Comcast Continues to Block Peer to Peer Traffic

narramissic writes "A report released Thursday by the Electronic Frontier Foundation (EFF) finds that Comcast continues to use hacker-like techniques to slow down customers' connections to some P-to-P (peer-to-peer) applications. The EFF said that Comcast appears to be injecting RST, or reset, packets into customers' connections, causing connections to close. 'The investigators say that their tests confirmed an earlier one conducted by the Associated Press that showed that Comcast is interfering with BitTorrent traffic. BitTorrent is a protocol used to efficiently distribute the online transmission of large files, and some entertainment companies have partnered with its creators to distribute its content online. Comcast has said that it doesn't block BitTorrent, or any kind of content.'" If you're the type that always looks for a silver lining, Comcast's skulduggery may be pushing Congress to reconsider Net Neutrality.

skul what?

[seanadams.com]

Never ascribe to skulduggery that which can be adequately explained by asshattery.

Re:skul what?

[QRDeNameland]

Never ascribe to skulduggery that which can be adequately explained by asshattery.

I believe that's known as "Shitcock's Razor".

Maybe it's their new hookup instructions?

I think the problem may be due to their new cable modem hookup diagram.

Straight from thier lawyers mouths

[bizitch]

Here is the official load of crap you get if you bitch about it to them .....

-- begin bunch of shit ---

Thank you for contacting Comcast Cable Mark.

Thank you for writing to us in response to reports about Comcast's
efforts to manage peer-to-peer traffic on our networks.

Mark, we have posted new FAQs on our Web site making clear to our
customers the steps we are taking to protect the customer experience for
all of our customers. You may access content related to this issue in
the FAQ section of http://www.comcast.net/

First, and most importantly, you should know that Comcast does not block
access to any Web site or application, including peer-to-peer services
like BitTorrent. Our customers use the Internet for downloading and
uploading files, watching movies and videos, streaming music, sharing
digital photos, accessing numerous peer-to-peer sites, VOIP applications
like Vonage, and thousands of other applications online.

Mark, we have a responsibility to provide all of our customers with a
good Internet experience and we use the latest technologies to manage
our network so that you can continue to enjoy these applications.
Peer-to-peer activity consumes a disproportionately large amount of
network resources, and therefore poses the biggest challenge to
maintaining a good broadband experience for all users, including the
overwhelming majority of our customers who don't use P2P applications.

It is important to note, however, that we never prevent P2P activity, or
block access to any P2P applications, but rather manage the network in
such a way that this activity does not degrade the broadband experience
for other users.

Mark, network management is absolutely essential to provide a good
Internet experience for our customers. All major ISPs manage their
traffic in some way and many use similar tools.

Comcast believes we have a responsibility to our customers to provide
this service. Network management helps us perform critical work that
protects our customers from things like spam, viruses, the negative
effects of network congestion, or attacks to their PCs. As threats on
the Internet continue to grow, our network management tools will
continue to evolve and keep pace so that we can maintain a good,
reliable online experience for all of our customers.

I understand you have some questions about Comcast's policies. You can
view all of the Comcast Subscriber Agreements and Policies by visiting
the Comcast Online Customer Support Center at http://www.comcast.net/terms/subscriber.jsp

On this site you will find the Subscriber Agreement, the Acceptable Use
Policy, and other policies relating to your Comcast Service. You can
also view our Privacy Policy Statement at http://www.comcast.net/privacy/index.jsp

Links to the Privacy Statement and Terms of Service are located at the
bottom of every page at www.comcast.

-- end bunch of shit --

Re:Straight from thier lawyers mouths

[X0563511]

It is important to note, however, that we never prevent P2P activity, or
block access to any P2P applications, but rather manage the network in
such a way that this activity does not degrade the broadband experience
for other users.

So, they are not even coming close to telling you the truth!

How exactly sending RST packets to peers doesn't fall under "prevent P2P activity" I don't understand.

Re:Straight from thier lawyers mouths

[seanadams.com]

-- begin bunch of shit ---
bunch of shit, Mark.
Mark, bunch of shit.
bunch of shit.
Mark, bunch of shit.
bunch of shit. bunch of shit.
-- end bunch of shit ---

But you've got admit, it's pretty cool how they address you by name throughout this carefully composed, personal email response made Just For You.

