Blocking Network Packets – The Comcast Fiasco

Sometimes you just can’t be neutral. That, apparently, is the reasoning behind Comcast’s recently revealed actions regarding several peer-to-peer applications, including BitTorrent.

In case you haven’t been following the story, here’s a quick rundown.

It started five days ago when the Associated Press ran a story called “Comcast Blocks Some Internet Traffic.” In this story, the reporter, Peter Svensson, points out that Comcast was blocking P2P traffic by interfering with certain packet streams.

Each PC gets a message invisible to the user that looks like it comes from the other computer, telling it to stop communicating. But neither message originated from the other computer — it comes from Comcast. If it were a telephone conversation, it would be like the operator breaking into the conversation, telling each talker in the voice of the other: “Sorry, I have to hang up. Good bye.”

This may have never been major news except for two things: First, back in August, Comcast denied that it was doing this exact thing, Second, Ubuntu 7.10, Gutsy Gibbon, was released six days ago. And when the #1 Linux distribution in America is released, you can bet your sweet bippy that the FTP mirrors for it will get hammered, leading people to consider using BitTorrent to get it. Comcast users had problems getting Gutsy.

 Svensson would go on to explain exactly how the tests were conducted and how Comcast was specifically blocking the traffic in a follow-up article. They used a copy of the (public domain) King James Bible and tried to download it to, and from, Comcast subscribers via the BitTorrent protocol.

In two out of three tries, the transfer was blocked. In the third, the transfer started only after a 10-minute delay.

According to Svensson, what was happening was that Comcast was inserting RST (Reset) packets into the communication – but forging the address to make it look like it was coming from either the sender’s or recipient’s computer. Packet capture and analysis showed that neither computer was sending these RST packets. It was originating from the middle – from Comcast. Furthermore, they tested via a Time Warner Cable connection and found that Comcast was sending these reset packets to subscribers to other networks as well.

Peter Eckersley of the Electronic Frontier Foundation then got into the action with an investigation of his own, showing that the same thing happens when you use a Gnutella P2P node, or, even, as Kevin Kanarski found out, when you use IBM’s Lotus Notes with Domino.

As you can see from these traces, the Notes client saw the RST packets coming from the Domino server IP and the Domino server saw the RST packets coming from the Notes client PC. However the trace doesn’t show either one of them sending the RST packets which means something on the network in between was sending them.

At this point, the story blows up and is all around the Web – with many different angles to it.

The first angle I want to look at is the angle of quality of service and the end-user experience.

In a prepared statement, Comcast representative Charlie Douglas said that: “Comcast does not block access to any Web sites or online applications, including peer-to-peer activity like BitTorrent.” The AP test seems to prove that statement inaccurate – or at least, imply that Comcast is playing a very slick semantic game with the meaning of “block.” Some BT data is being blocked. Some BT data isn’t. What are accurate things to say is that Comcast is interfering in access to BitTorrent. It would also be accurate to say that Comcast is intentionally degrading the quality of service to BitTorrent.

This is important because all defenses of Comcast begin and end with the idea that if Comcast does degrade BitTorrent traffic, it does so out of altruistic goals to serve all of its subscribers. Or, as Comcast put it in a statement, “We have a responsibility to provide all of our customers with a good Internet experience and we use the latest technologies to manage our network so that they can continue to enjoy these applications.”

But clearly, for BitTorrent (and IBM Lotus Notes users) the end-user experience is being worsened. Does that mean everyone else’s access is being improved? Not very likely.

See, BitTorrent gets lumped in with Napster as a peer-to-peer tool, but it does so unfairly, in my opinion. BitTorrent is, ultimately a tool used to improve the quality of service and, in its own way, improve network performance. On the client end, it improves the quality of service through faster downloads. On the server end, it improves the quality of service through reduced bandwidth requirements.

But Comcast, according to the AP, degraded the performance of BitTorrent and then expressly said that they weren’t. That can cause end-users to think that BitTorrent is an unreliable application. The end-user then prefers more traditional methods of downloading large files – FTP, IRC, UseNet, etc. These methods take up more overall bandwidth than BitTorrent would have. In such a manner, Comcast’s blocking of BitTorrent degrades quality of service for the Internet as a whole.

Here’s another angle: If the claims made by the Associated Press are true, Comcast is not only sending these reset packets without disclosing so to customers, but also that these RST packets look like they’re coming from “spoofed” or “forged” IP addresses – the sender thinks these packets are coming from the receiver, and the receiver thinks these packets are coming from the sender. However, as studies by the AP and others have shown, they’re coming from neither – or more bluntly, they’re coming from Comcast.

