Slashdot Mirror
AT&T Denies Resetting P2P Connections
betaville points out comments AT&T filed with the FCC in which they denied throttling traffic by resetting P2P file-sharing connections. Earlier this week, a study published by the Vuze team found AT&T to have the 25th highest (13th highest if extra Comcast networks are excluded) median reset rate among the sampled networks. In the past, AT&T has defended Comcast's throttling practices, and said it wants to monitor its network traffic for IP violations.
"AT&T vice president of Internet and network systems research Charles Kalmanek, in a letter addressed to Vuze CEO Gilles BianRosa, said that peer-to-peer resets can arise from numerous local network events, including outages, attacks, reconfigurations or overall trends in Internet usage. 'AT&T does not use "false reset messages" to manage its network,' Kalmanek said in the letter. Kalmanek noted that Vuze's analysis said the test 'cannot conclude definitively that any particular network operator is engaging in artificial or false [reset] packet behavior.'"
It's ironic that in America, the country that much of the basis for the Internet hails from, seems to be regressing in Internet access. In Eastern Europe, more and more people enjoy fast and unthrottled connections, and ISPs don't care how many gigabytes of traffic you pull in each month. One ISP I know in Romania helped alleviate demands on its network by setting up a DC++ server where people could share films and music with people from the same city, not by penalizing customers.
Did Vuze ever confirmed that P2P connections created resets? or its just the reset count from the plugin?
I can say that they never reset conne
And think of the developing countries that will follow suit.
I'm far less worried about Middle Eastern terrorists than I am about these telecom terrorists who wish to disrupt our God-given right as Americans to communicate openly and freely.
Hah. I remember when DSL first came out and I waited to get that instead of cable I got some comments from friends but Verizon seemed to make sense to me vs the more shared bandwidth of cable. I knew it wouldn't take long for customers to start complaining about not getting all the bandwidth promised and other measures enacted to restrict user's bandwidth. Based on comments here and from friends and relatives. Instead of blocking p2p they do stuff like this http://www.crn.com/software/206903773
Verizon wireless internet services are a different story it seems.
I'm on AT&T, and I use P2P about once a week, and I've never seen any resets in my router log.
No! No! We are not screwing our customers to maximize profits!
Basic principle of greed you try to do as much that is legally and ethically grey; and then deny it until you are finally dragged kicking and screaming into court.
The Long Now Foundation
"suggesting that industry forums like the Distributed Computing Industry Association would
provide a better means for addressing such questions."
That the computer worlds version of a closed door human rights meeting for despots and dictators?
Just tell your consumers the truth Charles, you missed a decade of upgrades.
Domestic spying is now "Benign Information Gathering"
I see your point, but Bittorrent wouldn't need the ISP to "alleviate demands on its network," as it would share with nearby peers.
AT&T may not be throttling P2P. As an AT&T DSL victim^H^H^H^H^H^Hcustomer, with their use of PPPOE (setting up a PPP connection -- the protocol used for dialup -- to tunnel over ethernet) and generally crappy service, my PPP connection drops and IP therefore changes very frequently (more than once a day). I would imagine that the TCP RSTs are caused by these connection drops more than anything else.
It's unfortunate that in the cheap end of the "broadband" segment ($30/mo for phone line + 768k/256k), AT&T DSL is really the only option, at least in my area.
use anything on Joost and record your network logs 6-12 hours after. you will still register numerous hits per minute from AT&T regional hubs.
In the past, AT&T has defended Comcast's throttling practices, and said it wants to monitor its network traffic for IP violations.
I'm KEEPING 12.308.1.273, I don't care how many IP rules it violates!
I was an ATT dsl customer for a year. I am also a CCNA. No matter how I configured my gateway with open ports and allowed applications I always experienced resets. Red light would blink, traffic would stop, and I would slowly start to reconnect to peers. I never tried a different modem, just dumped their services. If you can put up with slower speeds cellular broadband has been bliss.