Re:Straight from thier lawyers mouths

[krbvroc1]

But you've got admit, it's pretty cool how they address you by name throughout this carefully composed, personal email response made Just For You. Except his name is Steve.

Re:Straight from thier lawyers mouths

They don't interfere with your downloading, they interfere with your uploading. You can download to your heart's content at full speed - I've seen my 7Mbit Comcast cable connection spike as high as 20Mbit for more than 30 seconds, while downloading particular things with 500+ seeders online. This is difficult with Windows due to the built-in connection limit, but it's very easy on Linux or Mac. I can download folders larger than 6GB in less than three hours, with an avg. speed roughly being around 700 - 750KB/s.

It's when you go to make an upload connection to another peer. BitTorrent wouldn't work at all (uploading or downloading) if Comcast just shot your upload connections down from the start; instead, they kill it after 30 seconds. I've timed it hundreds of times, from the time I announced to the tracker - it's always almost exactly 30 seconds. Unless you hammer the tracker with manual announcements or have a client that's smart enough to reconnect the peer "just to see" if it "really wanted to reset", you can't upload more than for 30 seconds at a time without either hammering the tracker, or taking excessive measures (it's been discovered that reconnecting the client as if it were just announced, upon being dropped, while causing somewhat odd client behavior, will work around the problem).

This is a serious issue if you're a member of invite-only torrent sites where you don't get to download unless you've uploaded enough; it's also a serious issue if a lot of Comcast customers happen to use your BitTorrent-distributed product.

The "quality assurance" cover is completely bogus - that's not what's going on. First of all, they're not hampering my upload speeds, they're dropping the connection completely after a set amount of time. How, exactly, does my uploading stuff on BitTorrent affect other customers' experience? Increase the bandwidth bill maybe, but that's not what's going on... they could easily throttle the speed down, but that's not what they're doing.

I used to work for an ISP. Uploading doesn't hamper other customers' experience - downloading does. I think it's more plausible that they're being paid to screw up private BitTorrent trackers.

Should be shot

[norton_I]

People who inject fake RSTs into network streams should be shot.

This will lead to non-compliant network stacks which attempt to detect "bogus" RSTs and ignore them. And that cannot be allowed to happen at any cost.

It is fine for them to drop packets. It is a dick move, of course, when they sold people the bandwidth and don't let them use it, but TCP/IP is designed to deal with packet loss, and treat it as congestion. Fragrantly violating the network standards that allow communication between different networks to interoperate is literally trying to destroy the internet, and cannot be tolerated.

Re:Should be shot

Fragrantly violating the network standards...

I think we might have had the same guy install our cable! Tell him I said 'hi', next time you see him.

Archaic Cable shared node topology is to blame

[toadlife]

Check out this article posted by George Ou at ZDNet a couple of weeks ago.

The reason Comcast is doing this is because the shared node topology of Cable can't handle all of the connection requests. Similar to a bunch of Windows 95 boxes running NETBUI on a large non-switched network, bittorrent causes a a ton of contention. The result are packet storms which end up taking everyone out.

Of course Comcast won't say, "The reason we do this is because our entire infrastructure is shit and needs to be replaced." The stockholders wouldn't like that.

Re:Archaic Cable shared node topology is to blame

[toadlife]

Ok,

From the article that I linked to that you obviously failed to read:

Cable modems have a crappy upstream protocol. When it wants to send, it sends a request to send packet to the controller, and waits for a reply that gives it a time slot. But the RTS packet is sent in a contention slot, such that any two stations sending RTS in the same cycle will collide, and then nobody gets to transmit. The more data you have queued at the cable modem, the more likely a collision.

The network is physically large, with a long propagation delay relative to the size of the collision window. And when collisions start to happen, they ripple as more and more stations have data queued for transmission. So the only way to make this protocol stable is to actively limit the amount of data queued at the cable modem for upstream delivery, and only way to do that for Torrent is to stifle connections at the TCP level. I've tried to scheme up a better way to do this, and there isn't one.

First post!

[Harmonious+Botch]

I wonder if Comcast can deliver this on time...

Encrypt your P2P traffic!

