Slashdot Mirror
Google Caught in Comcast Traffic Filtering?
marcan writes "Comcast users are reporting 'connection reset' errors while loading Google. The problem seems to have been coming and going over the past few days, and often disappears only to return a few minutes later. Apparently the problem only affects some of Google's IPs and services. Analysis of the PCAP packet dumps reveals several injected fake RSTs, which are very similar to the ones seen coming from the Great Firewall of China [PDF]. Did Google somehow get caught up in one of Comcast's blacklists, or are the heuristics flagging Google as a file-sharer due to the heavy traffic?"
I'm on Comcast, and haven't had any problems. Doesn't mean they're not doing it elsewhere, but they don't seem to be doing it here.
ZuluPad, the wiki notepad on crack
70% of all "file sharers" use Google. Anyone with even a small background in statistics can see that Google is behind all this piracy. Comcast is simply watching out for our economy. I say good for them. Now if they would only do something about that wretched Slashdot and its wanker community.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
After all, doesn't Google host more copyrighted content than any other person/company in the world? ;)
Has Comcast by any chance partnered with another search engine? Completely coincidentally of course?
when my Google Apps site suddenly wouldn't work.
http://www.CelloFourteGroupie.net
Starting yesterday my Gmail Notifier Firefox extension stopped working at home where we have Comcast, but at work it works just fine. I thought maybe the plugin had broken due to some API changes or something but I thought it was odd it worked one place and not the other. This really seems like it's related and even though I believe Gmail Notifier is a third party extension, it's still accessing Google's servers.
Comcast is really pissing me off. But what's my other option: Qwest DSL.
Reviewing just the first hour of video games.
Hard. Nothing worse than a pissed off multi-billion dollar company suing your ass off. That will teach them.
Knowledge is power. Knowledge shared is power lost.
Is the title clear enough? I can't imagine any judge or jury saying Comcast is allowed to impersonate Google and tell Comcast customers they're not allowed to use Google's services or that Google's services are overwhelmed and shutting down connections. That's essentially what forged, fraudulent RST packets from a MITM attack are doing. That can't possibly be considered a legitimate business practice in court.
If Google were being wrongly flagged, and Google ends up suing the ass off Comcast to put an end to this bullshit.
Just who are these goggle people, and why are they trying to clog my internets?
Seriously, Comcast needs to rethink things. It's pretty obvious they don't actually want to be a responsible ISP. Why do they stay in the game? There are perfectly acceptable ways to make money without being vilified for every decision you make.
I'm waiting for a "-1 somepeoplejustshouldn'tgetmodprivileges" meta-moderation.
Maybe Google is including some spoofed information in their packets, to test what Comcast is filtering for (and/or to sabotage the filtering system with false positives). There was a time when it wouldn't have surprised us to see their "Don't be evil" policy extended to this kind of jab at an evil policy elsewhere.
My Photography - http://ian-x.com
The Deathlings (comic) - http://thedeathlings.com
Before a move a couple of years ago I had been on Comcast for several years and had numerous issues. They couldn't seem to keep a DNS system working. I wish I had known about Opendns back then. Nothing is ultimately surprising, but I find it hard to believe that Comcast's anti-p2p methods would target google.com.
use connection tracking on this one:
iptables -I INPUT -j LOG -p tcp -m tcp --tcp-flags RST RST -m conntrack --ctstate NEW,INVALID
The fake RST will probably not have a valid sequence number for the established TCP connection, so the Linux stack will flag it as a NEW connection, and the fact that you're getting a RST for a NEW connection should be good enough alarm.
Or maybe it would also work with just the matching code
iptables -I INPUT -j LOG -p tcp -m tcp --tcp-flags RST RST -m state --state NEW,INVALID
What do y'all think?
Wow. I thought I was going mad. This happens very often with my Crapcast.
I'm a comcast user and Google has been unaccessible on and off for several months now. If this is because of sandvine (intentionally or otherwise) this would be quite the bombshell. Comcast seems to be doing their best to ensure that net neutrality will become a fact of life in the future.
When loading a Google Page, an intermediate page pops up saying
"Your ISP is interfering with the transmission of data requested from Google our users, and as a result we are unable to consistently provide advanced services to you. You will be redirected to a more basic version of Google's services so that we can provide as much as we can in the manner you have come to expect from us".
Wait 10 seconds, then redirect to Google's non-AJAX pages.
I predict hordes with torches and pitchforks (led by a little old lady with a claw hammer)
"As God is my witness, I thought turkeys could fly." A. Carlson
What the hell did Comcast do to piss you off anyway?
Not sure if this is anything, but I use Google Web Accelerator on Comcast at home. Lately, I have been getting a lot of DNS issues at home with it. When I take my laptop to school, I do not get any DNS issues.
huh ? despite the fart that you were going to put has not been out, there is malpractice. explain this to us.
Read radical news here
What if Google, a (justifiably) huge advocate of network neutrality, is deliberately sending the type of RST packets that imitate Comcast's faked packets, specifically to Comcast IP addresses, knowing the inevitable fallout that would result? It would make an already bad situation for Comcast far, far worse, and it's likely that the requested Senate investigation would turn into nails in the coffin for those who want preferential treatment of packets on the Internet.
For a company that does no evil, if they could pull it off, it would be absolutely diabolical. But then, it could easily be one of those "ends justify the means" kinds of situations. At any rate, all I can say is "MWAH HAH HAH HAH HAH!!!! Suckers!"