Sounds like the Romanian ISPs don't have the RIAA, MPAA, and courts breathing down their back about the illegality of transferring movies and music.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Any chance that the reset packets could be sent from someone else? If AT&T can send a reset packet that looks like it's from the person on BT you are communicating with, what's to stop other users from sending a similar packet. If I was on AT&Ts network, could I forge a packet that looks at though it was from another IP Address? Sure I couldn't get a response back, but I would only be sending out reset packets, and wouldn't want any ACK back for my bogus reset.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
As someone from Europe its my experience that ATT is probably one of the worst ISP's there is. They have no consideration for their customers, they even actively censor their customers and in most cases the customers doesn't even know!
I've experienced several times that ATT simply didn't acknowledge our mailserver and just refused to accept any e-mails. Ofcourse this is in direct violation of the RFC's. And then there's the small detail of customers never knowing if they had their e-mail blocked.
Then i guess their network just sux.
---- Booth was a patriot ----
The exact quote from the AT&T CEO was more along the lines: "We never reset P2P traffic, it's simply a fact we've built a crappy network."
And as usual someone fails to see the obvious.
It is not important HOW those resets came to be. We don't care. We only care about the percentage as a (lack of) performance metric of the provider.
I have an AT&T DSL connection. I've used it for years. I've also beaten the heck out of it for years with massive downloads, uploads and the like. It has worked fine, until the last few months. Now, whenever I have a P2P Torrent going a day or more, I know my connection is going to lock up completely anywhere from 20 to 28 hours into the process. The only solution is to hard boot my DSL modem. It then happens again, about once a day, until I stop the torrent.
Coincidence? I think not.
Steven
Well, they have ... once or twice a year you hear about raids by ORDA (Rumanian Intellectual Property Rights Office), networking equipment confiscated and hefty fines paid. Quite the same rate as in US, considering that Rumania is only 22 mil.
What is different: real competition in the market. About half of the home connections are managed by small companies with a few thousand to some ten thousand customers, and the rest is split between three big guys with cable connections and three with wireless connections, one of which is the former state telecom company. Competition is so big that you can have at least four or five offers at the same time in the same location: Romtelecom, one EVDO/CDMA network with reasonable bandwidth, two G3 networks I never used but heard good things about quality of service, one of the big cable tv companies (there are two, but they avoid competing with each other) and at least one of small companies.
The small companies usually have bittorent trackers and DC++ hubs. I think they can afford to pay the fines, but cannot afford to lose customers.
I've had AT&T for years, and use p2p extensively. I have never had a single problem with dropped connections. I download up to hundreds of gigabytes per month, and upload several gigs as well. If AT&T was really doing this, I'd know it.
Furthermore, they aren't sampling anything but P2P traffic, there's no sampling of something benign like web traffic or gaming traffic. If there was some sort of control group involved, I would be more convinced. But the fact is that there isn't.
Using this methodology, one could produce a study saying pretty much anything. For instance, you could "show" that car manufacturers design their cars to experience mechanical failure at between 20,000 and 25,000 miles by producing a list of incidents where such a thing happens. Of course, cars fail at other times too, they even fail at a higher rate later in their lifespan. But if you only look at cars that are 20,000-25,000 miles into their lives, you would never know, now would you?
TCP resets can occur for many reasons. All that client software can know and report is that the TCP reset occurred. But, for example, it can't know whether it got a reset because the software on the other end of the connection crashed, or had a bug, or the computer was turned off, or there was some corrupted communications between the two causing the TCP connection to get confused and need to be reset. This is all explained at http://www.tcpipguide.com/free/t_TCPConnectionManagementandProblemHandlingtheConnec.htm (for example).
Vuze's test only counted reset rates, so it can't prove anything about what's going on. At most, it could suggest areas where it might be productive to do more investigation.
Enable 3D printed prosthetics!
I guess the time for the encrypted, anonymized overlay networks is now.
at least they're now figuring out that it's a frowned upon practice. Even if they ARE doing it, they are best off hiding it. Well, that's going to do quite a bit to help The Net Neutrality movement if/when the truth comes to light.
