Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher's Tool Catches Net Neutrality Cheaters

Posted by samzenpus on from the why-so-slow? dept.

Sparrowvsrevolution writes "At the Black Hat security conference in Las Vegas Wednesday, researcher Dan Kaminsky announced he will release a free software tool for detecting when an Internet service provider is artificially slowing down or speeding up traffic to and from a website, a tool he is calling N00ter, or 'neutral router.' N00ter functions like a VPN, routing traffic through a proxy and disguising its source and destination. But instead of encrypting the traffic in both directions as VPNs do, it instead spoofs the traffic from a Web site to a user to make it seem to be coming from any Web site that the user wants to test. That traffic can be compared with a normal connection to the N00ter server without a spoofed IP address, to spot any artificial changes in speed."

25 of 131 comments (clear)

  1. Very cool tool by Anonymous Coward · · Score: 3, Interesting

    Now if only, instead of asking the violent State to force ISPs to maintain a transparent internet, these people would form a voluntary 'Association of Net Neutral ISPs' so that people can vote with their money.

    1. Re:Very cool tool by Winchestershire · · Score: 2

      I agree. If implemented, I could see ISP's trying to distance themselves from throttling. The only problem is, you need a sizable group of consumers to actively participate in order to have enough "teeth" to give the ISP's a metaphorical bite to the rear.

    2. Re:Very cool tool by ObsessiveMathsFreak · · Score: 3, Insightful

      And where will these Neutral ISPs get all their bandwidth? Why, from the big telcos, and we're back to square one.

      You can believe whatever you want to about "violent states", but I believe that strict regulation with competition provides the best service. Letting private companies do what they like provides only chicancery, poorer services, and ultimately the collapse or failure of the entire system.

      The "violent state" needs to step in and tell the Big Telcos how high to jump. If they object, they can simply surrender their operating licences and go home, and the government can take their assets into custodianship in the national interest. This is a responsible way to run an essential public utility and not dissimilar to the way banks are run--in the US at least.

      --
      May the Maths Be with you!
    3. Re:Very cool tool by WrongSizeGlass · · Score: 2

      these people would form a voluntary 'Association of Net Neutral ISPs'

      Voluntary self-regulation only works until the participants decide it's in their self interest to no longer participate. State intervention isn't a great idea either, but someone needs to look after the people/consumers and I'm afraid business & government will each server their own interests (or that of their lobbyists) when implementing some sort of regulation.

    4. Re:Very cool tool by dkleinsc · · Score: 4, Informative

      With telecom, the libertarian solution simply doesn't work.

      Basic micro-econ depends on the idea that if the price of a good goes too high, more sellers enter the market to take advantage of the higher profits, which lowers the price due to competition, so the price returns to equilibrium. Equally important, if the price goes too high, buyers get priced out of the market and stop buying the service.

      However, with telecom, new sellers can't enter the market without regulations to support them. A new seller in the telecom market will not be able to get in - any established competitor (call them BS&S) won't make peering agreements at reasonable costs (because the value of the peering agreement is much greater to the newcomer than BS&S), which means any customers of the new guy won't be able to reach the vast majority of people with phones, which means nobody will become a customer, so the newcomer quickly goes out of business. Therefore, the government adds in a regulation requiring peering agreements at the cost of setting up the pipe between the peers. But now the newcomer has to get a signal from their switches to the customer, which means they have to either run lines to all of its customers (while BS&S can use the lines already there), or lease access to the lines from BS&S, who will charge a high enough price that the newcomer can't offer a lower price than BS&S, so the newcomer can't get any customers and goes out of business. So the government adds another regulation requiring BS&S to lease line access at cost.

      And you also have a situation where BS&S refuses to serve rural customers, or charge ridiculous prices to do so, because it's much more expensive to run a line out to them. The rural citizens complain that it's unfair that they have to pay $300 a month for phone service while city folk get it for $30. So the government adds another regulation saying that all competitors must sell the same service to all customers at the same price. But that means that the newcomer who's trying to enter the market by undercutting BS&S on price can't manage in a rural area because the cost of getting to the more remote customers is too high to make anything on it. So now the government has to differentiate between competitors who are required to serve rural customers at the same price as city folk from competitors that don't because they're newcomers.