(No, I don't actually believe that's what's happening, but man, what an AWESOME plan to make network neutrality happen once and for all.)
I had a billing issue with Comcast (which was their error) and my service was all redirected to their load Comcast software page. After spending an hour or so with tech support and billing, I was told all was OK. At this point most websites worked EXCEPT google. Any attempt to go to Google redirected to comcast. If I did a ping or an nslookup of google, that too, reflected a COMCAST ip address.
I called back. The Comcast tech schmuck told me then that I needed to reboot all my machines and my router, and my linksys box to fix it. I replied that it certainly seemed to be an intentional DNS routing issue on their end, and rebooting would be kind of silly. He then told me he couldn't do anything else without me doing that, nor could he transfer me to other tech support. He further said it seemed to be a billing issue again.
I didn't have time to argue as I had to pick up someone at the airport, and the next day everything worked again. But as far as f*cking with Google access--
COMCAST ABSOLUTELY POSITIVELY WILLFULLY REDIRECTS GOOGLE TRAFFIC WHEN THEY WANT TO.
I can't wait for Google to set up a new backbone with their dark fiber and totally screw Comcast.
Acquiescence leads to obliteration
I hate the slow speed im gonna get from dsl, but slow is better than not working. I wonder why it only seems google is affected?? Could this be comcast trying to extort $$$ from google??? All these years i figured yahoo and google search results must be close. Having comcast blocking google, opened my eyes to just how bad results from yahoo are. I need my google... i needz it NOW!!!!!
I have been unable to use Google maps for months now on Comcast. I have called them, but, you can guess how that went. Yahoo maps and Mapquest work fine, but on Google I get about half the tiles filled in before it stops. And I mean it stops. It ends up looking like a checkerboard. Occassionally it will finish a couple of minutes later, but typically it never does.
Getting Comcast to fix it seems unlikely.
Do you have ESP?
I surf to a google page, maps.google.com, or local.google.com, type in an address, get expected response. Wait a few minutes, type in a new address - can't re-submit data on that connection. I must hit 'reload' to establish a new connection.
I _really_ suspect comcast is causing this with their RST crap, but I haven't had the time to wireshark things out. Is anyone else seeing anything similar?
This is recent, and very annoying.
I have also been having trouble with my HTTP and FTP servers on my machine. Last week it worked fine and now I get connection refused errors to my HTTP and FTP servers. Though, my BitTorrent still works fine. Haven't had any trouble with Google.
It's great how consistent they are. Oh, I'm in CT. Though, dropping Comcast this week. Gonna grab FiOS. That 20/20 plan looked nice and I can live without television. Comcast isn't worth the cost.
-SaNo
This looks like it could be extended - add a -j DROP rule after the -j LOG (log the offending packet, and then send it to the bit bucket).
Oh, no! You have walked into the slavering fangs of a lurking grue!
Google recently "Page Rank Slapped" a number of major sites ... maybe Comcast was one of 'em and this is how they have decided to respond ... ;-)
Hulk SMASH Celiac Disease
China is attaking Google!
Because I have comcast in the Minneapolis metro area and there was a point a couple weeks ago when it seemed like google.com was completely down for me for almost a day. I asked other friends around town if they could access google, and all of them could (but none of them have comcast). No one else I knew online was having any trouble with it either.
I'd also like to note that there was no file sharing going on at this time or at any time that day. I was kind of perplexed about it at the time, but now that there's some indication it might be related to this other bullshit, I am just pissed off about it. The next time it happens I'm going to spend some quality time on the phone with a comcast rep and see if I can't at least shout them into giving me one of those sweet new subscriber discounts since they jacked my rates up almost $20 without offering any new service a while back.
How do you report spamming? It's odd that I've never seen it before on slashdot.
IPSec would thwart this sort of attack (since it encrypts at the IP layer, you can't forge a RST packet in the TCP header). Yeah, it costs more CPU, but that's not a problem for modern PC clients, and I suspect Google can handle it, too. Is it time for this to become SOP?
Now, whether MS would be cooperative in that, I dunno... I know XP supports it, but not too much about configuration specifics.
I guess the rest of slashdot does not care about dates. It just shows the mobs bias against whoever is near the top of the hate list. The post does not have to be correct and slashdot would hate them if it goes against Linux, privacy, or open source. I could post Sun Micro systems kills kittens to help produce a better version of Java and /. would hate Sun.
I smoked pot once. But I DID NOT inhale. Will you hire me?
You are the biggest retard ever. Those are the registration dates of the users. If they had been post dates they would be sequential. Notice the second set of post dates at the bottom of each post? The ones that start at Oct 29 2007?
news involving google which isn't "google did something today! it's news because it's GOOGLE!"
next you'll be telling me about an apple story that isn't about apple putting 'i' in front of something or 5th hand reports from a blogger that someone, somewhere said something about apple or itunes.
You're looking at the date the posters joined the forum, not the date of the post.
I just found out that Spybot S&D, Norton Spyware, etc., block my Google ads just because some of them point to servers run by Commission Junction, a very large and reputable affiliate advertising company. If you click my ads (and I pay for those clicks) and you've got S&D installed then you get a "server not found" or "unable to connect" error.
I wonder if this is similar to the backstory over at ATT and Comcat. In their zeal to destroy copyright infringers (or whatever the hell they're doing over there) they're killing innocent bystanders. They've adopted the Blackwater approach to IT.
