Slashdot Mirror
Google Caught in Comcast Traffic Filtering?
marcan writes "Comcast users are reporting 'connection reset' errors while loading Google. The problem seems to have been coming and going over the past few days, and often disappears only to return a few minutes later. Apparently the problem only affects some of Google's IPs and services. Analysis of the PCAP packet dumps reveals several injected fake RSTs, which are very similar to the ones seen coming from the Great Firewall of China [PDF]. Did Google somehow get caught up in one of Comcast's blacklists, or are the heuristics flagging Google as a file-sharer due to the heavy traffic?"
I'm on Comcast, and haven't had any problems. Doesn't mean they're not doing it elsewhere, but they don't seem to be doing it here.
ZuluPad, the wiki notepad on crack
70% of all "file sharers" use Google. Anyone with even a small background in statistics can see that Google is behind all this piracy. Comcast is simply watching out for our economy. I say good for them. Now if they would only do something about that wretched Slashdot and its wanker community.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
After all, doesn't Google host more copyrighted content than any other person/company in the world? ;)
when my Google Apps site suddenly wouldn't work.
http://www.CelloFourteGroupie.net
Starting yesterday my Gmail Notifier Firefox extension stopped working at home where we have Comcast, but at work it works just fine. I thought maybe the plugin had broken due to some API changes or something but I thought it was odd it worked one place and not the other. This really seems like it's related and even though I believe Gmail Notifier is a third party extension, it's still accessing Google's servers.
Comcast is really pissing me off. But what's my other option: Qwest DSL.
Reviewing just the first hour of video games.
Hard. Nothing worse than a pissed off multi-billion dollar company suing your ass off. That will teach them.
Knowledge is power. Knowledge shared is power lost.
Is the title clear enough? I can't imagine any judge or jury saying Comcast is allowed to impersonate Google and tell Comcast customers they're not allowed to use Google's services or that Google's services are overwhelmed and shutting down connections. That's essentially what forged, fraudulent RST packets from a MITM attack are doing. That can't possibly be considered a legitimate business practice in court.
If Google were being wrongly flagged, and Google ends up suing the ass off Comcast to put an end to this bullshit.
Maybe Google is including some spoofed information in their packets, to test what Comcast is filtering for (and/or to sabotage the filtering system with false positives). There was a time when it wouldn't have surprised us to see their "Don't be evil" policy extended to this kind of jab at an evil policy elsewhere.
My Photography - http://ian-x.com
The Deathlings (comic) - http://thedeathlings.com
Before a move a couple of years ago I had been on Comcast for several years and had numerous issues. They couldn't seem to keep a DNS system working. I wish I had known about Opendns back then. Nothing is ultimately surprising, but I find it hard to believe that Comcast's anti-p2p methods would target google.com.
use connection tracking on this one:
iptables -I INPUT -j LOG -p tcp -m tcp --tcp-flags RST RST -m conntrack --ctstate NEW,INVALID
The fake RST will probably not have a valid sequence number for the established TCP connection, so the Linux stack will flag it as a NEW connection, and the fact that you're getting a RST for a NEW connection should be good enough alarm.
Or maybe it would also work with just the matching code
iptables -I INPUT -j LOG -p tcp -m tcp --tcp-flags RST RST -m state --state NEW,INVALID
What do y'all think?
Wow. I thought I was going mad. This happens very often with my Crapcast.
When loading a Google Page, an intermediate page pops up saying
"Your ISP is interfering with the transmission of data requested from Google our users, and as a result we are unable to consistently provide advanced services to you. You will be redirected to a more basic version of Google's services so that we can provide as much as we can in the manner you have come to expect from us".
Wait 10 seconds, then redirect to Google's non-AJAX pages.
I predict hordes with torches and pitchforks (led by a little old lady with a claw hammer)
"As God is my witness, I thought turkeys could fly." A. Carlson
Not sure if this is anything, but I use Google Web Accelerator on Comcast at home. Lately, I have been getting a lot of DNS issues at home with it. When I take my laptop to school, I do not get any DNS issues.
huh ? despite the fart that you were going to put has not been out, there is malpractice. explain this to us.
Read radical news here
What if Google, a (justifiably) huge advocate of network neutrality, is deliberately sending the type of RST packets that imitate Comcast's faked packets, specifically to Comcast IP addresses, knowing the inevitable fallout that would result? It would make an already bad situation for Comcast far, far worse, and it's likely that the requested Senate investigation would turn into nails in the coffin for those who want preferential treatment of packets on the Internet.
For a company that does no evil, if they could pull it off, it would be absolutely diabolical. But then, it could easily be one of those "ends justify the means" kinds of situations. At any rate, all I can say is "MWAH HAH HAH HAH HAH!!!! Suckers!"
(No, I don't actually believe that's what's happening, but man, what an AWESOME plan to make network neutrality happen once and for all.)
I have been unable to use Google maps for months now on Comcast. I have called them, but, you can guess how that went. Yahoo maps and Mapquest work fine, but on Google I get about half the tiles filled in before it stops. And I mean it stops. It ends up looking like a checkerboard. Occassionally it will finish a couple of minutes later, but typically it never does.
Getting Comcast to fix it seems unlikely.
Do you have ESP?
I have also been having trouble with my HTTP and FTP servers on my machine. Last week it worked fine and now I get connection refused errors to my HTTP and FTP servers. Though, my BitTorrent still works fine. Haven't had any trouble with Google.
It's great how consistent they are. Oh, I'm in CT. Though, dropping Comcast this week. Gonna grab FiOS. That 20/20 plan looked nice and I can live without television. Comcast isn't worth the cost.