ATT said for the longest time that they never allowed the FBI full access to their network. Then later they claimed it was all post 9/11.
Then it was shown that ATT and others provided it by at least feb/2001. The fact that 9/11 occurred is the strongest evidence that unlimited wiretapping does not prevent it, or it shows that the FBI was not using the wiretapping for checking for terrorists, but checking for other crimes.
They are unlawfully spying on you and should be tried for their choice to commit felonious acts.
If they don't give a shit about OBEYING THE LAW, why the hell would they care about Customer Service?
Technology -- No Place For Wimps! Grateful Dead and Jerry Garcia Chatroom -- http://www.wemissjerry.org
This approach to testing is stupid. One correct approach is to record all the packets sent and received at both ends of the connection, then compare them after the session. Any unexpected packets are bogus.
There are some routers that will generate bogus packets through out and out bugs. The Sveasoft Linux software for Linksys routers had that problem a few years back. If you had more than one or two packets queued for the air link, some of the packets would get garbled. Most users never saw this, because they were connecting to the Internet via a low bandwidth link. In that mode, you can't saturate the air link, and you never build up a transmit queue. We were doing big downloads from a local file server to a local client, with no traffic to the outside world at all. (We were using this for a robot vehicle, with long debug logs and code updates being transferred.) An FTP connection wouldn't work for more than about fifteen seconds. It would stall, retransmitting until the connection timed out. We finally put packet sniffers on the links and found out that TCP packets were being garbled by the "internal firewall", even when it was supposedly turned off. The garble wasn't random; it occurred in a repeatable way that made each TCP retransmit fail.
In 2007, I found a transparency problem with Coyote Point load balancers. This one would mysteriously block connections. If you made an HTTP connection through a Coyote Point load balancer, and sent an HTTP header with a "User-agent" string ending in "m" but not containing another "m", and the HTTP header contained no additional fields, the load balancer would not pass any TCP packets to the systems behind the load balancer. This turned up on a site where I know the people who run the site, and we did packet dumps on both sides of the load balancer to confirm this. Coyote Point parses HTTP headers with regular expressions, and I suspect that, somewhere in the built-in rules, someone wrote "\m" where they meant to write "\n". In a typical non-response, Coyote Point suggested we upgrade the load balancer. I pointed out that Coyote Point's own site had the same problem.
So a good network transparency test for end users would be a useful tool to have around. The existing tools tend to be part of protocol analyzers, and assume the user knows TCP/IP/Ethernet down to the bit level.
I've had had to power-cycle my modem several times while my roommates were using bit-torrent.
Sounds like those laws and fines are pretty ineffective. If the fine for stealing $500 is a $300 fine, then people would make tons of money off just stealing, because they would actually be making a profit. Which is why repeat offenders get even larger fines in order to try to stop them from doing it, because the first punishment wasn't enough to deter them. If the ISPs refuse to comply with the law because it ends up making them money, then they should be fined more. The whole point of fines isn't for them to be paid, and then you go merrily on your way and continue breaking the law. The point of fines is to stop you from breaking the law.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
New ATT&T routers (2Wire based) have a "spam" function that will reset your router if it detects:
Spam
P2P
2 people refreshing COD4 servers simultaneously
According to the ATT&T technician I spoke with this is "intended" to protect the network against spam. So really, there's no way to possible log how many times this happens to people on the client side. If too much traffic passes through your 2Wire, it will reset until you basically get so frustrated you decide P2P and looking for COD4 servers on multiple PC's is unethical.
... is why ISPs want to be in the business of monitoring their networks for certain content. Aren't they supposed to have common-carrier status (which, AFAIK, is supposed to mean that they're agnostic about and not responsible for the traffic on their networks)? Why do they want to spend money on engineering and PR damage-control for all this if they could just ignore it?