You need to pay attention. All posts are from 2007, the 2003/2005 are the dates those users joined.
Your OWN COMPUTER was redirecting you to Comcast (maybe you should be indignant towards Microsoft? >_>). It's called DNS caching.
In Windows a simple ipconfig /flushdns can take care of that, although some applications, such as Firefox, keep their own DNS caches which must also be cleared (In Firefox there's a DNS cache timeout in about:config somewhere, you just set it to 0 and then back and that should flush the cache).
Also the tech was almost right... restarting your computer WOULD have fixed it (since DNS caches are only kept in memory and would have been wiped when you rebooted) although it wouldn't have been the OPTIMAL solution.
Let me take you through the steps your computer took.
- Sue MS?
- prohibit all windows?
- Finally, just shoot all the window users?
Hell, lets do all 3.You were looking at the member join dates.
The post date is in the lower right corner (lower left for SA), and all of them linked in the story are from the past week or two.
You sure you're not looking at the dates the forum users joined rather than the post dates?
A few weeks ago I was at a house with Comcast, and none of us could reliably access Google. All other sites seemed to work. Several hours later (or perhaps the next morning) connections to Google were fine again. At the time I thought it might be a problem with Google, and that would be front page news on Slashdot, but nothing appeared, and I forgot about it.
That mystery is solved now...
I have google as my homepage and the screen I am recieving the error on is the stocks gadget. I get ALL of the google content for my iGoogle page and the only one that fails to render. I have seen this happen on two other networks. My work ip (through HQ leasing in Seattle) and it happened while on the road at a marriott hotel... can't see this as only a comcast thing unless all the other networks are downstream...
sig goes here!
You mean the Join date of the user?
Like the person who reported the problem.
xfezz2
join:2005-12-13
His post has a time stamp of 2007-10-14 01:26:48
Can YOU please pay attent to the dates. Thanks!
What power has law where only money rules.
I recently moved from one house serviced by comcast to another and I can tell you there is DEFINTELY something screwy going on, and it's not just bittorrent trafic.
I've done bandwidth tests and my upstream STARTS at a nice 1.5MB/s and then 15 seconds later drops to 30K/s EVERY TIME.
What this does is give false results when people are doing speed tests. When you do your test you get great results (in my case 15Mb/s downstream and almost 2Mb/s upstream) for the first 15 or 20 seconds. Then after that it just BLOWS.
They are on course to alienate their customers. Never a good thing. Then again my tolerance is much lower. I dropped them and got DSL/Satellite after the second $5 price hike in as many months almost 8 years ago...
Never looked back. All I do is game so DSL is good enough, better in fact. I need 1.5kbps to game LAWL.
Bail on them, they suck ass and will always screw you. Now that they don't allow P2P, there's no reason to stay there...
-AC
I have been getting connections reset on and off the the past week or so on Comcast. I found that if I did an nslookup, it was only the first IP address that had problems. The others worked fine, so I just browsed to http://72.14.207.99/. Unfortunately, trying to use the iGoogle home page redirected back to http://google.com/ig and was reset, but the web search worked. You could probably modify your hosts file to get around the resets if one of their IP addresses works.
Sorry, your internet access pack does not include access to Google. You can access Google by upgrading to the Extra Value pack.
Someone knowledgeable about this issue should update the wikipedia page about sandvine.
The way it's written now, everyone should use Sandvine - it sounds like wonderful software.
I've been having the same problems on and off over the last couple weeks.
Problem is, I never thought to dig into it as my connection is regularly 'comcastic' (pejorative) during peak hours.
I'm not sure if you should consider yourself lucky or unlucky that you can actually tell the difference between their incompetence and malice.
// "Can't clowns and pirates just -try- to get along?"
All IDS RST/FIN injectors (the Bro IDS has one, the great firewall of china uses one, Sandvine uses one) get the sequence #s from the TCP packet, so the injected RST packets are in sequence.
Test your net with Netalyzr
Past three days, fark.com's loaded just fine from work, but from 4.x.x.x, every page took tens of minutes. First 2-3 kilobytes of HTML come through fine, then it hangs for minutes and times out, or it takes 15-20 minutes for the page to trickle through, one packet at a time. From that same IP, cnn, Slashdot, google, the rest of teh Intarweb works fine. From a LVLT-leased IP, forums.fark.com was bogged down. Simultaneously, from a nearby wireless cafe, forums.fark.com worked just fine, so it wasn't on Fark's end.
Its an elaborate marketing scheme by Google to promote their own Internet service.
I'm on Comcast, and all last weekend I was able to reach the main Google page, but whenever I clicked on the Images tab for my search results I got the "Connection Reset" error.
There's a lot of guesswork here about what providers may or may not be doing; are there any applications for actually testing ISPs? Such testing apps would discover traffic shaping, port filtering, connectivity, and other traffic modifications by the ISP. Something like a bandwidth tester on steroids.
It comes and goes for me. I usually reset my router & modem and Google is available again.
www.purevolume.com/martyd
after endless problems downloading legal videos via Transmission (Mac torrent client), and after my vonage calls stopped working all together, i gave up fighting. I called qwest and found out that my download speed would max out at 1.5 because of my distance from the CO, and i didn't care.