-SaNo
That is a genuinely good question, I don't know of any such partnership (I would guess that Slashdot would report it given what I have seen as far as Comcast coverage here) but it does seem like a plausible explanation. Money is defiantly at the heart of this issue if it is indeed intentional at all (I wouldn't put this past Comcast's ability to screw up).
My next questions would be: How bad is the disruption and how many users in what regions are affected?
I don't give a damn for a man that can only spell a word one way.
Mark Twain
This looks like it could be extended - add a -j DROP rule after the -j LOG (log the offending packet, and then send it to the bit bucket).
Oh, no! You have walked into the slavering fangs of a lurking grue!
Google recently "Page Rank Slapped" a number of major sites ... maybe Comcast was one of 'em and this is how they have decided to respond ... ;-)
Hulk SMASH Celiac Disease
China is attaking Google!
How do you report spamming? It's odd that I've never seen it before on slashdot.
It's called DNS caching.
Did you actually flush your DNS caches like, say, the one in your router, the one in your linksys box, the one on your PC? You can do it manually but the quickest way for a lot of equipment is to reboot. Hence the suggestion.
Additionally, it was quite likely google because something on your machine (maybe yourself "trying" the connection) had accessed google while the DNS redirection was in place (that was how they "redirected" you to their page). Once you'd done it once it'd linger until the TTL's had expired all the way back to your computer. Ping, nslookup, etc. would ALL show the Comcast IP until that happened, which could be minutes, hours, days, months, depending on your setup.
In your case, it looks like it was less than 24-hours, because it worked the next day without having to reboot. If you had rebooted immediately, it would have all worked when it came back up. That's WHY he was telling you that.
Before you start throwing accusations around, delve into such things just a little bit deeper.
I replied that it certainly seemed to be an intentional DNS routing issue on their end, and rebooting would be kind of silly.
Did you try using a non Comcast DNS server? Try using 4.2.2.1 (Verison) or another free server other than Comcast next time that happens. Delete the default settings in your router and plug them in. Reboot the computers to get new DNS info from the router and check it.
The truth shall set you free!
IPSec would thwart this sort of attack (since it encrypts at the IP layer, you can't forge a RST packet in the TCP header). Yeah, it costs more CPU, but that's not a problem for modern PC clients, and I suspect Google can handle it, too. Is it time for this to become SOP?
Now, whether MS would be cooperative in that, I dunno... I know XP supports it, but not too much about configuration specifics.
You're looking at the date the posters joined the forum, not the date of the post.
I just found out that Spybot S&D, Norton Spyware, etc., block my Google ads just because some of them point to servers run by Commission Junction, a very large and reputable affiliate advertising company. If you click my ads (and I pay for those clicks) and you've got S&D installed then you get a "server not found" or "unable to connect" error.
I wonder if this is similar to the backstory over at ATT and Comcat. In their zeal to destroy copyright infringers (or whatever the hell they're doing over there) they're killing innocent bystanders. They've adopted the Blackwater approach to IT.
Your OWN COMPUTER was redirecting you to Comcast (maybe you should be indignant towards Microsoft? >_>). It's called DNS caching.
In Windows a simple ipconfig /flushdns can take care of that, although some applications, such as Firefox, keep their own DNS caches which must also be cleared (In Firefox there's a DNS cache timeout in about:config somewhere, you just set it to 0 and then back and that should flush the cache).
Also the tech was almost right... restarting your computer WOULD have fixed it (since DNS caches are only kept in memory and would have been wiped when you rebooted) although it wouldn't have been the OPTIMAL solution.
Let me take you through the steps your computer took.
You were looking at the member join dates.
The post date is in the lower right corner (lower left for SA), and all of them linked in the story are from the past week or two.
So whenever you don't understand something you make up your own explanation and then claim it's the absolute truth? Unfortunately, that approach does not make you an expert on DNS.
FYI, the comcast rep was correct... While it is possible that their DNS server is malfunctioning in some really really bizarro way and feeding you a legit response with an incorrect value, it is INFINITELY MORE likely that your own local DNS cache is poisoned with the wrong value because of their redirection scheme.
Rebooting your computer and router would have most likely helped. When they started redirecting your traffic to their own captcha page, they may have poisoned your local DNS cache (in your router, computer or both) with the wrong IP for any page you requested. This is one common (albeit stupid) way to redirect traffic, and why you saw the comcast page for every single web address you typed in. Ideally, this entry should have had a low timeout value, but not all caching DNS software respects that value. Resetting the device (in this case BOTH your computer and router) usually clears your DNS cache data, and would have likely helped your problem.
You sure you're not looking at the dates the forum users joined rather than the post dates?
Windows is an especially bad culprit in these cases. It caches client-side DNS lookups unless you reboot or run "ipconfig /flushdns" from the terminal. It always drives me crazy when I'm mucking with a DNS server in a client's office. The Windows machines refuse to acknowledge the changes I've made unless forced to do so.
A few weeks ago I was at a house with Comcast, and none of us could reliably access Google. All other sites seemed to work. Several hours later (or perhaps the next morning) connections to Google were fine again. At the time I thought it might be a problem with Google, and that would be front page news on Slashdot, but nothing appeared, and I forgot about it.
That mystery is solved now...
I have google as my homepage and the screen I am recieving the error on is the stocks gadget. I get ALL of the google content for my iGoogle page and the only one that fails to render. I have seen this happen on two other networks. My work ip (through HQ leasing in Seattle) and it happened while on the road at a marriott hotel... can't see this as only a comcast thing unless all the other networks are downstream...
sig goes here!
You mean the Join date of the user?
Like the person who reported the problem.
xfezz2
join:2005-12-13
His post has a time stamp of 2007-10-14 01:26:48
Can YOU please pay attent to the dates. Thanks!