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
- the United States
- the USA
- the US
Comcast is most likely the source. Comcast is sending RST packets to both ends of the P2P connection, not just their subscribers. So simply having a large number of RST packets may simply mean your P2P client is connected to a large number of Comcast clients. We have know for a while that Comcast is sending the packets to both their own customer and forging a packet to their customer's destination. If Comcast wasn't sending the packets like that, all it would take would be a firewall filter to drop incoming RST packets on the in-bound P2P port used, and all Comcast P2P users would be fine. But we know this not to be the case, because we learned through tests, that BOTH ends need to have that filter in place for it to keep Comcast from resting the connection.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
While it could be TCP resets, as I see someone talking about in a comment above, Time Warner being pricks is so much more attractive...
-- haaz.
Coincidence? I think not. I had this happen regularly with my router (linksys). Since home routers are so cheap, I ended up replacing it, and never had it happen again. So I can't say whether the lock-ups were caused by hardware, firmware, etc., but I can say that in my case it wasn't the ISP.
Enable 3D printed prosthetics!
... is why ISPs want to be in the business of monitoring their networks for certain content. Aren't they supposed to have common-carrier status (which, AFAIK, is supposed to mean that they're agnostic about and not responsible for the traffic on their networks)? Why do they want to spend money on engineering and PR damage-control for all this if they could just ignore it? They don't. I've never heard of any ISP who's monitoring their network for specific content, because it raises all sorts of legal questions.The reason that ISP's are starting to manage traffic it is due to capacity issues - changes in user behavior (e.g. viewing high quality video online, p2p) dramatically increase the bandwidth consumption per user, causing demand to exceed available bandwidth.
Given that demand exceeds current supply, and expanding capacity is time consuming and expensive, some ISP's appear to be managing traffic in a protocol-specific way (i.e. deliver time-sensitive VOIP traffic before HTTP page views before P2P seeding), and others appear to be managing traffic in a protocol-agnostic way.
Of course, many ISP's are building out to have capacity that exceeds demand. This is expensive and time consuming (e.g. Comcast has started deploying DOCSIS 3.0, but it'll take years and billions of dollars to upgrade everyone, Verizon has been rolling out fiber to the home, but again it'll be years and billions of dollars before fiber can completely replace DSL). And, in lower population density areas, or parts of the world where people can't pay much for broadband, the cost of providing more capacity exceeds what people are willing to pay, so traffic shaping is the only viable answer.
I've seen some people say "They sold me X bandwidth, and now they're not delivering it". They're confusing two very different types of bandwidth, capped and committed.
Capped bandwidth is cheap, because there are no guarantees other than that you won't get more than a certain amount. This is what home users generally buy. So if you read your ISP's terms, they probably are very clear that you're getting "up to X" performance, but with no committed performance, or even availability. For this, you might pay $60/month for 20 Mbps, or $3/Mbps.
Committed bandwidth is expensive, because the ISP reserves resources so that you can always get all the bandwidth that you're paying for, with financial penalties to the ISP for slowdowns or outages. For this, you might pay $359/month for a T1 line giving you 1.5 Mbps, or $239/Mbps.
What this means is that if you pay for capped bandwidth, you're making the choice of saving a lot of money by buying unreliable bandwidth. If you really, really want committed bandwidth, you can do what web sites and businesses do, and pay for committed bandwidth.
Enable 3D printed prosthetics!
I just wonder how they are differentiating between forged RST packets and legitimate ones from the other client that is closing the connection. These numbers could be a lot higher than they really should be.
If I recall it correctly, Comcast adamantly denied
they were doing anything with the P2P folks until
the numbers started coming out stating otherwise.
Now that the evidence is mounting and the FCC has
their spotlight on them, they want to be all
apologetic and use the " Lets all play nice "
card.
Hell, AT&T won't even admit they run a dedicated
fiber line over to the NSA folks. It'll take
full blown immunity from litigation before they
EVER admit to that one.
Make no mistake about it. The people are not going
to have the ability to change the corporate way of
thinking when it comes to Internet Service. It will
take government level involvement ( or the threat of
it ) before this bullsh*t stops. The big boys don't
like Big Brother looking over their shoulder any more
than the rest of us do. . . . .