I got qwest up and running in 10 minutes, and i called Comcast when i got to work. I told him i was done dealing with their incompetance on cable TV (shows would start in HD, then go to SD for commercials, then never come back or come back at random times), and now, they were screwing with my legitimate services. For $60 a month, i wasn't going to be jobbed any more because they wanted to be my VOIP provider. I don't want them, i want Vonage, and for as slow as you can run vonage, they should have had no qualms.
Yes, my internet service is way slower.. and i don't care... because at least i'm not giving any more money to Comcast.
guns kill people like spoons make Rosie O'Donnell fat.
I was working from home last week, so I was using my Comcast connection extensively every day. The problems with Google connection happened several times a day. Intermittently, my attempts to connect to www.google.com failed for 5-10 min at a time. Oddly enough, going directly to Google services (Gmail, Notebook, Bookmarks, etc.) worked just fine.
If it is Sandvine using heuristics to badly determine that google is P2P, possibly it is because of Google Web Accelerator, how the google extension pre-downloads the first result of a google search, or the network.prefetch-next setting in firefox. I have not heard anyone write about how they are configured related to those issues.
Wouldn't this give Google grounds to take Comcast to court? Maybe then they will smarten the hell up and act like an ISP should, which is offer internet access without blocking or filtering anything.
Q: If it is similar to the Great Firewall of China did we ever think the users were in China? A: No! Q: Why not? A: They aren't in China. Q: That's not a good reason. A: Could you phrase that in the form of a question? Q: Sure thing, Alex Trebek, can you give me a good reason? A: If they were in China they couldn't post to the board to tell us about their problems. Q: Could ComCast be in China? A: I guess that would make the Com stand for Communist and the Cast stand for Cast System.
iptables -N log_and_drop
/etc/network/if-up.d and if-down.d.
iptables -A log_and_drop -j LOG
iptables -A log_and_drop -j DROP
iptables -I INPUT -j log_and_drop -p tcp -m tcp --tcp-flags RST RST -m state --state NEW,INVALID
I'm not sure that INVALID is the same, though.
But I am saying that iptables rules, even though they're essentially a pile of GOTOs, should still at least strive for DRY -- don't repeat yourself. I don't know if it's actually more or less efficient, but it's sure a lot more maintainable. For example, if you wanted to try his first suggestion, you could just add:
iptables -I INPUT -j log_and_drop -p tcp -m tcp --tcp-flags RST RST -m conntrack --cstate NEW,INVALID
Knowing me, I'd refactor this even more, if doing that:
iptables -N tcp_reset
iptables -I INPUT -j tcp_reset -p tcp -m tcp --tcp-flags RST RST
iptables -A tcp_reset -m conntrack --cstate NEW,INVALID -j log_and_drop
iptables -A tcp_reset -m state --state NEW,INVALID -j log_and_drop
And of course, add an "iptables --save" and "iptables --restore" to my
All of which is overkill for my little one-man server, but I like to keep my admin skills sharp, even when I don't need them.
Don't thank God, thank a doctor!
Wow, ok. This explains the reset messages that my roommate and I were getting when going to google.com. But, this was happening a couple weeks before the whole BT/gnutella impersonation thing came to light.
Explains a hell of a lot. And I just got an even better reason to vote with my feet. Hello Qwest.
Every time I explain net neutrality to someone, I always have to explain how the phrase has been hijacked, and now means two opposite things.
Geeks think net neutrality means "Be neutral with our network traffic," and would interpret this to mean that there should be a law preventing this kind of bullshit from ISPs. This is the original definition, but much like "hacker", the original definition is somewhat less relevant than which definition the layperson, and especially the congressperson, will think of when you mention it.
ISPs and libertarian lunatics (hopefully not Ron Paul, anyone know?) think net neutrality means "Be neutral regarding what ISPs do to their networks," and would interpret this to mean that the government should not pass any kind of legislation about the Internet, or in other words, that ISPs should be allowed to continue to fuck with their networks, and that consumers will go elsewhere if it gets too bad.
In other words, no matter which side you support, you can claim to support net neutrality, or be anti-neutrality. So you should always be specific, and perhaps avoid the term altogether unless you're willing to paste this explanation.
Don't thank God, thank a doctor!
Putting an extraneous link in front of your posts like you did is spam. Having said that, putting the link into your signature is accepted practice here. It's less annoying and nobody will get upset.
I use Comcast cable Internet as my main connection and I have AT&T DSL as a backup. For the past three weeks now, I have been experiencing this problem where I am unable to get to the Google Web site. I am very aware of this problem because I always keep my browser open, iGoogle is my home page, and I browse Web pages often. This problem always happens in the evening, usually between 8 P.M. and 11 P.M. Eastern, usually on weeknights. It happened last night, for example. Several times when I experienced this problem, I tried to access Google using my AT&T DSL connection and had no problems there. I didn't try accessing the exact same IP address for the Google Web server that I was assigned to, to confirm that it was not a problem with Google's Web servers, but it seemed kind of obvious to me that Comcast was interfering with the Google traffic. One other thing that I noticed a couple of times when this occurred is that the response times for a ping of google.com get much longer than normal, in the 500ms range instead of the usual 30ms.
I've been having this problem for months now. Comcast will just drop all HTTP connections to Google's servers. I can resolve DNS just fine (today's numbers are 72.14.253.104, 72.14.253.103, 72.14.253.147, 72.14.253.99 - these change based on your geographical location), but HTTP connections to those IPs will get immediately dropped through Comcast. If I SSH Proxy to my server in a local data center, I can connect to those IPs just fine.
