ISPs Violating Net Neutrality To Block Encryption

Dupple writes One of the most frequent refrains from the big broadband players and their friends who are fighting against net neutrality rules is that there's no evidence that ISPs have been abusing a lack of net neutrality rules in the past, so why would they start now? That does ignore multiple instances of violations in the past, but in combing through the comments submitted to the FCC concerning net neutrality, we came across one very interesting one that actually makes some rather stunning revelations about the ways in which ISPs are currently violating net neutrality/open internet principles in a way designed to block encryption and thus make everyone a lot less secure.

Competition urgently needed

[mi]

As long as the ISPs retain monopoly positions, they will be able to do as they please (or as the NSA pleases to make them do).

And once there is healthy competition among them, there will be no need for the rest of us to legislate every minutiae of their behavior.

Re:Competition urgently needed

[mi]

The rest of us believe that telecom is, was, and (for the foreseeable future) always will be a *natural* monopoly

Natural monopoly is a myth. A myth very convenient for and thus perpetuated by the government officials of various levels as it gives them undue power, but a myth nonetheless.

You can't have meaningful competition for building roads and sewers and power grids

Yes, you can. Tokyo has competing subway lines — why can't New York City? Your GPS is likely to show you several options for any route of appreciable lengths — why can't those different roads be privately-owned and compete?

For example, to leave New York you have many options (most of them requiring payment on top of the taxes) — why can't those bridges and tunnels be privately owned and compete with each other? Maybe, their new owners will consider high traffic a profit opportunity, rather than a burdensome nuisance — and seek to attract more drivers by innovation of both toll-collection and road-maintenance... I dunno, it works for supermarkets... Heck, some private (and disgustingly profit-driven) concern may even undertake building a new tunnel (or a bridge)...

it will always be vastly more efficient for a single entity to install and manage that physical data network, at least at the local level

Really? Why not? In the 20ie we had competing telephone companies — each running its own wires to buildings. Today Google is laying down its own fiber — to much rejoicing on this very site — and AT&T is planning its own alternative, despite your claims of it being "inefficient". Various markets have competing coax-cable providers already. The actual cable-laying is just a (small) part of providing Internet service... Though in theory a monopoly ought to be easier — and thus cheaper — to operate (in any market), in practice any benefit is quickly consumed by the inevitable arrogance of such providers and the concomitant drop of quality and rising end-user prices (any wins in the monopoly provider's costs are compensated for by their fattening up the profit-margins).

We should have made this transition decades ago, but for a variety of reasons didn't

Oh, it is not a "variety" of reasons — but a single one: our government followed that myth of "natural monopolies" and granted cable-TV providers monopoly rights in their respective markets. That law was rescinded in the mid-1990ies, but the damage was done...

Cisco firewall for filtering malware email

[raymorris]

The log matches a Cisco firewall attempting to block malware and such being sent out.
It replaces all unknown / unsupported smtp commands with XXXXXX.

http://www.cisco.com/c/en/us/t...

Cisco ASA

[backtick]

Google "250-XXXXXXXA asa cisco starttls" and you'll find this is almost certainly an ASA preventing TLS as configured on the device. Since it doesn't want TLS traffic, the config is to just mangle the packets. Well known effect, been around for years (5+). The FW admin needs to correctly deploy fixup, allow TLS or simply not inspect esmtp. Simple fix, documented in Cisco doc 118550, among many other places.

Re:No Carriers

[TechyImmigrant]

Agree. A good article would explain how it happens, such as on Cisco gear and how it may or may not be deliberate and would explain what you can do about it, e.g. use a VPN service.

Re:No Carriers

[DamnOregonian]

Disclaimer: I am a senior network engineer at a large regional ISP.

Transparent proxying, particularly on smtp is unfortunately commonly applied to residential connectivity, and there's little that can be done about it (short of blocking it entirely, which is what a lot of ISPs do).

When Joe User's windows machine gets infected and starts launching spam at the universe, if we don't catch it quick enough, it results in blocks. Sometimes if the infection is big, the blocks can happen to entire /24 subnets. In egregious cases, entire netblock allocations.

Usually, the transparent proxy is employed to limit the damage (number of IPs) that may be blocked in the event of a compromise. In this case, the proxy *should* support encryption, that part is inexcusable, however, we have to do something to protect our network from you guys.

Re:No Carriers

[Jane+Q.+Public]

What's really weird is this claim in OP:

One of the most frequent refrains from the big broadband players and their friends who are fighting against net neutrality rules is that there's no evidence that ISPs have been abusing a lack of net neutrality rules in the past, so why would they start now?

Since when? Comcast routinely throttled P2P and other traffic until the FCC forced them to stop, a couple of years ago.

Their method was to send fake reset packets. The only way they could do that is via deep packet inspection and intentionally messing with your "private" communication.