What power has law where only money rules.
I recently moved from one house serviced by comcast to another and I can tell you there is DEFINTELY something screwy going on, and it's not just bittorrent trafic.
I've done bandwidth tests and my upstream STARTS at a nice 1.5MB/s and then 15 seconds later drops to 30K/s EVERY TIME.
What this does is give false results when people are doing speed tests. When you do your test you get great results (in my case 15Mb/s downstream and almost 2Mb/s upstream) for the first 15 or 20 seconds. Then after that it just BLOWS.
I have been getting connections reset on and off the the past week or so on Comcast. I found that if I did an nslookup, it was only the first IP address that had problems. The others worked fine, so I just browsed to http://72.14.207.99/. Unfortunately, trying to use the iGoogle home page redirected back to http://google.com/ig and was reset, but the web search worked. You could probably modify your hosts file to get around the resets if one of their IP addresses works.
Sorry, your internet access pack does not include access to Google. You can access Google by upgrading to the Extra Value pack.
Someone knowledgeable about this issue should update the wikipedia page about sandvine.
The way it's written now, everyone should use Sandvine - it sounds like wonderful software.
I've been having the same problems on and off over the last couple weeks.
Problem is, I never thought to dig into it as my connection is regularly 'comcastic' (pejorative) during peak hours.
I'm not sure if you should consider yourself lucky or unlucky that you can actually tell the difference between their incompetence and malice.
// "Can't clowns and pirates just -try- to get along?"
All IDS RST/FIN injectors (the Bro IDS has one, the great firewall of china uses one, Sandvine uses one) get the sequence #s from the TCP packet, so the injected RST packets are in sequence.
Test your net with Netalyzr
Past three days, fark.com's loaded just fine from work, but from 4.x.x.x, every page took tens of minutes. First 2-3 kilobytes of HTML come through fine, then it hangs for minutes and times out, or it takes 15-20 minutes for the page to trickle through, one packet at a time. From that same IP, cnn, Slashdot, google, the rest of teh Intarweb works fine. From a LVLT-leased IP, forums.fark.com was bogged down. Simultaneously, from a nearby wireless cafe, forums.fark.com worked just fine, so it wasn't on Fark's end.
Its an elaborate marketing scheme by Google to promote their own Internet service.
I'm on Comcast, and all last weekend I was able to reach the main Google page, but whenever I clicked on the Images tab for my search results I got the "Connection Reset" error.
There's a lot of guesswork here about what providers may or may not be doing; are there any applications for actually testing ISPs? Such testing apps would discover traffic shaping, port filtering, connectivity, and other traffic modifications by the ISP. Something like a bandwidth tester on steroids.
It comes and goes for me. I usually reset my router & modem and Google is available again.
www.purevolume.com/martyd
Ouch! I wholehearted approve of using 4.2.2.1, but please say who it really belongs to.
whois -h whois.cymru.com 4.2.2.1
AS | IP | AS Name
3356 | 4.2.2.1 | LEVEL3 Level 3 Communications
Verizon uses Level3's services.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
after endless problems downloading legal videos via Transmission (Mac torrent client), and after my vonage calls stopped working all together, i gave up fighting. I called qwest and found out that my download speed would max out at 1.5 because of my distance from the CO, and i didn't care.
I got qwest up and running in 10 minutes, and i called Comcast when i got to work. I told him i was done dealing with their incompetance on cable TV (shows would start in HD, then go to SD for commercials, then never come back or come back at random times), and now, they were screwing with my legitimate services. For $60 a month, i wasn't going to be jobbed any more because they wanted to be my VOIP provider. I don't want them, i want Vonage, and for as slow as you can run vonage, they should have had no qualms.
Yes, my internet service is way slower.. and i don't care... because at least i'm not giving any more money to Comcast.
guns kill people like spoons make Rosie O'Donnell fat.
I was working from home last week, so I was using my Comcast connection extensively every day. The problems with Google connection happened several times a day. Intermittently, my attempts to connect to www.google.com failed for 5-10 min at a time. Oddly enough, going directly to Google services (Gmail, Notebook, Bookmarks, etc.) worked just fine.
If it is Sandvine using heuristics to badly determine that google is P2P, possibly it is because of Google Web Accelerator, how the google extension pre-downloads the first result of a google search, or the network.prefetch-next setting in firefox. I have not heard anyone write about how they are configured related to those issues.
Wouldn't this give Google grounds to take Comcast to court? Maybe then they will smarten the hell up and act like an ISP should, which is offer internet access without blocking or filtering anything.
Q: If it is similar to the Great Firewall of China did we ever think the users were in China? A: No! Q: Why not? A: They aren't in China. Q: That's not a good reason. A: Could you phrase that in the form of a question? Q: Sure thing, Alex Trebek, can you give me a good reason? A: If they were in China they couldn't post to the board to tell us about their problems. Q: Could ComCast be in China? A: I guess that would make the Com stand for Communist and the Cast stand for Cast System.
iptables -N log_and_drop
/etc/network/if-up.d and if-down.d.
iptables -A log_and_drop -j LOG
iptables -A log_and_drop -j DROP
iptables -I INPUT -j log_and_drop -p tcp -m tcp --tcp-flags RST RST -m state --state NEW,INVALID
I'm not sure that INVALID is the same, though.