I spoke with Comcast Tier 1 tech support, the kind woman I spoke to for an hour couldn't figure it out. We reset my modem, firewall and computers multiple times without luck. Supposedly this has been escalated and I'll be getting a call back from a higher-up, we'll see.
At what point does blocking a website mean that they are no longer providing internet service? What if the only site I could browse was www.comcast.net? This really stinks of the larger net neutrality issue, and problems like this will most likely continue unabated until legislation is passed. Comcast has no reason to stop screwing their customers, since they have such little competition. The only other internet service I can get is Verizon DSL, but they don't provide the same speed service. If we had more options and more competition trouble like this would be short lived.
I live in a small town, South of Lansing, Michigan, and this exact issue was happening to me about a week ago. I lost connection to certain Google sites for 3 hours or so. I started investigating it, because I could access it from other locations. Here's what I found:
- Other folks with Comcast in Lansing proper were not having this issue.
- WireShark captures (which I saved) show what appear to be TCP RST packets being injected
- Whatever was doing this seemed to be looking for a HTTP header, specifically: "Host: google.com" or some variant
After I had gathered all my data, I was about to call Comcast when the service started working again. I figured this was similar to the Bittorrent TCP RST packets I had heard so much about. Thanks to this most recent problem with Comcast, I'm now looking for a new ISP."A Mathematician is a machine for turning coffee into theorems." ~ Paul Erdos
I have to go with the dutch situation because that is the one I know.
In holland you used to have PTT (Post, Telecom, Telegram) which was owned by the state and also had banking services. Basically they where huge, slow, old but worked and kept things under control. For instance Postbank does NOT charge end users for tranferring money and has a free debit card. Essentially for normal people banking in holland was FREE and paid an interest if you had a postive balance.
But no that was not good enough, we needed competition and PTT was split up into the mail segment, the phone segment (KPN) and the bank segment (postbank) (The whole story is a bit more complex)
KPN now is a commercial business competing on a free market. Yeah right, it was the state that lay down the copper network that they essentially got for free. How is any other business supposed to compete with that?
It is as laughable as competing the NS (dutch railway) which is now supposed to be a commercial company, but got all its infrastructure for free. Oh yeah, they got to pay a few million each year, how does this compare with the cost of installing a rail network thatruns right to major cities?
Free market and fair market are insane ideas by themselves, but the idea that you can have BOTH is so laughable it is to cry.
For telecoms the problems is the wire, who has the wire, controls the user. So either you put in very heavy regulation to make sure everyone can access those wires (not a free market) or you accept that those who happen to inherit the wires own the customer (not a fair market).
The idea that a new player in the market can just install their own network is idiotic, the costs are extreme and the benefits miniscule, plus do we really want anymore companies digging up roads?
We are in luck that years ago cable tv happened, else the telecoms would totally own the internet. Now at least we got two end-point networks in the ground, but as The Netherlands showed, until the phone network was forcibly opened and a third part could enter the market and start offering better service for less money only then did the cable companies start to improve theirs.
At least on the phone network you now got plenty of supplies, yes they use the underlying KPN network, but some of them are indeed competing by just selling you bandwidth and nothing else. You rent a pipe from them, and that is what you get.
Offcourse, you pay for that, and as long as Joe Average continues to only look at the initial price, companies that offer real quality with no hidden strings are going to lose out.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I hate to break it to all you hippies, but if Google doesn't want interruptions in their service, then it is correct that they should pay for that level of service. It's good for Google, good for Comcast and ultimately good for the consumer.
Starting not too long ago, this happens to me while using torrents. I'd say it has happened 5 or 6 times. It never used to occur. Suddenly, Google will simply not be accessible (connection reset). I think having FasterFox on, set to exceed RFC, does not help your chances, based on my limited testing.
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
Google has lots of IP ranges that are open/proxy so you see p2p and warez users bounce from those.
theres no such thing as a "reputable" advertising firm.
But if you buy my product you can block ads from all the disreputable ones.
Comcast customers get a preview of a non-neutral internet. No, not because P2P is filtered. As we see now, they're not filtering per protokol, they're filtering per IP. And we're right at net neutrality.
In a non-neutral net, it would be trivial for ISPs to pretty much disable P2P networking. Or are you going to pay premium so people can connect to you? I only wait 'til the various studios pick it up and start lobbying against net neutrality as the new fix to save their dead business model.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
After mocking DSL for years with their bogus Slowski turtle commercials, Comcast finally realized that slow broadband is cheap broadband. So as a result, Comcast has rolled out their new Slowski line of DNS servers, routers and traffic shapers. This has had the immediate impact of lowering the system load and no new bandwidth capacity improvements are now needed in the future.
Anyone who has any problems with the improved service (lowers stress of people suffering from information overload) of the Slowski bandwidth changes, can talk to the brand new Slowski customer service representatives who can be reached by calling the Comcast 800 number and going through their new and improved Slowski phone menu system.
Enable javascript2 and press the edit link.
In this case Commission Junction is innocent because they don't do any actual advertising, they simply put companies with products/services to sell together with people willing to advertise or promote them, they're the go-between in other words. Google merely provides the ad space and tries to ensure the ads are relevant to people's searches. SpyBot has targeted the go-between's and advertisers, not the bad guys. Both the go-between and advertisers are completely helpless.
