Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Releases Software to Spot Net NonNeutrality

Posted by kdawson on from the reset-this dept.

DanielBoz writes in with word of the EFF's new initiative to help consumers detect if their ISP is spoofing packets. From the press release: "In the wake of the detection and reporting of Comcast Corporation's controversial interference with Internet traffic, the Electronic Frontier Foundation has published a comprehensive account of Comcast's packet-forging activities and has released software and documentation instructing Internet users on how to test for packet forgery or other forms of interference by their own ISPs."

23 of 73 comments (clear)

  1. If it's Comcast... by Nova+Express · · Score: 4, Funny
    ...how will the software tell the difference between traffic shaping and Comcast's usual crappy service?

    --
    Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)

    http://www.lawrenceperson.com/

    1. Re:If it's Comcast... by faloi · · Score: 4, Interesting

      Because the shaped packets coming from Comcast will get to the application more promptly than regular traffic. Traffic generated outside of Comcast will still take half of forever to arrive, if they arrive at all.

      --
      "It is a miracle that curiosity survives formal education." -Albert Einstein
    2. Re:If it's Comcast... by Raul654 · · Score: 5, Informative

      If packets start showing up at one end of the connection that were not send by the other, they had to have been added en-route. This can occur naturally, as a result of IP-level fragmentation in the network, or it can be done deliberately, as Comcast and the great firewall of China do. IP-level fragmentation occurs because a packet is too large and it is being cut into fragments to improve performance; as I understand it, in practice on the real internet, it's actually pretty rare. On the other hand, if those packets that mysteriously show up are TCP-resets, then it's (IMO) an entirely reasonable assumption to make that they were put there by someone wishing to interrupt the traffic stream.

      --


      To make laws that man cannot, and will not obey, serves to bring all law into contempt.
      --E.C. Stanton
    3. Re:If it's Comcast... by Discordantus · · Score: 2, Informative

      Remember, though: Comcast isn't doing packet shaping. They are sending RST (reset) packets, essentially "hanging up" the connection, pretending to be the server you are talking to.

      To detect this, simply scan all the RST packets that come in, and try to detect a pattern of forgery. This is easier, of course, if you can ask the server if the RST packet was real.

    4. Re:If it's Comcast... by Gerald · · Score: 3, Informative

      In the traces I've seen the RSTs come in pairs, with the sequence numbers differing by 12503.

  2. Important, by SlipperHat · · Score: 5, Interesting

    Is there a website where we can post these results? Broadband Reports comes to mind, but maybe the EFF has a place set up?

    1. Re:Important, by noidentity · · Score: 2, Informative

      Network Neutrality Squad has a forum and mailing list for posting and discussing test results.

  3. Re:Do you trust the EFF? by Diss+Champ · · Score: 2, Insightful

    Option 3: You know enough about networking to examine their source, and gain some appreciation as to whether it does what they say it does.

  4. Not tesing is not science by l2718 · · Score: 4, Insightful

    First of all, the EFF may has not tested your ISP. You may trust them that in general ISPs are sending spoofed packets, but still want to know whether your ISP is using the tactic. Beyond that, however, just because you trust them doesn't mean independent verification has no value. Results mean something different if you obtained them yourself. Also, as in regular science, independent confirmation of results gives more than that: more people conducting tests will also give better data.

  5. Re:Do you trust the EFF? by Aladrin · · Score: 2, Interesting

    If you were talking about a single person trusting a single entity, that is correct. We are talking about the internet and a ton of geeks. If there's anything hinky with EFF's program, it'll be found. And if there's not, even those who don't trust the EFF itself can trust the app with a fair amount of confidence.

    I'm leaving out any geeky reasons such as viewing the source code (which I don't see if they provide or not) or how simple the process is.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  6. Stop misusing "Network Neutrality" by bconway · · Score: 5, Insightful

    Network Neutrality refers to ISPs double dipping on charging/extorting fees for both users paying for their connections and web sites paying for prioritization of traffic according to origination and destination. It does not refer to protocol-based QoS. It does not mean a flat, unmanaged, unQoS-ed Internet. By repeatedly and deliberately misusing this phrase, its importance is being weakened.

    --
    Interested in open source engine management for your Subaru?
    1. Re:Stop misusing "Network Neutrality" by kebes · · Score: 4, Interesting

      Network Neutrality refers to ISPs double dipping on charging/extorting fees ... It does not refer to protocol-based QoS. Unfortunately when it comes to the definition of Net Neutrality, there isn't yet consensus (e.g. see various definitions offered here, and associated references). Maybe we need to come up with new terms, like "Strict Net Neutrality" versus "General Net Neutrality" to distinguish between various implications of the term. As usual, though, it's very hard to get people to agree on definitions.