But I am saying that iptables rules, even though they're essentially a pile of GOTOs, should still at least strive for DRY -- don't repeat yourself. I don't know if it's actually more or less efficient, but it's sure a lot more maintainable. For example, if you wanted to try his first suggestion, you could just add:
iptables -I INPUT -j log_and_drop -p tcp -m tcp --tcp-flags RST RST -m conntrack --cstate NEW,INVALID
Knowing me, I'd refactor this even more, if doing that:
iptables -N tcp_reset
iptables -I INPUT -j tcp_reset -p tcp -m tcp --tcp-flags RST RST
iptables -A tcp_reset -m conntrack --cstate NEW,INVALID -j log_and_drop
iptables -A tcp_reset -m state --state NEW,INVALID -j log_and_drop
And of course, add an "iptables --save" and "iptables --restore" to my
All of which is overkill for my little one-man server, but I like to keep my admin skills sharp, even when I don't need them.
Don't thank God, thank a doctor!
Wow, ok. This explains the reset messages that my roommate and I were getting when going to google.com. But, this was happening a couple weeks before the whole BT/gnutella impersonation thing came to light.
Explains a hell of a lot. And I just got an even better reason to vote with my feet. Hello Qwest.
That definitely runs counter to my experience. We've had several intermittent google outages over the last 2 weeks or so (a big issue since we use Google apps for our business e-mail). No amount of rebooting will bring it back..
I've been wondering why Google was having so much trouble latey... now I know why. As a Comcast business user it's incredibly annoying.
Turn s60 photos into awesome videos with mScrapbook for all S60 3rd edition phones!
Every time I explain net neutrality to someone, I always have to explain how the phrase has been hijacked, and now means two opposite things.
Geeks think net neutrality means "Be neutral with our network traffic," and would interpret this to mean that there should be a law preventing this kind of bullshit from ISPs. This is the original definition, but much like "hacker", the original definition is somewhat less relevant than which definition the layperson, and especially the congressperson, will think of when you mention it.
ISPs and libertarian lunatics (hopefully not Ron Paul, anyone know?) think net neutrality means "Be neutral regarding what ISPs do to their networks," and would interpret this to mean that the government should not pass any kind of legislation about the Internet, or in other words, that ISPs should be allowed to continue to fuck with their networks, and that consumers will go elsewhere if it gets too bad.
In other words, no matter which side you support, you can claim to support net neutrality, or be anti-neutrality. So you should always be specific, and perhaps avoid the term altogether unless you're willing to paste this explanation.
Don't thank God, thank a doctor!
Or stop the (misnamed) DNS Client service, which is what caches DNS info locally. I had to kill it on my XP Pro machine at work to get the machine to honour the hosts file entries I added.
It's official. Most of you are morons.
Putting an extraneous link in front of your posts like you did is spam. Having said that, putting the link into your signature is accepted practice here. It's less annoying and nobody will get upset.
I use Comcast cable Internet as my main connection and I have AT&T DSL as a backup. For the past three weeks now, I have been experiencing this problem where I am unable to get to the Google Web site. I am very aware of this problem because I always keep my browser open, iGoogle is my home page, and I browse Web pages often. This problem always happens in the evening, usually between 8 P.M. and 11 P.M. Eastern, usually on weeknights. It happened last night, for example. Several times when I experienced this problem, I tried to access Google using my AT&T DSL connection and had no problems there. I didn't try accessing the exact same IP address for the Google Web server that I was assigned to, to confirm that it was not a problem with Google's Web servers, but it seemed kind of obvious to me that Comcast was interfering with the Google traffic. One other thing that I noticed a couple of times when this occurred is that the response times for a ping of google.com get much longer than normal, in the 500ms range instead of the usual 30ms.
I've been having this problem for months now. Comcast will just drop all HTTP connections to Google's servers. I can resolve DNS just fine (today's numbers are 72.14.253.104, 72.14.253.103, 72.14.253.147, 72.14.253.99 - these change based on your geographical location), but HTTP connections to those IPs will get immediately dropped through Comcast. If I SSH Proxy to my server in a local data center, I can connect to those IPs just fine.
I spoke with Comcast Tier 1 tech support, the kind woman I spoke to for an hour couldn't figure it out. We reset my modem, firewall and computers multiple times without luck. Supposedly this has been escalated and I'll be getting a call back from a higher-up, we'll see.
At what point does blocking a website mean that they are no longer providing internet service? What if the only site I could browse was www.comcast.net? This really stinks of the larger net neutrality issue, and problems like this will most likely continue unabated until legislation is passed. Comcast has no reason to stop screwing their customers, since they have such little competition. The only other internet service I can get is Verizon DSL, but they don't provide the same speed service. If we had more options and more competition trouble like this would be short lived.
I live in a small town, South of Lansing, Michigan, and this exact issue was happening to me about a week ago. I lost connection to certain Google sites for 3 hours or so. I started investigating it, because I could access it from other locations. Here's what I found:
- Other folks with Comcast in Lansing proper were not having this issue.
- WireShark captures (which I saved) show what appear to be TCP RST packets being injected
- Whatever was doing this seemed to be looking for a HTTP header, specifically: "Host: google.com" or some variant
After I had gathered all my data, I was about to call Comcast when the service started working again. I figured this was similar to the Bittorrent TCP RST packets I had heard so much about. Thanks to this most recent problem with Comcast, I'm now looking for a new ISP."A Mathematician is a machine for turning coffee into theorems." ~ Paul Erdos
comcast.net search is still powered by google, I wonder if they looked at my search term "comcast [RST]" on the way out?
Apocalypse Cancelled, Sorry, No Ticket Refunds
I have to go with the dutch situation because that is the one I know.
In holland you used to have PTT (Post, Telecom, Telegram) which was owned by the state and also had banking services. Basically they where huge, slow, old but worked and kept things under control. For instance Postbank does NOT charge end users for tranferring money and has a free debit card. Essentially for normal people banking in holland was FREE and paid an interest if you had a postive balance.
