast is still lying -- and not just about th

[Lumpy]

Last friday they had a large layoff in their Ad sales division. I know of several people that lost their job there and many said they did this country wide, gutting lots of jobs.

Funny though, they did not trim the fat. Lots of middle management still there that really are not needed.

Me thinks Comcast is circling the toilet bowl. still on the outer edge but we all know the spiral is a logarithmic one.

I'm waiting for the next round on the CableTV side (oh yea it's coming!). I have a bunch of friends there as well and they give the heads up after the axe starts swinging.

cool part is my company can hire some incredibly talented people that comcast cast aside in their ignorance.

nothing new for canadians

[whydotheydothat]

Rogers does that in Canada on a regular basis. When I called them up, they admitted they block bit torrent. I asked them why don't they do this AFTER i use all my "unlimited" 60GB/month ($50)? No answer. Go figure.

Re:Cool

[speaker+of+the+truth]

But enough of my whining, Prison Break was on last night... And apparently now its on your computer. I guess someone isn't with Comcast.

Re:Interesting (...speaking of FIOS)

[Arrogant-Bastard]

It's possible to track FIOS rollouts merely by noting spam sources whose rDNS matches it, e.g., "*.fios.verizon.net". To date, this has been a 100.00% indicator of spam. For example, in the last few minutes, one of my mail servers has observed the following:

pool-70-104-193-136.nrflva.fios.verizon.net
pool-71-170-157-58.dllstx.fios.verizon.net
pool-71-178-175-162.washdc.fios.verizon.net
pool-71-180-67-156.tampfl.fios.verizon.net
pool-71-187-176-23.nwrknj.fios.verizon.net
pool-71-245-227-130.bstnma.fios.verizon.net
pool-71-245-247-31.nycmny.fios.verizon.net
pool-71-245-74-238.prvdri.fios.verizon.net
pool-71-251-69-183.tampfl.fios.verizon.net
pool-72-64-87-227.dllstx.fios.verizon.net
pool-72-66-1-223.washdc.fios.verizon.net
pool-72-75-227-248.bflony.fios.verizon.net
pool-72-90-121-2.ptldor.fios.verizon.net
pool-72-94-19-223.phlapa.fios.verizon.net
pool-72-95-136-185.pitbpa.fios.verizon.net
pool-96-229-80-50.lsanca.fios.verizon.net

That's a mail server with one user. Production mail servers with tens of thousands of users typically note 5000-10000 such systems every day.

So from here, it appears that new FIOS rollouts are being 0wned nearly as quickly as they're connected, and that they're staying 0wned. I'm sure the spammers are quite pleased with the quality service provided by Verizon et.al.

Bad analogy..

[bleh-of-the-huns]

I disagree with comcasts analogy. Its not like getting a busy signal, its like an operator coming on the line mid conversation and tell both partys please try again later and disconnecting them. The busy signal occurs when you initiate the call and the receiving end is busy an unable to answer. What they are doing is at a certain threshold (that no one knows of course), getting into the middle of the connection, pretending to be each other, and disconnecting the connection.

A better analogy for comcast to use would be something along the lines of we are promoting identify theft by pretending to be the recipient and closing your connection so we can redirect the traffic and steal whatever you are downloading :) (okay the last paragraph is sorta absurd.. but still it amused me when I read that back to myself so it stays)

The obvious solution

[Danathar]

Well obviously if this is affecting you should drop Comcast and chose from the 3 or 4 other major broadband providers that can provide megabit service to your home.

Oh..that's right...there aren't any other major providers in your area....

Forged RST Packet Traffic Shaping

[Agripa]

I am not blocking forged RST packets from Comcast IP addresses. I am just placing them into a very long delay queue in my traffic shaper.

Re:Forged RST Packet Traffic Shaping

[mikeee]

That's clever. What you really want is a router/NAT in front of your home net that held incoming RST packets for, say, 250ms, and then dropped rather than forwarding them if they were followed by data packets. (Any of the current traffic-shaping modules easily capable of this?)

Comcast could still *block* the connection, but then they'd have to be using some kind of statefull firewall, which is much more expensive and doubtful to be worth the bother.

Bittorrent 'for profits'

[p00pyd00py]

Anyone know of any companies that make revenue by selling products or services that are transferred via BitTorrent? If so maybe they should file a lawsuit against Comcast to recover damages. I went back and forth from Comcast to Verizon and then tried Cavtel for a while. I'm currently using Comcast but am going to leave them and go back to Cavtel. I do not want anyone screwing around with my packets.

btw, "busy signal" = TCP-RESET

Re:Laughable concept, post-dating

[Hellkitten]

Back in the olden days, when people used to write checks, a friend of mine used to make his phone bills payable to "Adolf Hitler" and "Ayatollah Khomenei" and they all went through, every one of them.

That's because they both work for the phone companies

Bad Analogy

[SeaFox]

He compared it to making a phone call and getting a busy signal, then trying again and getting through.

In the case of getting a busy signal, the party you are trying to reach is already on the phone, thereby denying you the ability to reach them.* This is more like you try to call someone and get the "all circuits are busy" message, then try again and get through. The point is in the example he used, the reason you can't connect is because of the answering party, not your phone company. Which closer to what is happening. And getting the "all circuits is busy" message is a sign of too little capacity, and considered poor service. Which is really what's going on at Comcast, too.

------
* We'll ignore CallWaiting, and the fact most phone companies let you have two calls running at the same time, alternating between them. Heck on some can combine them into a conference call on the fly.

Postponing

[nobodymk2]

Request Timeout. Request Timeout. Request Timeout. Request Timeout. 100% loss. That's basically the effect of postponing. You don't *need* to postpone it indefinitely, you can delay it until it times out... and send bogus data to everyone that fails in the checksum so it looks like they aren't actually modifying your transmission speed.