Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sandvine CEO Says Internet Monitoring a Necessity

Posted by kdawson on from the for-his-business-model-maybe dept.

Khalid Baheyeldin writes in with a CBC interview with the CEO of Sandvine, Dave Caputo (bio here). Sandvine is the Waterloo, Ontario-based company that provides the technology that Comcast and other ISPs use to overrule Net neutrality by, for example, injecting RST packets to disrupt Bittorrent traffic. Caputo says, among other things, that Internet monitoring is a necessity. Some of the comments to the interview are more tech-savvy than the interviewee comes across.

1 of 171 comments (clear)

  1. Beating Sandvine by Misanthrope · · Score: 5, Informative

    http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-linux-iptables.html [blogspot.com]
    If you are running linux or a linux based router with iptables give this a try. My speeds returned to pre-sandvine levels.

    "If you are using a Red Hat Linux derivative, such as Fedora Core or CentOS, then you will want to edit /etc/sysconfig/iptables. First, make a backup of this file. Next, open this file in your favorite text editor. Replace the current contents with this, substituting 6883 with your BitTorrent port number:

    *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
    -A INPUT -i lo -j ACCEPT
    #Comcast BitTorrent seeding block workaround
    -A INPUT -p tcp --dport 6883 --tcp-flags RST RST -j DROP
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    #BitTorrent
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 6883 -j ACCEPT
    -A INPUT -m state --state NEW -m udp -p udp --dport 6883 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    COMMIT

    Reload your iptables firewall with service iptables restart. You should now see a great improvement in your seeding.

    If you are using Ubuntu or another non-Red Hat Linux derivative, then place the following in a file and execute that file as root.

    #!/bin/sh
    #Replace 6883 with you BT port
    BT_PORT=6883

    #Flush the filters
    iptables -F

    #Apply new filters
    iptables -A INPUT -i lo -j ACCEPT
    #Comcast BitTorrent seeding block workaround
    iptables -A INPUT -p tcp --dport $BT_PORT --tcp-flags RST RST -j DROP
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    #BitTorrent
    iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport $BT_PORT -j ACCEPT
    iptables -A INPUT -m state --state NEW -m udp -p udp --dport $BT_PORT -j ACCEPT
    iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

    Your firewall is now configured and you should have great upload speed now. You will have to run this script every boot, by the way. One easy way is to call the script at the end of /etc/rc.local."