These forged IP addresses can complicate the troubleshooting and delay mean time to repair of networking problems. Quite frankly, because Comcast is allegedly sending out false information, the engineers don’t have the information they need to solve problems. You can only imagine the frustration of a network engineer, called up by an irate C-level executive, who wants to know why Lotus Notes isn’t responding when he tries to access the server from home. The engineer tests the packets and finds that the executive’s computer is sending out excessive reset packets. The engineer then goes out to check on the executive’s computer, only to find that the server is now sending out the packets.

Now the engineer can call in IBM, but they won’t know what’s going on, only that some users are reporting excessive reset packets. The company might go so far as to dump Lotus Notes and go with a different solution – which means IBM has lost money.

It gets worse. Forged IP addresses are essentially “impersonating” another person’s computer. If Comcast did this while denying it was doing so, it can also be argued that this “impersonation” was an attempt to “defraud.” Even if Comcast gets explicit permission to do exactly this in Comcast subscribers’ terms of service, they do not get the permission of people on other networks, accessing a Comcast subscriber’s computer in a P2P session.

Further complicating this is the fact that BitTorrent, Inc., the company whose founder invented BitTorrent, has recently gotten distribution deals which allow BitTorrent, Inc., to sell legal downloads of television shows online. These are the same television shows that are also available via Comcast’s cable television service. That may make Comcast’s alleged throttling of BitTorrent traffic at best a conflict of interest, at worst, “anti-competitive behavior.”

We’re not lawyers, but we’re pretty sure these issues could put Comcast in legal hot water. Even if not, it is a major customer service problem from a company notorious for bad customer service. Comcast is the cable company in the YouTube video where the cable installer spent so much time on hold that he ended up falling asleep on the customer’s couch. Comcast also, as far back as 2003, was threatening to disconnect – and followed through on disconnecting – customers who used “too much” bandwidth on an Unlimited Bandwidth plan, while refusing to disclose where, exactly, the bandwidth cap lies, and gallingly insisting that there was no bandwidth cap.

In fact, a 75 year old woman walked into a Comcast branch office, started smashing stuff with a claw hammer, and the Washington Post began the story with the lede:

“Sometimes truly American virtues arise in outlaws who — by dint of heroic but questionable endeavors — display the mettle of the national character.”

This customer service problem is so great that Advertising Age said that Comcast should spend less money on advertising in order to improve its customer service. When the trade magazine for the advertising industry tells you that you need to do less advertising, and one of its major columnists declares a “Consumer Jihad” and titles the article, “Comcast Must Die” you’ve got a major problem.

Journalistic ethics also demand that a reporter try to get all sides of the story, and you’ll have noticed thus far that we’ve not shown Comcast’s side. However, the Comcast representative I spoke to was only willing to answer questions “on background.” This is how someone at Comcast spoke to the New York Times, and apparently, the New York Times has no problem with that arrangement.

But, I don’t believe that Comcast reps should be speaking on background. “On background,” I reserve for people who could lose jobs or face physical harm for whistleblowing and talking about something that is of vital information. I couldn’t think of any reason a Comcast representative couldn’t talk about Comcast’s policies on the record. That’s why there’s nobody from Comcast telling their side of the story in this article.

Sometimes you just can’t be neutral.





70 Responses to Blocking Network Packets – The Comcast Fiasco

  1. Great post lurker about the Sandvine. I didn't even know about the product. They even have a graph here that shows how P2P, including bittorrent is suppressed using their hardware:

    http://www.sandvine.com/solutions/p2p_policy_mngm

    And it is also a good point about the malfunctioning router too. A malfunction could account for "round robin" outages that people have noted- the service works sometimes, then it doesn't. Also, it could be a misconfigured IDS, many of which sends TCP resets when it detects malicious traffic.

    Most likely its sandvine working like its programmed to.

    • Is there anything there about SandVine forging RST packets? Their site seems to indicate that they just deprioritize traffic passing across the network if it looks like P2P traffic. That's quite different.

      • I read their site and I came to the same conclusion as you: Sandvine is just packet analysis + QoS. It enables them to detect P2P and deprioritize it, or route it differently. It does not block it or use packet forgery.

        I've also e-mailed Sandvine in hopes that they will shed some light on the matter. I dislike Comcast very much, but this isn't a witch hunt. We need to have facts before we throw away the key.

  2. That was an excellent article.

    ISPs should not take responsibility for their users actions for misuse of a legitimate tool and service. Plain and simple.

    • That is nice. Except for that Comcast is not taking responsibility. They don't need to and they won't, ever.