      And, of course, the definitions vary in part because people have different opinions on what is "important." Supporters of net neutrality agree that data carriers should at a minimum be source/destination neutral (the version of neutrality you are referring to). However some people do indeed believe that carriers should also be neutral with respect to the devices allowed to connect to the network, and the types of traffic sent over the network.*

      So, in short, there is a diversity of opinion about what the term means (or "should" mean, I guess).


      [*] As an aside, my mind isn't made up, but I understand the logic for saying that traffic neutrality may be ultimately a good thing. Yes, it prevents certain QoS strategies on shared carrier networks (but not on closed private networks, of course)... but then again, do you trust your ISP (which has its own interests) to pick the QoS strategy that actually works best for you? (Or even for most customers?) Also, any QoS strategy inherently makes a judgment call about what is "important" and what isn't. So, it inherently limits new technologies/protocols we haven't yet dreamed of. And, it would seem inefficient because any QoS which degrades protocols that customers are interested in will be circumvented (e.g. by masking your traffic as a type of traffic that is "approved" for high-speed delivery). Certainly we wouldn't let other carriers discriminate based on the content (e.g. postal service that delivers boxes that contain videotapes slower than boxes that contain paper; phone carrier that delays voice calls to prioritize fax calls...).
    2. Re:Stop misusing "Network Neutrality" by Anonymous Coward · · Score: 2, Insightful

      I don't think that it weakens the term "network neutrality" to use it when referring to QoS which extends beyond latency-vs-throughput tradeoffs.

      It is completely acceptable for an ISP to shape traffic based on the customers' requested packet priorities, on a zero-sum basis; some types of packets are very time-dependent, and thus can be sent in a manner that ensures they'll arrive more quickly (in exchange, of course, for losing some overall bandwidth).

      However, when an ISP begins prioritizing these things itself, against the wish of the customer (who believes he/she is paying for a generic "Internet connection"), this is a type of fraud. The ISP has no right to call it an "Internet connection" unless they explicity describe, when making the sale, that it is a specially limited type of Internet connection.

      It isn't really full Internet connectivity. True internet connectivity necessarily entails packets routed to their destinations, regardless of their content (including port destination content, which is only the business of the sender and receiver). True internet connectivity necessarily entails a neutral carrier, who does not care about anything but routing a packet from one point to another.

      The type of "QoS" being performed by these ISPs to limit types of communications they dislike thus goes beyond the acceptable. If they are concerned about certain users taking up more bandwidth than a fair share, then the ISPs should be honest about it: either charge per amount of bandwidth used, or implement bandwidth limits. But to pursue the matter as they are is at least fraudulent, and when performed by quasi-monopolies as cable ISPs are in the US, it has the flavor of an extortionate business practice.

    3. Re:Stop misusing "Network Neutrality" by porpnorber · · Score: 3, Insightful

      I think how consumers are supposed to select their QoS strategy is with QoS labels. The question is not 'should we have QoS' (I don't know about you, but I would rather have my videoconference packets queued ahead of my ftp packets), it's should the ISP be overriding our choices to satisfy their own policies. This is the same issue as randomly dropped connections: a mechanism to drop connections should exist because the endpoints need it. The carrier should not be invoking it 'on your behalf' and in the face of your desires, or it simply isn't doing what it was paid to do.

      There's a secondary issue of whether your operating system provides a good mechanism for QoS policy management at the endpoints (hint: no, it doesn't). But that's something to take up with the O/S vendor, or perhaps—an easier nut to crack—the router in your home. But in any case, it seems reasonably clear that QoS should be honoured or ignored end-to-end, and not randomly messed with in transit to the benefit of third parties.

      ...Unless I've misunderstood the technical situation completely....

  7. Re:Do you trust the EFF? by Conspiracy_Of_Doves · · Score: 2, Insightful

    I don't know if I trust EFF completely, but I trust them far more than I trust Comcast.

    --

    Technoli
  8. RTFA by hal9000(jr) · · Score: 3, Informative

    Your post demonstrates unequivocally that you did not read the article or if you did, you didn't understand it.

    Take two packet traces, one from you your computer one from a friend while your two computers are talking. Then compare the TCP sessions captured by each for differences. Differences that don't matter are fragmentation and re-ordering, for example. Difference that do matter are TCP resets, ICMP unreachables, TCP FIN's that are received by one side and not sent by the other.

    Sheesh, I can forgive not knowing how networking works, but to post inflammatory comments when you are obviously ignorant is, well, ignorant.