      And the story continues, but the point is that governments don't just write regulations for the heck of it, and most of the telecom regulations exist for a reason.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    5. Re:Very cool tool by gx5000 · · Score: 2

      I can see a lot of us jumping in, Bell and Rogers should take note.

      --
      End of Line.
    6. Re:Very cool tool by FredFredrickson · · Score: 2

      Stop being so levelheaded. Libertarians understand full well that privatizing limited resources will work just fine. I was going to level the entire state of MA and make it multiple different private highways, so that YOU the consumer have a choice. Don't go against the grain here. Anybody could enter the telcom market, all they have to do is be innovative. How about wires held in place by a fleet of helicopters? You never thought of that!

      LOL.. in other words, this level headed post of yours should make sense, but I bet a lot of people disagree with you.

      --
      Belief? Hope? Preference?The Existential Vortex
    7. Re:Very cool tool by GooberToo · · Score: 3, Insightful

      There is a difference between throttling (which absolutely is net neutral) and throttling to a specific website (which is not net neutral). I point this out because without fail, people here always conflate the two and mistakenly believe all throttling is both bad and non-neutral.

    8. Re:Very cool tool by Opportunist · · Score: 2

      This could work if we could actually vote with our money. Sadly, we cannot. No, not even in countries where there's more than one ISP available.

      You currently have a perfect example right over in Europe. Austria, to be more exact. Austria boasts a huge number of mobile providers for such a small country (IIRC they have 4 mobile carriers), and a rather broad selection of ISPs (pretty much at least 3 ISPs anywhere, plus some more in towns). It should be the place where voting with your money should be easily possible, if anywhere. I doubt any other country has this rather big choice of carriers.

      One of those carriers started implementing a "sevice fee". Pretty much a hidden price increase, you now pay X bucks a year on top of your monthly subscription fee. Of course, the first reaction of people was to drop them like they're hot and move to another provider (which is quite possible in Austria, since the law states that if your provider changes the contract unfavorably, you are allowed to terminate with no penalties).

      Now, not two months later, ALL of them are coming around with a "service fee" of some sort. Most even charging the same amount of money like the role model.

      Now please tell me how someone should vote with his money in a cartel situation like this? And they have about the most favorable initial situation from the customer's point of view that I know of. How much better could this be in any other place where you only have one or two ISPs to choose from?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    9. Re:Very cool tool by Freddybear · · Score: 2

      Actually, the libertarian solution would work just fine. It just wouldn't necessarily give the result that you wish you could impose by force.
      If that's a "failure" then it's simply your failure to deal with reality as it is, instead of as you wish it could be, if you could impose your wishes by force.

      Yes, telcos have a massive investment in infrastructure, so new providers are at a disadvantage. Using the force of government to try to change that costs everybody more.

      Yes, rural customers pay more, because it costs more to serve them. Using the force of government to try to change that costs everybody more.

      Yes, governments write regulations for a reason, the reason just isn't what you wish it would be. http://en.wikipedia.org/wiki/Regulatory_capture

    10. Re:Very cool tool by Antique+Geekmeister · · Score: 3, Insightful

      There is a great deal that is "inherently bad" about throttling. It adds complexity and phase delay to all network traffic, it often creates new single points of failure to force the traffic through the relevant "traffic shaping" device, and it's quite expensive to implement in hardware and to maintain.

      Its actual use is often to protect over-committed networks from actually providing the paid for connectivity to all customers. It's often badly implemented and interferes with latency sensitive traffic such as the very games and video for which customers pay high bandwidth prices, And it's often tied to routing manipulation, where the BGP tables of the routers are manipulated to channel traffic through the less expensive but poorly connected routes owned by your local carrier, degrading overall connectivity, and to channel traffic through the traffic shaping servers themselves. The results are chaotic for customers.

    11. Re:Very cool tool by Caesar+Tjalbo · · Score: 2

      One problem with your assessment, ObsessiveMathsFreak, the majority of those big telcos are also ISP's, so they to would be set to the same standards.

      Making it even more difficult is that telcos see the usage of their mobile services change significantly from calls and SMS's to data usage, effectively changing them into ISP's. In The Netherlands we've gotten 'net neutrality' legislation because of the telcos. The problem is that they don't want to be seen as ISP's (in their smart phone business) but prefer to continue to charge for separate items (like a Skype conversation or a bundle with certain apps) and also would like content deliverers (say Youtube and Facebook) to pay.