      What they are doing, to prevent being given this responsibility, is imposing a possible illegal method to deter legal and illegal use of P2P clients.

      And even without delving into the ethical and moral problems of illegal downloading, I could tell you that Comcast is definitely the criminal here.

  3. That was an excellent article.

    ISPs should not take responsibility for their users actions for misuse of a legitimate tool and service. Plain and simple.

    • That is nice. Except for that Comcast is not taking responsibility. They don’t need to and they won’t, ever.

      What they are doing, to prevent being given this responsibility, is imposing a possible illegal method to deter legal and illegal use of P2P clients.

      And even without delving into the ethical and moral problems of illegal downloading, I could tell you that Comcast is definitely the criminal here.

  4. Kiltak,

    I was thinking about writing about this issue as well. Mostly from the POV that I really can't stand the EFF, who are trying to insert themselves into this whole issue.

    Bottom line is that network operators can run their networks any way they like. That is an indisputable fact.

    Whether or not the customers want to pay for such nonsense is the real question here, and as Kiltak listed, reasons to ditch Comcast for a better ISP are many and varied. I did it too and went with Verizon FIOS.

    One thing I wanted to point out that was not altogether correct:

    Forged IP addresses are essentially “impersonating” another person’s computer.

    TCP resets can be generated by any device along the communication path. Most likely this was done by a router. But content filters, Intrusion Detection Systems and other appliances are also capable of doing this. And no, its not illegal, nor is it "impersonating" a computer. Its a valid security countermeasure.

    I have also wondered about the liability issue involved in this. Is Comcast protecting their own liability by denying P2P applications? It could be argued by copyright holders such as the MPAA and RIAA that, given the availability of the technology to block illegal filesharing, major ISP's that do not employ such technology are complicit in the illegal distribution. Comcast may be playing CYA by doing this, I don't know. They may also have agreements in place with the RIAA and MPAA to do this as well.

    It will be interesting to see how this unfolds.

    • Comcast is a reseller of internet bandwidth to your household. As far as they are concerned, they should not be the deciding factor of what traffic goes to and from your house.

      This isn't a work network where internet access is a "luxury" that you can do without while on the job. This is a service you pay for with the reasonable expectation that you will get what you pay for.

      Torrent is used legitimately for many files, most notably World of Warcraft. A video game with over 8 million players world wide. Blizzard uses the torrent protocol as its primary distribution method for both the game (downloadable on its website) and their patches.

      The "torrent" protocol is not a "file sharing service" such as Napster or Kazaa, but a protocol as a method of distribution similar to that of FTP or HTTP.

    • Network operators are absolutely not allowed to run their networks any way they like, particularly not major ISPs constrained by common carrier rules. In addition to their user agreements and their peering agreements, they're constrained by a whole host of statutes and FCC regulations — the DMCA, CALEA, the FTA, etc.

      There's never been a court case holding that P2P is per se illegal. Ever. Even in the case of copyrighted content, you don't have to give notice to the user, but you have to get a takedown request first. There is absolutely no rule on traffic shaping or preemptive action, let alone offensive countermeasures by an ISP. None.

      I'm really not sure what your rationale is for characterizing forged termination packets coming from forged IP addresses in the putative interest of traffic shaping as a "legitimate security measure," but I'd be curious to hear your explanation for that one, too.

  5. Kiltak,

    I was thinking about writing about this issue as well. Mostly from the POV that I really can’t stand the EFF, who are trying to insert themselves into this whole issue.

    Bottom line is that network operators can run their networks any way they like. That is an indisputable fact.

    Whether or not the customers want to pay for such nonsense is the real question here, and as Kiltak listed, reasons to ditch Comcast for a better ISP are many and varied. I did it too and went with Verizon FIOS.

    One thing I wanted to point out that was not altogether correct:

    Forged IP addresses are essentially “impersonating” another person’s computer.

    TCP resets can be generated by any device along the communication path. Most likely this was done by a router. But content filters, Intrusion Detection Systems and other appliances are also capable of doing this. And no, its not illegal, nor is it “impersonating” a computer. Its a valid security countermeasure.

    I have also wondered about the liability issue involved in this. Is Comcast protecting their own liability by denying P2P applications? It could be argued by copyright holders such as the MPAA and RIAA that, given the availability of the technology to block illegal filesharing, major ISP’s that do not employ such technology are complicit in the illegal distribution. Comcast may be playing CYA by doing this, I don’t know. They may also have agreements in place with the RIAA and MPAA to do this as well.

    It will be interesting to see how this unfolds.