    1. Re:RTFA by Thanshin · · Score: 2, Interesting

      Your post demonstrates unequivocally that you did not read the article or if you did, you didn't understand it. I read the article. What I didn't see was that there was a second linked article that described the software.

      Sheesh, I can forgive not knowing how networking works, but to post inflammatory comments when you are obviously ignorant is, well, ignorant. I didn't make the post to be inflammatory. I just wanted to express that giving an application to prove something you're saying is not logical. And no, I didn't know the software existed previously.

      Obviously it was inflammatory, judging by the number of replies, but I think it's because from the title, readers were already expecting an offensive post before reading the content.

      And, btw, my point was not "don't trust the EFF because they are tricking you with an app" but "As we already trust the EFF, there's no need to double check their results."
  9. Re:Instead of denying what they are doing... by hal9000(jr) · · Score: 2

    I hate this idea. If you subscribe to a service that quotes bandwidth, you should be able to consume that bandwidth, 24x7x365. Period. All the ISP's are marketing unlimted, highspeed access. The fact is, they over subscribe the pipes on purpose and some users, like file sharers, consume more of the aggregate pipe degrading the performance of others and forcing the ISP to deal with complaints or upgrade capacity.

    I have a FiOS 20MB down/5MB up pipe. If I and my neighbors started consuming all that bandwdith 24x7x365, we would easily over run the uplink capacity and you can bet VZ would come knocking. ISP's will continue to punish bandwidth hogs until the ISP are sued for unfair business practices or the press gets bad enough. For example, Verizon Wireless just recently started telling their EVDO customers that there was a 5GB/mo limit where they used to market unlimited access. My original contract said nohting out a bandwidth limit.

    If they are going to limit bandwidth usage, they should state such up front and in no uncertain terms. But they don't.

  10. EFF- thanks, it's the thought that counts by jayp00001 · · Score: 2, Interesting

    It's nice of the EFF to spend time and money developing software that can detect what we know Comcast (and maybe others) are doing but without some sort of centralized data gathering operation to put together some sort of class action lawsuit what good is it? Knowing your packets are getting pummeled by Comcast allows you to... complain? I can't even get them to give me a clean cable tv signal- does anyone think they would listen to our complaints about packet loss? (does anyone think the average Comcast support rep would know what a packet is?) While others might be able to switch to another provider I think far too many of us (myself inculded)are stuck in monopohell with broadband providers. I'd prefer to see the EFF working on forcing Verizon (et al.) to drop fiber to the premises (after all we've been paying billions in infrastruture taxes for how long now??)

  11. Comcast releases new modem setup diagram by noidentity · · Score: 3, Funny

    Comcast posted a new cable modem wiring diagram in response.

  12. Re:Instead of denying what they are doing... by cdrguru · · Score: 3, Interesting

    Why when you buy a 100GB hard drive does it only have about 96GB available on it? How come my car has a speedometer that is calibrated to 180 but I can't drive at 180MPH? How come when you go to a "all-you-can-eat" restaurant they don't let you stay there for a week and keep eating?

    All of this assumes that you are swayed by the advertising and don't really check up on the claims being advertised. Or, it states things in common everyday language that are backed up by the fine print saying something quite different.

    There clearly are two kinds of people - those that understand what is being advertised isn't exactly what is being sold and those that have managed to get through life until their 16th birthday without realizing this. Sorry, time to grow up.

    I still want to ask the car salesman about the speedometer. And ask if we can check if the car will really go that fast on the test drive.

  13. Will There Be Fasle Positives? by AK+Marc · · Score: 2, Informative

    I work for an ISP. We purposefully craft spoofed packets and send them to our customers. Will we be reported as offenders? Does it matter that we provide service to rural locations that are only accessible through satellite and the "spoofers" are called "accelerators" by the people that sell them, and the spoofed packets are added to correct for windowing issues to increase the speed of Internet connections? If I get a number of customers that complain about our "non-neutrality" I'll be more than happy to turn off TCP acceleration and see how they like the new neutral Internet.

    It isn't only for nefarious purposes where providers spoof packets. Will this software be able to identify the good from the bad? Or will it just assume that all are bad, even in the face of legitimate uses?

    --
    Learn to love Alaska
  14. Re:Do you trust the EFF? by ScrappyLaptop · · Score: 2, Insightful

    Fantastic idea; a seti-at-home app that anyone can download (not just the Linux savy) and run on their Win32/64 boxes that sends results to a central location, just like Seti. Unfortunately, the EFF got a lot of press today with PR that says, "EFF releases tool for users". My wife emailed me with, "this isn't for users, it's for you network and Linux people". We need lots of automated samples that are effortless for the users to submit -THAT would be a tool for users".