But no that was not good enough, we needed competition and PTT was split up into the mail segment, the phone segment (KPN) and the bank segment (postbank) (The whole story is a bit more complex)
KPN now is a commercial business competing on a free market. Yeah right, it was the state that lay down the copper network that they essentially got for free. How is any other business supposed to compete with that?
It is as laughable as competing the NS (dutch railway) which is now supposed to be a commercial company, but got all its infrastructure for free. Oh yeah, they got to pay a few million each year, how does this compare with the cost of installing a rail network thatruns right to major cities?
Free market and fair market are insane ideas by themselves, but the idea that you can have BOTH is so laughable it is to cry.
For telecoms the problems is the wire, who has the wire, controls the user. So either you put in very heavy regulation to make sure everyone can access those wires (not a free market) or you accept that those who happen to inherit the wires own the customer (not a fair market).
The idea that a new player in the market can just install their own network is idiotic, the costs are extreme and the benefits miniscule, plus do we really want anymore companies digging up roads?
We are in luck that years ago cable tv happened, else the telecoms would totally own the internet. Now at least we got two end-point networks in the ground, but as The Netherlands showed, until the phone network was forcibly opened and a third part could enter the market and start offering better service for less money only then did the cable companies start to improve theirs.
At least on the phone network you now got plenty of supplies, yes they use the underlying KPN network, but some of them are indeed competing by just selling you bandwidth and nothing else. You rent a pipe from them, and that is what you get.
Offcourse, you pay for that, and as long as Joe Average continues to only look at the initial price, companies that offer real quality with no hidden strings are going to lose out.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I rebooted everything, including the modem and the linksys router after they told me everything was reset. Then the guy told me to reboot a second time. That's why I was annoyed.
The accusation stands. And no windows machines were involved. My linux server does not cache, and it was happening even when the linksys was bypassed.
Now, what were you saying?
Acquiescence leads to obliteration
Starting not too long ago, this happens to me while using torrents. I'd say it has happened 5 or 6 times. It never used to occur. Suddenly, Google will simply not be accessible (connection reset). I think having FasterFox on, set to exceed RFC, does not help your chances, based on my limited testing.
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
theres no such thing as a "reputable" advertising firm.
But if you buy my product you can block ads from all the disreputable ones.
Comcast customers get a preview of a non-neutral internet. No, not because P2P is filtered. As we see now, they're not filtering per protokol, they're filtering per IP. And we're right at net neutrality.
In a non-neutral net, it would be trivial for ISPs to pretty much disable P2P networking. Or are you going to pay premium so people can connect to you? I only wait 'til the various studios pick it up and start lobbying against net neutrality as the new fix to save their dead business model.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
After mocking DSL for years with their bogus Slowski turtle commercials, Comcast finally realized that slow broadband is cheap broadband. So as a result, Comcast has rolled out their new Slowski line of DNS servers, routers and traffic shapers. This has had the immediate impact of lowering the system load and no new bandwidth capacity improvements are now needed in the future.
Anyone who has any problems with the improved service (lowers stress of people suffering from information overload) of the Slowski bandwidth changes, can talk to the brand new Slowski customer service representatives who can be reached by calling the Comcast 800 number and going through their new and improved Slowski phone menu system.
It was done once already, after being told everything was OK. Nscd does not run on my Linux box, and all DNS is handled by comcast servers. Perhaps the linksys was guilty, but one power off should fix things UNLESS comcast didn't fix something on their end.
Acquiescence leads to obliteration
It's called DNS caching.
Did you actually flush your DNS caches like, say, the one in your router, the one in your linksys box, the one on your PC? You can do it manually but the quickest way for a lot of equipment is to reboot. Hence the suggestion.
True enough that DNS caches need to be cleared at all levels. But the cache had to get loaded with the incorrect values originally. If you are getting redirected to Comcast, someone set up that redirect at some point in time. This is the issue. It is rarely (never?) appropriate for an ISP to redirect DNS.
In this case Commission Junction is innocent because they don't do any actual advertising, they simply put companies with products/services to sell together with people willing to advertise or promote them, they're the go-between in other words. Google merely provides the ad space and tries to ensure the ads are relevant to people's searches. SpyBot has targeted the go-between's and advertisers, not the bad guys. Both the go-between and advertisers are completely helpless.
And of course there are advertising firms that don't engage in sneaky or underhanded behaviour. Geez. All sorts of organizations need advertising, most charities and non-profits have marketing departments, the government needs advertising, even your local mom and pop store needs some way to let people know they're there.
But I suppose Spybot shares your view that all advertising is evil, just as Comcast seems to view all file-sharers as evil.
Two macs and a linux server that weren't caching and that had not tried accessing Google in the downtime. A linksys router and a Comcast modem were rebooted After I was told it was fixed. THEN I was told to reboot a second time.
Why should I have to do that, Shouldn't the linksys have cleared any caching after being powered off over a minute? The only reason I should have to reboot all machines a second time is if COMCAST did something on their end. I objected to the hoop jumping. Now, if you are prepared to tell me linksys routers cache information after a power off, I'll be very curious.
Acquiescence leads to obliteration
*Comcast phone ringing at head office*
... Uh, um, I- I'll talk to our engineers about getting this straighted up right away... sir.
Comcast Secretary: Hello, thank you for calling Com-
Google Big Cheese: This is Google Inc. calling, I want to talk to whoever's in charge. Now.
Comcast Secretary: I don't know who you think you are but-
Google: Go visit google.com right now.
*secretary visits google.com, google recognizes the comcast head office IP range and serves up a pdf of a lawsuit document (Comcast as defendant) instead of the google homepage*
Secretary: Oh my, one moment please I'll transfer you.