    • Comcast is a reseller of internet bandwidth to your household. As far as they are concerned, they should not be the deciding factor of what traffic goes to and from your house.

      This isn’t a work network where internet access is a “luxury” that you can do without while on the job. This is a service you pay for with the reasonable expectation that you will get what you pay for.

      Torrent is used legitimately for many files, most notably World of Warcraft. A video game with over 8 million players world wide. Blizzard uses the torrent protocol as its primary distribution method for both the game (downloadable on its website) and their patches.

      The “torrent” protocol is not a “file sharing service” such as Napster or Kazaa, but a protocol as a method of distribution similar to that of FTP or HTTP.

    • Network operators are absolutely not allowed to run their networks any way they like, particularly not major ISPs constrained by common carrier rules. In addition to their user agreements and their peering agreements, they’re constrained by a whole host of statutes and FCC regulations — the DMCA, CALEA, the FTA, etc.

      There’s never been a court case holding that P2P is per se illegal. Ever. Even in the case of copyrighted content, you don’t have to give notice to the user, but you have to get a takedown request first. There is absolutely no rule on traffic shaping or preemptive action, let alone offensive countermeasures by an ISP. None.

      I’m really not sure what your rationale is for characterizing forged termination packets coming from forged IP addresses in the putative interest of traffic shaping as a “legitimate security measure,” but I’d be curious to hear your explanation for that one, too.

  6. Kiltak,

    I was thinking about writing about this issue as well. Mostly from the POV that I really can’t stand the EFF, who are trying to insert themselves into this whole issue.

    Bottom line is that network operators can run their networks any way they like. That is an indisputable fact.

    Whether or not the customers want to pay for such nonsense is the real question here, and as Kiltak listed, reasons to ditch Comcast for a better ISP are many and varied. I did it too and went with Verizon FIOS.

    One thing I wanted to point out that was not altogether correct:

    Forged IP addresses are essentially “impersonating” another person’s computer.

    TCP resets can be generated by any device along the communication path. Most likely this was done by a router. But content filters, Intrusion Detection Systems and other appliances are also capable of doing this. And no, its not illegal, nor is it “impersonating” a computer. Its a valid security countermeasure.

    I have also wondered about the liability issue involved in this. Is Comcast protecting their own liability by denying P2P applications? It could be argued by copyright holders such as the MPAA and RIAA that, given the availability of the technology to block illegal filesharing, major ISP’s that do not employ such technology are complicit in the illegal distribution. Comcast may be playing CYA by doing this, I don’t know. They may also have agreements in place with the RIAA and MPAA to do this as well.

    It will be interesting to see how this unfolds.

  7. Comcast is a reseller of internet bandwidth to your household. As far as they are concerned, they should not be the deciding factor of what traffic goes to and from your house.

    They are not a "reseller of bandwidth." To be a reseller, you have to purchase it from someone to sell it to someone else. Are you implying that there is a group of people sitting on bandwidth and Comcast buys it and then resells it to the end user?

    And they should absolutely be concerned about what traffic flows in and out of your house. I bet you don't know it, but Comcast disallows all SMTP traffic from their end users too. If you want to send email outbound, you have to use one of their smtp gateways, and, because smtp is a clear text protocol, they can and probably do, sniff the traffic.

    They block smtp because so many of the viruses and worms turn hosts into spam bots now. They sniff the traffic to make sure that no spam is originating from their network. Funny how no one complains about this aspect of their internet security. People want to whine about blocking WoW, but are silent about Comcast reading their email.

    • They are not a “reseller of bandwidth.” To be a reseller, you have to purchase it from someone to sell it to someone else. Are you implying that there is a group of people sitting on bandwidth and Comcast buys it and then resells it to the end user?

      they are called Tier 1 providers

      while I'm sure Comcast has some settlement free peering arrangements, they also purchase bandwidth from larger ISPs

  8. Comcast is a reseller of internet bandwidth to your household. As far as they are concerned, they should not be the deciding factor of what traffic goes to and from your house.

    They are not a “reseller of bandwidth.” To be a reseller, you have to purchase it from someone to sell it to someone else. Are you implying that there is a group of people sitting on bandwidth and Comcast buys it and then resells it to the end user?

    And they should absolutely be concerned about what traffic flows in and out of your house. I bet you don’t know it, but Comcast disallows all SMTP traffic from their end users too. If you want to send email outbound, you have to use one of their smtp gateways, and, because smtp is a clear text protocol, they can and probably do, sniff the traffic.