[Carbon016]

This can be done in virtually all clients..for example, in uTorrent, set Encryption to "Forced" in your preferences. This isn't 100% foolproof but it seems to help a lot of Comcast users, among others with throttling and other P2P blocking measures forced on them from their ISP.

Re:It's not blocking per se...it's worse!

[SuperBanana]

They are illegally interfering with their customers' service

Since you've been modded up to "5, insightful"- would you care to tell us what is illegal about it? Extra credit for references to specific federal or state laws or regulations.

And, more specifically, if it is illegal, why this is (supposedly) pushing Congress towards net neutrality laws?

Comcast Censoring YouTube also??

[pfbram]

I'm a fan of YouTube (who isn't), but hadn't logged into my account for awhile and forgot the password when I tried commenting on a video. I had a reminder sent to my comcast e-mail account a day or two ago -- and it's been about 36 hours, and it never arrived! Assuming something was hosed with my YouTube account, I decided to create a new account, still no activation e-mail sent.

I then changed my YouTube preferences to my GMail account, and the confirmation e-mail arrived within like 2 minutes. No surprise, since Google owns both GMail and YouTube. But my curiosity was now aroused, so I changed the e-mail preferences on YouTube to my work account (I'm an open source programmer at a Big-10 university). Again, the YouTube confirmation came within like 2 minutes or so.

I logged into comcast.net under my main subscriber e-mail account today -- and deactivated ALL spam/filtering on that account. I then went back to YouTube and switched preferences back to my comcast account. It's been about 4 hours and, of course, there's been no e-mail from YouTube.

Anyone else notice this oddness between YouTube / Comcast? It irked me enough to create a little web site of it this afternoon, and post it on my blog as well (http://paulbramscher.blogspot.com/).

Re:Silver lining?

[Jah-Wren+Ryel]

How is it a silver lining that Congress may reconsider Congressionally mandated Federal control over the internet in the United States? Because they've got a pretty good track record so far.
Net neutrality was the rule of the land until just recently.
It is not something new, it is a return to the way it was only a few years ago.
In 2005 the SCOTUS ruled that broadband internet was an "information service," and not a "telecommunications service." Thus freeing broadband ISPs from the laws that have enforced "network neutrality" for telephone service for decades.

Re:Practices like these make me not want to give t

[merreborn]

I'm not sure comcast is *that* sad to see you go. Their entire business model is based on overselling their bandwidth. Their favorite customers are those that pay $50/mo for internet access, and then only check their email.

People like you and I, who actually use most of the bandwidth advertised, make Comcast little, if any profit. If all the heavy bittorrent users followed your example, comcast may well be able to cut their costs enough (with all the bandwidth savings, etc.) that they could stay just as profitable, if not more so.

Think about it. They're already *cutting off* subscriptions of the heaviest users -- they're obviously not concerned about losing that business.

IPsec and other stuff

[Skapare]

Use IPsec. Not only can they not tell what your packets mean (only where they are going and came from), but they cannot forge an RST since that also needs to be encrypted with the association key.

So they could do a man-in-the-middle attack on a simplistic key exchange done over IPsec. But that would require far more resources (they have to get in the middle of each connection) than they appear to be willing to use (RST forgery is about the cheapest form of net interference there is). So I think even minimal IPsec would bring this blocking to and end until such time as they want to invest in whatever it takes to mount an attack on IPsec. Then we just use a strong key infrastructure and end that.

If the protocol involved understood the work to be done (e.g. how many bytes to be transferred), it could also re-establish a new connection if the existing one got dropped, and resume the transfer ... until done or one end decides to not do this anymore.

Re:Define Net Neutrality

[Entropius]

Well, one way to do it:

1. No ISP shall give preferential handling to, modify, fail to deliver, or alter the content of traffic based on either its source, the protocol over which it is carried, or its content.