And of course there are advertising firms that don't engage in sneaky or underhanded behaviour. Geez. All sorts of organizations need advertising, most charities and non-profits have marketing departments, the government needs advertising, even your local mom and pop store needs some way to let people know they're there.
But I suppose Spybot shares your view that all advertising is evil, just as Comcast seems to view all file-sharers as evil.
I guess the rest of slashdot does not care about dates
Nah, just the grandparent poster who couldn't care enough about dates to tell the difference between the join date and the posting date on a forum, as shown by the other 3000 people who replied with factually correct information instead of an ad hominem attack against the entire site's users without first verifying that the post you were replying to had anything to do with reality.
*Comcast phone ringing at head office*
... Uh, um, I- I'll talk to our engineers about getting this straighted up right away... sir.
Comcast Secretary: Hello, thank you for calling Com-
Google Big Cheese: This is Google Inc. calling, I want to talk to whoever's in charge. Now.
Comcast Secretary: I don't know who you think you are but-
Google: Go visit google.com right now.
*secretary visits google.com, google recognizes the comcast head office IP range and serves up a pdf of a lawsuit document (Comcast as defendant) instead of the google homepage*
Secretary: Oh my, one moment please I'll transfer you.
Comcast Big Boss: What? I'm busy lining my socks with money and throwing darts at customer photos.
Google: This is Google Inc. You know why I'm calling.
Comcast: *stutters* y-yes, but we have the right to do whatever we need to, to ensure that our networks....
Google: Seriously?
Comcast: Seriously what?
Google: Seriously, you want to mess with us? Are you sure?
Comcast: *Long pause, and painful griding noises of "thinking"* Well... I think you overestimate how powerful you a-
Google: You have a lot to lose 'my friend'. You have 823 employees using Gmail. 138 office locations on Google Maps, 2,345 website pages indexed by the google search engine that recieve a collective 546 thousand search hits per day from Google Search. You currently rank first for the search term "cable internet" and nearly all your press releases are picked up by Google News. Do I need to go on?
Comcast: *speechless silence*
Google: That's right. And be quick about it. *snaps fingers*
--
(All numbers are made up)
Yeah, that's what I see coming...
What a load of CRAP Yahoo insists on downloading and displaying on their main search page!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I've been liberally torrenting for years and while my torrents continue to go through just fine (yay for connection encryption!), websites have been flaky as hell for me this past season. Google is one of them where I simply won't be able to load it for hours on end, but yahoo will go through just dandily. I think we are finally starting to see the unintended consequences of a non-neutral net. :\
I've noticed that for the last few months Google Maps doesn't work after a few clicks. Your first search will work, then you can zoom in or out a couple times, and then after that not a single new map square will load. Starting over from scratch doesn't help -- nothing will load. The map will be blank squares with errors messages.
Doing the same operation from either of my work networks or from my phone results in perfect operation.
This had me up far too late yesterday trying to figure out WTF is going on.
.pcap format if you'd like to take a look.
Here's the condensed version:
* Pings work fine, other websites work fine - only HTTP to google.com with a "google.com" host header is affected
* HTTP 1.0 without host header isn't affected
* Going to one of google's web servers by IP works fine (no "google.com" host header)
* I am typically seeding torrents and was at the time of each service interruption
* TCP RSTs follow a specific pattern. 2 RSTs in rapid succession in response to the initial GET statement (1 with a valid SEQ, one with a SEQ in the 12xxx range), followed by a second batch of the same. As the article here states (and as I posted in the linked thread), this matches perfectly with results from the China firewall
* The problem went away at almost exactly 12:00am EDT this morning (give or take a minute)
* This is from a Comcast subscriber in Grand Rapids, MI.
For more detail, visit the thread linked. I have links to the raw packet capture data in
I dunno... they even block things like Lotus Notes.
So it's not all bad news, then?
Also appears to be affecting some games as well. Users of the recent Enemy Territory: QuakeWars release are reporting similar connection reset issues. Some are on other cable ISPs, so maybe Comcast isn't alone in this practice?
Insert witty
I seriously doubt your claim that Google is running open proxy servers, and the notion that anyone is bouncing peer-to-peer and warez traffic through Google is pretty much laughable. I wouldn't be surprised if a lone employee decided to set up a TOR endpoint on his workstation or something, but I can't believe that Google has "lots of IP ranges" that are wide-open to abuse.
I have noticed that Comcast seems to routinely close idle SSH connections. When the server was right next to my box the connection would never die. I'm on FIOS and the server is going through Comcast "Business class" and the connection routinely gets killed. Has anyone else noticed this phenomenon? Is comcast only going to allow stateless connections from now on?
Comcast is fucking up all over right now.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Let's face facts - Slashdot geeks will get upset over anything. There's no hope for someone who tries not to offend here. You can't help but piss off some lonely basement dweller no matter what you do.
Slashdot - where whining about luck is the new way to make the world you want.
you're a complete fucking moron
I have Comcast cable internet in Reston VA, just outside of Washington DC. While I haven't noticed it with Google itself (yet?), for the past few weeks, I've had problems getting Google Maps (maps.google.com) and Google Earth to fully load at home.
All three map/sat/hybrid maps will load pretty well at when zoomed way out (country or state-level), but when you get down to city or street level (useful if you...say...want directions!), you get a lot of "no image available at this zoom level" errors. Some image squares will load, others will not.