Comcast Big Boss: What? I'm busy lining my socks with money and throwing darts at customer photos.
Google: This is Google Inc. You know why I'm calling.
Comcast: *stutters* y-yes, but we have the right to do whatever we need to, to ensure that our networks....
Google: Seriously?
Comcast: Seriously what?
Google: Seriously, you want to mess with us? Are you sure?
Comcast: *Long pause, and painful griding noises of "thinking"* Well... I think you overestimate how powerful you a-
Google: You have a lot to lose 'my friend'. You have 823 employees using Gmail. 138 office locations on Google Maps, 2,345 website pages indexed by the google search engine that recieve a collective 546 thousand search hits per day from Google Search. You currently rank first for the search term "cable internet" and nearly all your press releases are picked up by Google News. Do I need to go on?
Comcast: *speechless silence*
Google: That's right. And be quick about it. *snaps fingers*
--
(All numbers are made up)
Yeah, that's what I see coming...
What a load of CRAP Yahoo insists on downloading and displaying on their main search page!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Bingo.
I'll go with the "never".
Acquiescence leads to obliteration
I've noticed that for the last few months Google Maps doesn't work after a few clicks. Your first search will work, then you can zoom in or out a couple times, and then after that not a single new map square will load. Starting over from scratch doesn't help -- nothing will load. The map will be blank squares with errors messages.
Doing the same operation from either of my work networks or from my phone results in perfect operation.
This had me up far too late yesterday trying to figure out WTF is going on.
.pcap format if you'd like to take a look.
Here's the condensed version:
* Pings work fine, other websites work fine - only HTTP to google.com with a "google.com" host header is affected
* HTTP 1.0 without host header isn't affected
* Going to one of google's web servers by IP works fine (no "google.com" host header)
* I am typically seeding torrents and was at the time of each service interruption
* TCP RSTs follow a specific pattern. 2 RSTs in rapid succession in response to the initial GET statement (1 with a valid SEQ, one with a SEQ in the 12xxx range), followed by a second batch of the same. As the article here states (and as I posted in the linked thread), this matches perfectly with results from the China firewall
* The problem went away at almost exactly 12:00am EDT this morning (give or take a minute)
* This is from a Comcast subscriber in Grand Rapids, MI.
For more detail, visit the thread linked. I have links to the raw packet capture data in
Also appears to be affecting some games as well. Users of the recent Enemy Territory: QuakeWars release are reporting similar connection reset issues. Some are on other cable ISPs, so maybe Comcast isn't alone in this practice?
Insert witty
that's not the free market you lunatic!
the free market would make it impossible for ISPs to charge tolls to Internet companies like google.
competition would disallow it.
Ultimately, this is very bad for consumers. ISPs want a larger piece of the pie. They will ransom it from those companies which actually are profitable.
Despite the current peering agreements, ISPs want to charge extra.
That's like buying a hamburger value meal and then getting charged extra for the drink and fries which are supposed to come with the value meal.
ISPs want to charge extra for something they have been getting paid for all along.
The issue lays in AT&T and Comcast not being as profitable as apple or amazon.com
Here is the perfect analogy:
Let's assume selling cupcakes is legal on buses comcast sells bus passes to amazon.com. amazon rides the bus to sell his goods to consumers who also ride the bus. amazon paid for the bus passes. the consumers paid their bus fair. The consumers like the cupcakes. amazon is making very good money.
now, comcast wants to charge amazon a fee for getting out of his seat on the bus. They figure, amazon is making money from our buses, we should get some of that. AT&T also wants to charge amazon for using their streets!
Here's an even better analogy:
You run a small bakery in Liberty City. You have paid for your incorporation. You have paid your taxes. Fat Tony comes in and demands that you pay him a small fee to "ensure that your bakery doesn't get destroyed". After all, you're making money in his neighborhood.
Here's another:
Cracky Joe is a neighborhood crack dealer. He runs the streets. Enrique Cocaína comes to town with his fine white powder. Cracky Joe pays Enrique a visit. He wants a cut of Enrique's powder profits. After all, these are Cracky Joe's STREETS!
They're using their grammar skills there.
I have noticed that Comcast seems to routinely close idle SSH connections. When the server was right next to my box the connection would never die. I'm on FIOS and the server is going through Comcast "Business class" and the connection routinely gets killed. Has anyone else noticed this phenomenon? Is comcast only going to allow stateless connections from now on?
Comcast is fucking up all over right now.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Let's face facts - Slashdot geeks will get upset over anything. There's no hope for someone who tries not to offend here. You can't help but piss off some lonely basement dweller no matter what you do.
Slashdot - where whining about luck is the new way to make the world you want.
I have Comcast cable internet in Reston VA, just outside of Washington DC. While I haven't noticed it with Google itself (yet?), for the past few weeks, I've had problems getting Google Maps (maps.google.com) and Google Earth to fully load at home.
All three map/sat/hybrid maps will load pretty well at when zoomed way out (country or state-level), but when you get down to city or street level (useful if you...say...want directions!), you get a lot of "no image available at this zoom level" errors. Some image squares will load, others will not.
I know for a fact that images are available at the zoom levels I'm trying to access, because
A: I used to be able to zoom all the way in
B: I'm able to get the maps to load from work (Speakeasy T1 access)
C: It's DC for god's sake. Every inch of this place is mapped twice-over...at least.
It has gotten so bad that I've resorted to using Yahoo! Maps to get directions when I need them now. If this is Comcast screwing things up, I certainly hope they straighten this sh*t out fast.