Exception: If a quality-of-service mechanism becomes widely used over the Internet, such as setting a time-critical flag on certain traffic (online gaming, VoIP, etc.), ISP's may give preferential handling to traffic so flagged, as long as:

a) the mechanism for requesting a higher QoS for certain traffic is widely known and available, such that anyone can use it;

b) the preferential treatment given to time-critical content is given equally to all traffic claiming to need a higher QoS without regard for its source, the protocol over which it is carried, or its content;

Exception: Traffic which is clearly and unambiguously malicious may be dropped. "Malicious", in this case, means either:

a) It is intended to interfere with the correct operation and control of the recipient's equipment, if the recipient of the traffic is a customer of the ISP. This includes, but is not limited to, denial-of-service traffic and exploit attempts. However, an ISP must honor a request in writing by a customer to cease filtering inbound malicious traffic to them.

b) It is generated by a program running without the consent of, and against the wishes of, the owner of the sending computer, if the sender is a customer of the ISP.

c) Such traffic consists of unsolicited commercial email, and the customer has requested that the ISP filter inbound email to remove spam.

how is this different than other big ISP's?

[NynexNinja]

All one has to do is look at the main competitor to Comcast, which is Verizon, and look at how they do the same type of stuff. They block outbound SMTP traffic except to their smtp servers...

iptables should be able to help

[Yossarian45793]

Can't you just write a iptables rule to drop RST packets destined for your bittorrent port? You could even get clever about it and drop RST packets that come out of the blue, but allow repeated RST packets to pass, so that connections that have really be reset on the far end can be closed.

Re:It's not blocking per se...it's worse!

[sumdumass]

While it is popular to claim something is illegal when the statement should be more like It should be illegal, I would be more along the belief that something like fraud or something along those lines.

I looked but couldn't find the a law on a federal level but saw a few state laws in passing that include using the Internet to commit fraud and causing the interruption of Internet services in that act. Now suppose that their interference can be considered defrauding you of services they sold you and suppose that interfering with the data streams was the method for doing this, even though it is on their network, I imagine something could be twisted enough to apply.

I look at it this way, Suppose you purchased a printer that printed 20 pages per minute. Says so right on the box and on the printer itself. Now, when you get home, you find that you have to buy the turbo module at a cost more then the printer in order to get that advertised performance. And when you complain, they tell you that it is done this way to protect their supply network. What sort of laws apply? Suppose that you have to feed the paper manually one sheet at a time and push a button after it is started without the turbo module which could be similar to having to monitor and restart your torrent or whatever.

Now, what sort of laws would apply, would they be criminal or civil in nature, and seeing how comcast is a regulated entity, is there a state oversight organization that fields complaints already. In ohio, the public utilities commission has some oversight of time warner I think. I have used them in the past to help get complaints again Cell phone providers taken care of. I think it probably is illegal in some way under some laws. I just don't know the specific ones or if I am correct in that assumption. But the oversight necessary might already be there.

Comcast sells the Internet, not some Internet like service. Their willful failure to deliver reliably might not sit well with local regulators either. At minimum, they should be forced to be honest and up front about their tampering with P2P applications before you purchase their service. and where there are no other options because of Comcasts government granted monopoly, there should be a way around it.

Re:Good for them

[Al+Dimond]

Although you're marked as a troll, you're stating the honest opinion of lots of people and the opinion that shapes policy of many companies. So I'll bite. I think your characterization of BitTorrent users, looked at by the numbers, is probably true. While there are people using torrents to distribute content that's both legal and non-commercial (Free Software, for example), it probably makes for a pretty small percentage of the total. But that doesn't matter. The Internet is a network of peers. That's how it was designed, and I believe that's how it ought to stay. The more rights to communicate are gated by money and elitist policies the fewer voices contribute. You need to pay big bucks to get a fat pipe, but you shouldn't need to pay big bucks to get all the protocols. That's what the Internet means on a technical level. If you're not selling me that, you're not selling me Internet access, you're selling me "Web and Email access". If you want to offer that as a product, go ahead. But it's *not* true Internet access.

Blocking SMTP or XYZ service kind of makes sense

[davidwr]

Blocking-by-default services which are abused by robots and which provide no value except to those who should know enough to ask for them makes a lot of sense.

These days, that's outbound mail, outbound SMB/Windows-networking, and all inbound ports other than DHCP-related ports. However, any customer who needs to should be able to log into their ISP account and say "I run IRC, turn on relevant ports," "I run eDonkey, turn on relevant ports," or "I run XYZ, turn on relevant ports" or even "I'm an expert and I'll take responsibility for my own security, remove all protection and feel free to suspend my account at the first sign that any of my computers sends more than ___ messages in ___ period of time or is otherwise causing harm."