What are you going to do ? Drop them as your ISP
provider ? LOL Yeah and if you're lucky to HAVE an
alternative you would have already done so by now.
They enjoy monopoly status and they know it. They
know if you want broadband service at all, you're
pretty much stuck with them.
Until the monopolies are broken up for broadband
providers, the companies cannot be trusted to police
themselves as they have little reason to do so. They
don't have to compete with anyone.
It could also the the OS or BT software that you are using. A few years ago (not sure if it's still the case), I used to get 3-4 time the speed when downloading torrents in Linux as I did in Windows. Currently I can max out my connection in Windows, but
College-Pages.com - Online Colleges, Degrees, and Programs
So don't hold your breath. If they can tell what hosts you are communicating with, they can determine everything else. They are either at an ISP or a backbone provider (or in your basement, if you're the paranoid type).
1. a freebie, we presume the forger knows the IP of the machine to interfere with
See http://kerneltrap.org/node/3072 for some math on it. It's still less than one in a billion without attracting attention to yourself on some level.2. the destination port is straightforward to guess
3. the sequence number is easy to fake out due to widespread use of TCP size windows.
If opportunity came disguised as temptation, one knock would be enough.
3^2 * 67^1 * 977^1
It's not all that surprising. Everyday our government (the americans) is trying to impede in on the internet. Anytime our government trys to get it's greedy hands on something it ruins it. None of the governmental programs we have function correctly, we're a country in debt beyond anyones wildest dreams, so having a crippled internet is not surprising. We don't have an economy, a trade imbalance beyond anything, goverment that does whatever it wants, the corporations run the country and with the types of corporations we have, nobody needs enemys. I have friends also in other countries and they always say how better things are getting on the internet. Where I live comcast is peddling slower speeds just to get you online. I had 20mbit at one time, they sent out advertisements saying "we're doing this for free", now im right back down where I started from, 8mbit, and the bills just keeps going up.
And it's always the Europeans that accuse US of not knowing geography. Hmph.
hmm... the difference is that AT&T is a link in the chain of computing systems that sends packets between you and your friend. a random hacker doesn't have direct access to your packets like that. that means you can't see as much about the connection, and it'll take more work to fake the reset packet.
It's obvious. The vast majority of content creators are American, and it's easier to sue if you aren't crossing international borders.
You need to do some reading up on how IP works.
http://www.tech-faq.com/tcp-sequence-prediction.shtml
You dick, it says right there on the wiki not to mention it on slashdot yet, due to slash. high publicity...
So isn't it actually more important to know, for each user, how many RST packets are forged as coming from their IP and sent to other users, not how many are received by each user? That would mean the results of this Vuze sample would be RST packets potentially generated by other ISPs, right?
Improve P2P with P4P. Learn more! [pandonetworks.com] I like how their charts start at 400 peers. I can't remember the last time I connected to a torrent that had over 400 peers. Where's the rest of the chart? You know, the part before it plateaus.
> "... 'AT&T does not use "false reset messages" to manage
/very/ specific, and not absolutely denying the accusation overall.
> its network,' Kalmanek said in the letter. Kalmanek noted
> that Vuze's analysis said the test 'cannot conclude
> definitively that any particular network operator is
> engaging in artificial or false [reset] packet behavior.'"
Interesting that they're denying something
also interesting that they're effectively saying "could be, couldn't say for sure".
What I don't understand is why a carrier corporation - one that is paid by the sender of the data to move data around - thinks it has the right to specify what sorts of data get transmitted from one client to another.
Next minute electricity corporations will start saying that they'll only deal with 100,000, 22,000, and 11,000 volt electricity and not with 240 volt electricity, as 240 volt electricity has become too popular, and that popularity is causing them difficulties in supplying 240 volt electricity. Clearly many of the things they're using that electricity for are illegal - such as staying up late at night and reading when they should be in bed asleep.
This is, after all, known to be a fact because the grandmother of a neighbour three blocks away happened to be driving past one day and saw at least one lamp glowing in the house.