Verizon is not filtering anyone over anyone on their DSL lines: I have their DSL and it hasn't worked since April.
I've been having that problem for about the last two weeks. And only in the evenings. The most recent time being last night. And only with Google search, not Gmail.
Next time it starts happening, instead of cussing and lowering myself enough to use Yahoo!, I'll pick up the phone and bitch at Comcast.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
I have to do this about once a month. It's just par for the course on Comcast. The good news is, you can do it without bothering to call support.
is competition good, or is duplication of effort bad?
I know that there has to be some kind of legal grounds for Google, because you how can they block Google's maps and let other map sites like Yahoo and Mapquest work just fine? Seems like Comcast is more or less playing a monopoly card than anything else. Because this would drive more people to Yahoo's and Mapquest's website, there for giving them more AD revues, because the number of people using their sites went up. I know that Comcast is not Yahoo or Mapquest, but any way you want to look at if they are blocking one of the competing sites, they are taking money away from one and feeding it to another. So there for Comcast is all playing with the stock value of each company to. This seems like this is one place that no one has really looked when they let ISP think about blocking and or making sites pay for better bandwidth to their sites.
I am glad that Comcast has moved out of the Dallas area, for one my cable bill has gone down and now that they are doing all this I am glad they are gone. But that is not to say that Time Warner will not be the next to do something like this. Now my friend that lives in a Comcast area up north is having problems with VPN, VNC, RDC and such connections, to many different locations all over the US. So where does this blocking stop?
With how much you pay Comcast to be your ISP when and where is customer right anymore?
I've been experiencing this since the late summer. Google will work fine and then all of the sudden I get "connection reset by peer" errors for up to an hour. Since only Google was affected, I assumed it had to be on their end, not my ISPs. For those who care, I'm in Chicago. I wish my service options weren't just ATT and Comcast.
As this story has been making its rounds, I've been wondering how hard it would be to DoS this system. The Sandvine boxes need to inspect all traffic, and when they see something that matches a heuristic, they send RSTs in both directions. Deep packet inspection hasn't been totally figured out yet, it still requires quite a bit of CPU horsepower. I would assume it takes even more horse power if a match is found and packets need to be generated and injected. This is probably not noticeable on real clients as TCP backoffs and timeouts are involved so an offending BitTorrent connection is not initiated that often. So! Write a client that open fake BitTorrent like connections, but a ton of them a second. Once those Sandvine boxes start melting down and the whole network is impacted I can see that bypass switch getting thrown pretty quick. It takes two to tango in this fashion, so you need another endpoint. I recommend www.comcast.net:80. The web server will not understand your BitTorrent packet, but the network will. By the time their webserver shuts the connection, the Sandvine boxes will already be sending their RST packets, assuming they are still functioning.
Google has been dropping in and out for me in the past few days. But bit-torrent traffic seems unaffected... I just downloaded the latest ubuntu at full 6Mbs / ~600K a second... maybe cuz I have Azureus set up to encrypt when possible and use a random port?
If a Comcast customer doesn't want interruptions in his service, then it is correct that that Comcast customer should pay for his internet service... oh, wait... he does pay, but Comcast isn't delivering the promised and paid for service.
There, fixed that for you.
Wrong. The key word in free market is "free". This forced "neutrality" is a statist imposition on the fundamental right of all corporations to be free to do business as they see fit. You and your smelly hippie communist buddies have absolutely NO right to control what Comcast can and cannot do with their products and services.
Correct. And in a free market Comcast would be building a business built on customer satisfaction or going bust for the lack of it.
Nice having a monopoly ain't it.
Has Comcast disconnected your Internet account? Same here. You can read about it at http://comcastissue.blogspot.com
You lack introspection and project your own negative internal world-view onto others because you can't bear to look honestly at yourself. Basically, everything I've seen you accuse others of doing I have also witnessed you doing yourself.
Stop judging yourself and you'll feel much less need to judge others.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
A) Comcast would be able to catch them doing this and would love to point fingers.
B) Why only Comcast? They'd have to make a list of all Comcast IPs, then figure out what path the packet took so that they could forge an RST from an appropriate router. Oh, and the TTL would probably be off. They also don't have very long to do this on each connection, and they never know when the routes will shift underneath them.
C) What's Google's motive? To get caught and make Comcast look good? You have to be stupid not to think this will get caught and analyzed. If there's stupid, I'm betting it's at Comcast more than Google. Especially given that Comcast HAS a clear motive: to stop P2P from clogging their shared and overtaxed cable bandwidth.
I'm on a Comcast business account. I recently had a problem where a working, light loaded Postfix installation suddenly had 10-20% of my outbound email traffic just hang. Verbose logging showed that the problem always occured at the DNS query stage. Mail sent through a backup server suffered the same fate.
Using tcpdump showed that all the bad dns queries stopped after 4 frames, while the successful ones went 68 or 70 frames.
Switching from Comcast's regional DNS servers to their national DNS servers fixed the problem immediately.
Makes me wonder what they're doing on the regional ones.
Never shake hands with a man you meet in a fertility clinic.
Just hoping for an informative here:
I believe that 4.2.2.1 - 4.2.2.5 (or maybe 6) are all DNS servers for Level3, in case you want multiples available.
My blog. Good stuff (when I remember to update it). Read it.
The positive moderation shows that most of us agree with this particular offense being a real offense and not an isolated case of annoying some random guy, though. :)
These guys are apparently having a contest to see who can spam links to their site the most(which is why he had a query string with his account id like a lot of spammers): http://www.wulfram.com/top_advertisers.php
If Comcast truly is using Sandvine boxes, then this could be a network controller station with the preset examples still in place.