      The outcry from the telcos is there of course, just like the outcry of a few ISP's which offered filtered internet on religious grounds. But so was the outcry of consumers and politicians when we found out that telcos were using DPI and we now find out they collectively start offering expensive data-based subscriptions.

      What you're looking for is some balance between the power of telcos and ISP's on one side and the freedom of customers on the other. If that's skewed I think it makes sense to try to assess the amount of competition in the market. If that's too low, regulation certainly is an option.

      --
      "I'm not much interested in interoperability. I want substitutability. I want to be able to throw your software out."
    12. Re:Very cool tool by NeverVotedBush · · Score: 3, Informative

      No. It doesn't mean a network is overcommitted. It may be overcommitted if everyone goes as fast as they possibly can with no throttling, but if you have tiered service then you need to make sure that people who don't pay for the bandwidth don't take away from the people who do.

      You can't hang your argument on saying because it is badly implemented by some, it is bad by default.

    13. Re:Very cool tool by GameboyRMH · · Score: 2

      Then why hasn't the US telecoms cartel been busted up? You see the exact same behavior with cellular billing.

      But of course they're not officially a cartel like OPEC and there's no way to prove that they coordinate these customer-screwing actions. So you're fucked.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    14. Re:Very cool tool by JMJimmy · · Score: 2

      Here's a real life example:

      I purchase a connection advertised at say 2mbps. That means I should theoretically be able to transfer up to 641.6 GB in a month. They place a 20 GB/month limit on my data transfer and throttle me down to 0.3mbps after. Are they really selling me a 2mbps connection?

      Really, if I used the connection to it's full potential I would be throttled before a 24 hour period is up.

      Now you say I should pay more to be able to fully utilize the potential of the connection? Netflix CEO has stated that it costs less than $0.005/GB to transfer data (note that deployment costs are not included in this as those costs are recouped by the "access" charge on your bill). We're strictly talking the cost of operating/maintaining the network. The company in question wants to charge $1.95/GB or ~$1,212/month for me to utilize the 2mbps I pay for every month.

      This is the connection I'm on now, it's actually advertised as up to 7mbps but due to my distance to the tower it's only 2mbps. In addition to the throttling described they also throttle P2P. I'm on it because there are no other high speed options in my area save satellite internet which is even more expensive.

    15. Re:Very cool tool by CCarrot · · Score: 2

      If you pay for a given speed, but the ISP has more capacity than that, then they have to throttle you to the speed you paid for in order to guarantee their other customers the speed they paid for.

      Indeed. Because my biggest issue with my ISP is that I'm always getting way more bandwidth than they promised when I signed up. Damn those tricky bastards!

      Bandwidth overcommitment seems to be a viable business model for ISP's, mostly because the average Joe doesn't know how to verify that he's getting the speed he's paying for. Except at 3 in the morning on a Tuesday, it's rare for us to see speeds even close to what we signed up for. Trouble is, if we sign up for a 'lighter' package, then we're opening ourselves up to being throttled even at 3 am...

      What would be interesting to see is an ISP that charged based on actual bandwidth availability throughout the day * usage. So if you use it heavily in the afternoon and evening, but bandwidth is chopped back drastically because of all the other people in your neighborhood streaming the latest talking dog video, well, at least your bill at the end of the month is less bruising. If you use it heavily at 3 in the morning, and your bandwidth is exceptional, then expect to pay more for it this month. Perhaps this would 'encourage' ISP's to upgrade their infrastructure to capture all that 'lost revenoo'...and in turn provide their customers with speedier, more reliable connections when they need it the most.

      --
      "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
    16. Re:Very cool tool by MightyYar · · Score: 2

      I believe they bring more trains online (yes/no?)

      The same thing happens in the US - we have "unlimited ride" cards in many cities. Most of the time it works well - they anticipate demand properly and capacity isn't a problem. Once in a while something happens (breakdown, special event, etc) and demand exceeds supply. Then you end up with standing-room only, late trains as they take too long to load and unload, and even denial of service.