Its a 15 watt night light you say? Sorry but I believe your three-blocks-away neighbour's grandmother more than I believe you.
Has she paid me to disconnect your 240 volt electricity? I don't think I need to divulge that sort of corporate information to you. It might be, but could not be the case for sure.
I've had some bad issues with RST packets in the past which were generated by the modem or whatever. Also back in the day they were frequently used to disconnect people from IRC.
These issues can be solved easily by filtering those packets.
iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
(Please correct me if the command isn't entirely correct.)
It might fix the entire problem, it would be worth a try.
Posting of MP3 files is a copyright violation. We do not patrol or monitor the public Usenet newsgroups but the local-only newsgroups (the internal Worldnet newsgroups) are our responsibility, and we may be liable for copyright issues.
As such, MP3 postings should not be placed in the members-forum.non-text newsgroup, or any Worldnet internal newsgroup, and will be removed. The members-forum.non-text newsgroup newsgroup was not intended for MP3s and should not be used for that purpose.
There are available public Usenet newsgroups dedicated for those types of posts.
We appreciate your cooperation, and thank you for your understanding. http://care.att.net/bulletins/general.html#Newsgroups&MP3s
From a network standpoint, it's doubtful that they're the originating host. The packets are forged, therefore anybody can forge them (because it's already not from the true source, right?). There are many, many, many routers on the Internet and any one could send a reset.
Perhaps the spillover 5% is from connections to Comcasties? If Comcrap is already willing to forge identities, why wouldn't they just break TCP and send RST's to both?
In any case, the submitter is grossly overrepresenting the Vuze tests (at least Vuze isn't overrepresenting their tests). I'd like to see more controlled tests, like against static servers on a known-good ISP.
Is a RST a normal network behavior? If I send millions of millions of packets, what's the normal RST rate? Or is it only an error condition?
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
America is the home of Hollywood, and a big chunk of the worlds popular music. Why are you surprised that the nation actually making all this stuff acts harder to stop it being taken for free?
I'm sure nobody in Romania cares what impact file sharing has on American jobs.
DRM-free indie games for the PC and Mac: Positech Games
Shouldn't the big networks instead take steps to improve the efficiency of filesharing applications, rather than trying to curtail them?
If the big networks like AT&T are honestly troubled by the use of torrent - which according to some reports is something like 90% of all internet traffic - it seems that the best technical solution would be to install distributed torrent nodes and predictively cache files in closer proximity to their destinations.
They could outsource it to Akamai... just a thought.
-- thinkyhead software and media
After I recently purchased an advanced firewall router I became aware of the spurious RST packets that will appearing in the COMCAST environment. I had my firewall router configured to report these packets by email and I received so many of these emails I had to discontinue the reporting. During the time I say the packets, I was not using any p2p protocols but in fact was using a web browser to operate the ebay website. I did notice these packets around the time web content was being provided by akamai servers. I don't pay COMCAST to insert pirate packets into my communication stream. They don't belong there. Retries exist to made protocols more robust and not to allow traffic shaping by spurious RST injection to operate a certain way that pleases an ISP.
It's not ironic at all. We used to have liberal p2p access in the states also. As progenitors of the net, we probably had it before everyone else.
What should really concern you is the ripple effect. The net's trends start here in the US, which means your country's lagtime is the amount of time, starting now, that you have left before this issue becomes a headliner in your country. Unless, that is, we in the US can make legislation decisive enough that other countries won't even want to try it. Unlikely on both counts, however.
So, as your country's net usage becomes more heavily saturated, you too will get to debate about net neutrality.
Deny all they want. I continually have to reset my modem when uploading via ftp to my website just for maintenance! Even with as little as 3k sometimes! Often I make all my changes at home, and end up uploading it from work. When I contacted them about this, they stated there was a problem on the line and they would have to send someone out to check it out at my expense (if it was a non-comcast issue). Not 2 hours after this call did my speeds pick back up. However a few days later, back to normal. I avoid uploading via ftp like the plague now. Comcast _was_ a wonderful service for me in the past with no issues. Looks like the good times are over.