I know for a fact that images are available at the zoom levels I'm trying to access, because
A: I used to be able to zoom all the way in
B: I'm able to get the maps to load from work (Speakeasy T1 access)
C: It's DC for god's sake. Every inch of this place is mapped twice-over...at least.
It has gotten so bad that I've resorted to using Yahoo! Maps to get directions when I need them now. If this is Comcast screwing things up, I certainly hope they straighten this sh*t out fast.
Verizon is not filtering anyone over anyone on their DSL lines: I have their DSL and it hasn't worked since April.
I've been having that problem for about the last two weeks. And only in the evenings. The most recent time being last night. And only with Google search, not Gmail.
Next time it starts happening, instead of cussing and lowering myself enough to use Yahoo!, I'll pick up the phone and bitch at Comcast.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
Slashdot is seriously citing Something Awful? I... I'm not sure what to make of this.
I know that there has to be some kind of legal grounds for Google, because you how can they block Google's maps and let other map sites like Yahoo and Mapquest work just fine? Seems like Comcast is more or less playing a monopoly card than anything else. Because this would drive more people to Yahoo's and Mapquest's website, there for giving them more AD revues, because the number of people using their sites went up. I know that Comcast is not Yahoo or Mapquest, but any way you want to look at if they are blocking one of the competing sites, they are taking money away from one and feeding it to another. So there for Comcast is all playing with the stock value of each company to. This seems like this is one place that no one has really looked when they let ISP think about blocking and or making sites pay for better bandwidth to their sites.
I am glad that Comcast has moved out of the Dallas area, for one my cable bill has gone down and now that they are doing all this I am glad they are gone. But that is not to say that Time Warner will not be the next to do something like this. Now my friend that lives in a Comcast area up north is having problems with VPN, VNC, RDC and such connections, to many different locations all over the US. So where does this blocking stop?
With how much you pay Comcast to be your ISP when and where is customer right anymore?
I've been experiencing this since the late summer. Google will work fine and then all of the sudden I get "connection reset by peer" errors for up to an hour. Since only Google was affected, I assumed it had to be on their end, not my ISPs. For those who care, I'm in Chicago. I wish my service options weren't just ATT and Comcast.
As this story has been making its rounds, I've been wondering how hard it would be to DoS this system. The Sandvine boxes need to inspect all traffic, and when they see something that matches a heuristic, they send RSTs in both directions. Deep packet inspection hasn't been totally figured out yet, it still requires quite a bit of CPU horsepower. I would assume it takes even more horse power if a match is found and packets need to be generated and injected. This is probably not noticeable on real clients as TCP backoffs and timeouts are involved so an offending BitTorrent connection is not initiated that often. So! Write a client that open fake BitTorrent like connections, but a ton of them a second. Once those Sandvine boxes start melting down and the whole network is impacted I can see that bypass switch getting thrown pretty quick. It takes two to tango in this fashion, so you need another endpoint. I recommend www.comcast.net:80. The web server will not understand your BitTorrent packet, but the network will. By the time their webserver shuts the connection, the Sandvine boxes will already be sending their RST packets, assuming they are still functioning.
Google has been dropping in and out for me in the past few days. But bit-torrent traffic seems unaffected... I just downloaded the latest ubuntu at full 6Mbs / ~600K a second... maybe cuz I have Azureus set up to encrypt when possible and use a random port?
You lack introspection and project your own negative internal world-view onto others because you can't bear to look honestly at yourself. Basically, everything I've seen you accuse others of doing I have also witnessed you doing yourself.
Stop judging yourself and you'll feel much less need to judge others.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
A) Comcast would be able to catch them doing this and would love to point fingers.
B) Why only Comcast? They'd have to make a list of all Comcast IPs, then figure out what path the packet took so that they could forge an RST from an appropriate router. Oh, and the TTL would probably be off. They also don't have very long to do this on each connection, and they never know when the routes will shift underneath them.
C) What's Google's motive? To get caught and make Comcast look good? You have to be stupid not to think this will get caught and analyzed. If there's stupid, I'm betting it's at Comcast more than Google. Especially given that Comcast HAS a clear motive: to stop P2P from clogging their shared and overtaxed cable bandwidth.
I'm on a Comcast business account. I recently had a problem where a working, light loaded Postfix installation suddenly had 10-20% of my outbound email traffic just hang. Verbose logging showed that the problem always occured at the DNS query stage. Mail sent through a backup server suffered the same fate.
Using tcpdump showed that all the bad dns queries stopped after 4 frames, while the successful ones went 68 or 70 frames.
Switching from Comcast's regional DNS servers to their national DNS servers fixed the problem immediately.
Makes me wonder what they're doing on the regional ones.
Never shake hands with a man you meet in a fertility clinic.
The positive moderation shows that most of us agree with this particular offense being a real offense and not an isolated case of annoying some random guy, though. :)
These guys are apparently having a contest to see who can spam links to their site the most(which is why he had a query string with his account id like a lot of spammers): http://www.wulfram.com/top_advertisers.php
If Comcast truly is using Sandvine boxes, then this could be a network controller station with the preset examples still in place.
That would seem a very promising explanation, then. "Never attribute to malice what may be adequately explained by stupidity"... perhaps especially when dealing with Comcast's network support team.
//Information does not want to be free; it wants to breed.