That would seem a very promising explanation, then. "Never attribute to malice what may be adequately explained by stupidity"... perhaps especially when dealing with Comcast's network support team.
//Information does not want to be free; it wants to breed.
I think comcast redirects your traffic to that load software page because the only other way to cut you off is to physically disconnect you. What happens is, they replace your modem's config file w/ one that sends everything to what they call "walled_garden", it's the name of the config file itself... I checked mine out when I couldn't figure out what was going on (before I ended up calling tech support, it turned out a service upgrade caused my modem to revert to some sorta new customer state.)
They're essentially de-authorizing the modem. How else could they cut you off? I suppose they could just tell it to not respond to anything, or have a seperate screen that says, "We cut you off, call us."
Deltron 3030 - Virus (music video)
And perhaps you should actually try reading the articles before posting. This behavior is *not* DNS related.
Let's hope that there's intelligent life somewhere out in space 'Cause there's bugger-all down here on Earth.
I'm on Comcast and I've had intermittent connection resets with Google for weeks now. It happens when trying to run a simple text search, no video, nothing else, just get to Google. When the problem kicks in it's often so bad I simply can't use google for a few hours. Comcast is ass and this is only more fuel for switching our house to FiOS.
A. For Comcast to catch them and point fingers, it would mean that they would have to admit that they are guilty of doing what people are accusing (and proving) them of doing now after adamantly denying it. Besides, that's the beauty of the plan. Who are you going to believe, someone who we've already caught lying, or Google? Even if they reverse their lying corporate stance, no one would believe them.
B. Finding out Comcast's IP address range is trivially easy. Taking actions based on this IP address range is likewise trivially easy. There is no technical reason that this can't be done and done well.
C. What's to catch? What's to analyze? Comcast customers would only see that RST packets are being sent by what appears to be Google. At that point, there are really only two realistic ways that could happen. Either 1) Google is deliberately sending RST packets, or 2) Comcast is spoofing RST packets as if they're Google. We already know that the second possibility has happened with BitTorrent traffic, we also already know that other types of traffic (i.e. Lotus Notes) are unintentionally being negatively impacted by Comcast, so the only logical conclusion would be that Google isn't doing it, Comcast is.
Sure, Comcast might know that they're not responsible, but because they've already lied (and continue to do so) to the public-at-large, no one would believe them. Google would get away with it scott free, as long as they're able to maintain the secrecy of the people who actually do it.
As to what Google's motive would be, I've already answered it. It would make Comcast's already bad situation even worse. Right now, Comcast is claiming that what they're doing isn't affecting anyone. Even when they're finally pushed to admit that they are affecting people, they will likely tell everyone that they're only affecting those nasty pirates who are stealing food from the mouths of starving actors' and musicians' children.
But if people heard that they might not be able to get to freakin' Google if they sign up with Comcast because of this stupidity, they'll be a LOT more likely to not sign up with them, and cry to their senators and representatives that we need net neutrality laws, which is exactly what Google wants. I haven't even gotten to the part where Google might be rolling out a competing Internet access service in the not-too-distant future...
In short, Google has a LOT to gain from this completely blowing up in Comcast's face. Enough to justify some good ol' fashioned corporate sabotage? I doubt it, but it would be funny, wouldn't it? (And I'm not condoning such an action, but in the end, consumers would stand to benefit from net neutrality laws and Google's competition as well.)
Any more questions?
It's still something of an imaginary offense. People here get their panties in a knot over anyone who makes money doing anything. I wouldn't take a few mod points as a sign that you've found some universal truth.
Slashdot - where whining about luck is the new way to make the world you want.
It's far more likely that Google, rather than imitate Comcast's packets, would instead alter some subset of their traffic in a way that would make it more likely it would trigger Comcast's filtering. No need to fake the interference--it's actually there. Just figure out how to trigger it and you have your talking point.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
If comcast detects google being DDoSed with a TCP SYN flood, one way to squash the attack is to turn on SYN authentication. When they do this, the TCP three-way-handshaking is completed by comcast's equipment before those packets are allowed to be delivered to google. it could actually be seen as a service for google from comcast (but from comcast's pov, it's just protecting their own network and google sees this as a pleasant side effect).
After the SYN packets are authenticated, comcast's equipment will put the sender on a whitelist, but since google wasn't a party to the handshaking, all that can be done by comcast's equipment is to send an RST and expect the connection initiator to try again (this time he's on the whitelist, so everything just gets through).
I was stunned one night last week when I went to www.google.com and got the dreaded "Page cannot be displayed." After confirming my internet connection was good, I sat there in shock, not knowing exactly how to react. I mean, seriously, where do I go to search the web? Yahoo? I realized at that point how launching Google has become a natural reflex for me. The same thing happened Sunday night. I thought the world was ending, but apparently it's just a special feature for overcharged Comcast customers.
Every day between 8PM and about 2AM google goes down for me. It was going on every day for about a month when I got some really good advice to fix it. OpenDNS solved the problem, now theres no problem!
I'm amazed it took so long for an article to appear on the web... But then again... It's not like I could google for it... As a side note, i've also been getting intermittent connection reset errors when accessing facebook.com although they usually go away after a few refreshes unlike the google errors.
Live according to the Categorical Imperative. If the Categorical Imperative tells you not to live by it... ignore it
You see that nifty link up in the article, talking about pcap? It's this nifty API for packet capture and creation. One of the nifty things pcap allows for, is packet sniffers, and the saving of data actually going over the network. That's what's been done to determine what's going on here:
Instead of just fscking guessing, and getting modded +5 for it, you can actually see what's going on. Nifty shit, huh? RTFA.
http://www.wireshark.org
And there gos my karma.
www.isoHunt.com