Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Releases Software to Spot Net NonNeutrality

Posted by kdawson on from the reset-this dept.

DanielBoz writes in with word of the EFF's new initiative to help consumers detect if their ISP is spoofing packets. From the press release: "In the wake of the detection and reporting of Comcast Corporation's controversial interference with Internet traffic, the Electronic Frontier Foundation has published a comprehensive account of Comcast's packet-forging activities and has released software and documentation instructing Internet users on how to test for packet forgery or other forms of interference by their own ISPs."

6 of 73 comments (clear)

  1. Re:If it's Comcast... by Raul654 · · Score: 5, Informative

    If packets start showing up at one end of the connection that were not send by the other, they had to have been added en-route. This can occur naturally, as a result of IP-level fragmentation in the network, or it can be done deliberately, as Comcast and the great firewall of China do. IP-level fragmentation occurs because a packet is too large and it is being cut into fragments to improve performance; as I understand it, in practice on the real internet, it's actually pretty rare. On the other hand, if those packets that mysteriously show up are TCP-resets, then it's (IMO) an entirely reasonable assumption to make that they were put there by someone wishing to interrupt the traffic stream.

    --


    To make laws that man cannot, and will not obey, serves to bring all law into contempt.
    --E.C. Stanton
  2. RTFA by hal9000(jr) · · Score: 3, Informative

    Your post demonstrates unequivocally that you did not read the article or if you did, you didn't understand it.

    Take two packet traces, one from you your computer one from a friend while your two computers are talking. Then compare the TCP sessions captured by each for differences. Differences that don't matter are fragmentation and re-ordering, for example. Difference that do matter are TCP resets, ICMP unreachables, TCP FIN's that are received by one side and not sent by the other.

    Sheesh, I can forgive not knowing how networking works, but to post inflammatory comments when you are obviously ignorant is, well, ignorant.

  3. Re:If it's Comcast... by Discordantus · · Score: 2, Informative

    Remember, though: Comcast isn't doing packet shaping. They are sending RST (reset) packets, essentially "hanging up" the connection, pretending to be the server you are talking to.

    To detect this, simply scan all the RST packets that come in, and try to detect a pattern of forgery. This is easier, of course, if you can ask the server if the RST packet was real.

  4. Will There Be Fasle Positives? by AK+Marc · · Score: 2, Informative

    I work for an ISP. We purposefully craft spoofed packets and send them to our customers. Will we be reported as offenders? Does it matter that we provide service to rural locations that are only accessible through satellite and the "spoofers" are called "accelerators" by the people that sell them, and the spoofed packets are added to correct for windowing issues to increase the speed of Internet connections? If I get a number of customers that complain about our "non-neutrality" I'll be more than happy to turn off TCP acceleration and see how they like the new neutral Internet.

    It isn't only for nefarious purposes where providers spoof packets. Will this software be able to identify the good from the bad? Or will it just assume that all are bad, even in the face of legitimate uses?

    --
    Learn to love Alaska
  5. Re:If it's Comcast... by Gerald · · Score: 3, Informative

    In the traces I've seen the RSTs come in pairs, with the sequence numbers differing by 12503.

  6. Re:Important, by noidentity · · Score: 2, Informative

    Network Neutrality Squad has a forum and mailing list for posting and discussing test results.