I'm on Comcast and I've had intermittent connection resets with Google for weeks now. It happens when trying to run a simple text search, no video, nothing else, just get to Google. When the problem kicks in it's often so bad I simply can't use google for a few hours. Comcast is ass and this is only more fuel for switching our house to FiOS.
A. For Comcast to catch them and point fingers, it would mean that they would have to admit that they are guilty of doing what people are accusing (and proving) them of doing now after adamantly denying it. Besides, that's the beauty of the plan. Who are you going to believe, someone who we've already caught lying, or Google? Even if they reverse their lying corporate stance, no one would believe them.
B. Finding out Comcast's IP address range is trivially easy. Taking actions based on this IP address range is likewise trivially easy. There is no technical reason that this can't be done and done well.
C. What's to catch? What's to analyze? Comcast customers would only see that RST packets are being sent by what appears to be Google. At that point, there are really only two realistic ways that could happen. Either 1) Google is deliberately sending RST packets, or 2) Comcast is spoofing RST packets as if they're Google. We already know that the second possibility has happened with BitTorrent traffic, we also already know that other types of traffic (i.e. Lotus Notes) are unintentionally being negatively impacted by Comcast, so the only logical conclusion would be that Google isn't doing it, Comcast is.
Sure, Comcast might know that they're not responsible, but because they've already lied (and continue to do so) to the public-at-large, no one would believe them. Google would get away with it scott free, as long as they're able to maintain the secrecy of the people who actually do it.
As to what Google's motive would be, I've already answered it. It would make Comcast's already bad situation even worse. Right now, Comcast is claiming that what they're doing isn't affecting anyone. Even when they're finally pushed to admit that they are affecting people, they will likely tell everyone that they're only affecting those nasty pirates who are stealing food from the mouths of starving actors' and musicians' children.
But if people heard that they might not be able to get to freakin' Google if they sign up with Comcast because of this stupidity, they'll be a LOT more likely to not sign up with them, and cry to their senators and representatives that we need net neutrality laws, which is exactly what Google wants. I haven't even gotten to the part where Google might be rolling out a competing Internet access service in the not-too-distant future...
In short, Google has a LOT to gain from this completely blowing up in Comcast's face. Enough to justify some good ol' fashioned corporate sabotage? I doubt it, but it would be funny, wouldn't it? (And I'm not condoning such an action, but in the end, consumers would stand to benefit from net neutrality laws and Google's competition as well.)
Any more questions?
I had this problem on and off for weeks, only the Google home page (and other language versions like Japanese) didn't work. Gmail worked fine, YouTube, Google Video, only the homepage. I went to the Comcast forums to see if this was affecting others and how to fix the problem. The advice I received was to change my DNS servers (not from Comcast, but from users on the forum). I stopped using Comcast's DNS servers and everything worked without a hitch from then on.
I'm not a tech person at all so I don't know why this fix worked, but it did.
I'm a comcast customer and I've noticed this as well, I was able to work around it by switching my DNS from comcast's to OpenDNS.org's. Didn't have the problem any more.
John
It's still something of an imaginary offense. People here get their panties in a knot over anyone who makes money doing anything. I wouldn't take a few mod points as a sign that you've found some universal truth.
Slashdot - where whining about luck is the new way to make the world you want.
It's far more likely that Google, rather than imitate Comcast's packets, would instead alter some subset of their traffic in a way that would make it more likely it would trigger Comcast's filtering. No need to fake the interference--it's actually there. Just figure out how to trigger it and you have your talking point.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
If comcast detects google being DDoSed with a TCP SYN flood, one way to squash the attack is to turn on SYN authentication. When they do this, the TCP three-way-handshaking is completed by comcast's equipment before those packets are allowed to be delivered to google. it could actually be seen as a service for google from comcast (but from comcast's pov, it's just protecting their own network and google sees this as a pleasant side effect).
After the SYN packets are authenticated, comcast's equipment will put the sender on a whitelist, but since google wasn't a party to the handshaking, all that can be done by comcast's equipment is to send an RST and expect the connection initiator to try again (this time he's on the whitelist, so everything just gets through).
I was stunned one night last week when I went to www.google.com and got the dreaded "Page cannot be displayed." After confirming my internet connection was good, I sat there in shock, not knowing exactly how to react. I mean, seriously, where do I go to search the web? Yahoo? I realized at that point how launching Google has become a natural reflex for me. The same thing happened Sunday night. I thought the world was ending, but apparently it's just a special feature for overcharged Comcast customers.
I can get torrents to work mediocrely on comcast by using the newest Azureus beta, Requiring RC4 encryption, disabling Distributed DB, Limiting returned peers from the tracker to 2, and setting the minimum time between tracker announces to 900. However, whenever my torrent runs, everything else slows to a trickle and I get many reset connections, not just to Google. Pages often won't load until the third refresh. It's like Sandvine can tell I'm torrenting but can't find the packets so just throttles everything else.
Every day between 8PM and about 2AM google goes down for me. It was going on every day for about a month when I got some really good advice to fix it. OpenDNS solved the problem, now theres no problem!
I'm amazed it took so long for an article to appear on the web... But then again... It's not like I could google for it... As a side note, i've also been getting intermittent connection reset errors when accessing facebook.com although they usually go away after a few refreshes unlike the google errors.
Live according to the Categorical Imperative. If the Categorical Imperative tells you not to live by it... ignore it