      I happen to think the analogy is perfect :)

      In all seriousness. I think for non-critical uses like home, the "unlimited ride" model is just fine. For a critical business, or if you are willing to pay for the luxury, then the "ticket" model is better. The key difference is that if the train company oversells your train, they have to compensate you in some way for the loss of service.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    17. Re:Very cool tool by maxwell+demon · · Score: 2

      No, they don't have to throttle.

      If they sell you 6Mb/s, but your connection would technically support 16Mb/s, how else should they make sure that you don't use the other 10Mb/s which they might have reserved for other customers paying for them?

      They are oversold and they are throttling and NOT DELIVERING WHAT WE PAID FOR.

      Maybe. But then the problem is not the throttling, but the overselling.

      --
      The Tao of math: The numbers you can count are not the real numbers.
  2. article without the stupid "skip ad or wait" page by rbrausse · · Score: 3, Informative

    Software set to track 'net neutrality'

  3. Not what I expected by sgt+scrub · · Score: 2

    I thought he had designed something to check for changes in window sizes or dropped ack packets. It sounds like he is doing a side by side comparison of traffic rates with the first router after the ISP being the n00ter. It would be nice to have a link to a project page.

    --
    Having to work for a living is the root of all evil.
    1. Re:Not what I expected by Anonymous Coward · · Score: 2, Interesting

      Say Google is 50ms slower than Bing. Is this because of the ISP, or the routers and myriad server and path differentials between the ISP and Google, vs. the ISP and Bing? Can't tell, it's all conflated. We have to normalize the connection between the two sites, to measure if the ISP is using policy to alter QoS. Here's how we do this with n00ter.

      Start with a VPN, that creates an encrypted link from a Client to a broker/concentrator. An IP at the Broker talks plaintext with Google and Bing, who replies to the Broker. The Broker now encrypts the traffic back to the Client.

      Policy can't differentiate Bing traffic from Google traffic, it's all encrypted.

      Now, lets change things up -- let's have the Broker push the response traffic from Google and Bing, completely in the open. In fact, lets have it go so far as to spoof traffic from the original sources, making it look like there isn't even a Broker in place. There's just nice clean streams from Google and Bing.

      If traffic from the same host, being sent over the same network path, but looking like Google, arrives faster (or slower) than traffic that looks like it came from Bing, then there's policy differentiating Google from Bing.

      Now, what if the policy is only applied to full flows, and not half flows? Well, in this case, we have one session that's a straight normal download from Bing. Then we have another, where the entire client->server path is tunneled as before, but the Broker immediately emits the tunneled packets to Bing *spoofing the Client's IP address*. So basically we're now comparing the speed of a full legitimate flow to Bing, with a half flow. If QoS differs -- as it would, if policy is only applied to full flows, then once again the policy is detected.

      I call this client->server spoofing mode Roto-N00ter.

      There's more tricks, but this is what N00ter's up to in a nutshell. It should work for anything IP based -- if you want to know if XBox360 traffic routes faster than PS3 traffic, this'll tell you.

  4. Re:and where is it? by ProfanityHead · · Score: 3, Informative

    no link to the actual tool?!? wtf

    Article said "released" and "will release shortly". Take your pick I guess?

    At the Black Hat security conference in Las Vegas Wednesday, Kaminsky released a free software tool for detecting when an Internet service provider (ISP) is artificially slowing down or speeding up traffic to and from a website, a program the well-known security researcher is calling N00ter, or “neutral router.”

    Then:

    N00ter, a tool that Kaminsky plans to release in coming weeks

  5. Re:legal? by PopeRatzo · · Score: 2

    Nice, but is it legal?

    Why would it not be legal?

    Is there a law that says "all traffic on the internet has to be what it looks like"?

    --
    You are welcome on my lawn.
  6. Found a problem right here by Intron · · Score: 2

    has designed that oversight to tough to escape.

    I think the ISP must be scrambling the words from this web page.

    --
    Intron: the portion of DNA which expresses nothing useful.
  7. Re:legal? by Intron · · Score: 2

    Because law enforcement will use vaguely worded laws intended for something else, like "misusing a computer system" or "unauthorized access" against you if they decide you are a bad guy. And they decide you are a bad guy depending on who complains.

    --
    Intron: the portion of DNA which expresses nothing useful.