    They block smtp because so many of the viruses and worms turn hosts into spam bots now. They sniff the traffic to make sure that no spam is originating from their network. Funny how no one complains about this aspect of their internet security. People want to whine about blocking WoW, but are silent about Comcast reading their email.

    • They are not a “reseller of bandwidth.” To be a reseller, you have to purchase it from someone to sell it to someone else. Are you implying that there is a group of people sitting on bandwidth and Comcast buys it and then resells it to the end user?

      they are called Tier 1 providers

      while I’m sure Comcast has some settlement free peering arrangements, they also purchase bandwidth from larger ISPs

  9. I don't work for Comcast, but I do work for another large cable provider.

    Why, exactly, do you suppose that the Comcast rep you found would only speak with you "on background"? Get real. You say you only reserve that for whistle-blowers, etc… in effect, that's what that person was offering to be, and was fearful of reprisals.

    Better luck next time. The resulting content might have been eye-opening.

    • "Get real. You say you only reserve that for whistle-blowers, etc… in effect, that’s what that person was offering to be, and was fearful of reprisals."

      As someone who has spoken with Comcast for stories, that's not accurate. They often only want to speak "on background," and on a multitude of issues (faster speeds, caps, throttling). They're not alone.

      It stems from a desire to be able control the message being sent to the press, which is why when they speak on the record, it's usually only in lawyer-approved snippets.

      The article's interpretation of what "on background" should mean is accurate. Comcast instead uses it to ensure that nobody employed veers from the script in publicly quoted comments…

  10. I don’t work for Comcast, but I do work for another large cable provider.

    Why, exactly, do you suppose that the Comcast rep you found would only speak with you “on background”? Get real. You say you only reserve that for whistle-blowers, etc… in effect, that’s what that person was offering to be, and was fearful of reprisals.

    Better luck next time. The resulting content might have been eye-opening.

    • “Get real. You say you only reserve that for whistle-blowers, etc… in effect, that’s what that person was offering to be, and was fearful of reprisals.”

      As someone who has spoken with Comcast for stories, that’s not accurate. They often only want to speak “on background,” and on a multitude of issues (faster speeds, caps, throttling). They’re not alone.

      It stems from a desire to be able control the message being sent to the press, which is why when they speak on the record, it’s usually only in lawyer-approved snippets.

      The article’s interpretation of what “on background” should mean is accurate. Comcast instead uses it to ensure that nobody employed veers from the script in publicly quoted comments…

  11. My first reaction was thinking was that this was not Comcast, the but RIAA attempting to disrupt P2P with bots which had just gotten onto the wrong torrent. I quickly realized that this scenario is incorrect due to details in the article and the fact that it is technically impossible because you cannot just inject packets into the a TCP data stream without knowing the sequence numbers.

    There are only two computers that have the sequence number information, the sender and the receiver. To inject packets requires knowledge of this information, and this is very difficult to obtain unless you have direct access to the backbone. Since Comcast owns the backbone, they obviously do.

    Even though it is possible that Comcast is injecting TCP RST packets, is it probable? This is not a normal task and it is not a simple task to program something this sophisticated. What benefit does this have over simply reducing the priority of P2P packets using existing QoS scheduling? This is built into many existing routers and doesn't require Comcast to pay developers to create this software.

    At this point I would suggest that they are not attempting to disrupt traffic. I think it more likely they have a malfunctioning router. Some advanced routers do manipulate and spoof TCP headers in an attempt to accelerate transfer speed. It wouldn't be surprising to me if an incompetent Comcast engineer screwed it up.

    • At this point I would suggest that they are not attempting to disrupt traffic. I think it more likely they have a malfunctioning router. Some advanced routers do manipulate and spoof TCP headers in an attempt to accelerate transfer speed. It wouldn’t be surprising to me if an incompetent Comcast engineer screwed it up.

      You need to catch up on the story. Comcast is using SandVine to shape traffic. They have admitted so recently in the comcast help forums.

      • While it's quite possible that this isn't a companywide policy — maybe some vengeful sysadmin with access to one of the backbone routers, sure — it strikes me as highly unlikely that a router malfunction would cause a router to send reset packets with cross-forged IP addresses.

        There's no way that's not deliberate. I'm also skeptical that ComCast would do anything quite this stupid as a matter of corporate policy, but I can't see how it could be an accident either.

        • "There’s no way that’s not deliberate. I’m also skeptical that ComCast would do anything quite this stupid as a matter of corporate policy, but I can’t see how it could be an accident either."

          The more I read, the less I believe that it is deliberate. Traffic shaping is widely used, but the method described is way beyond that. As BelchSpeak stated, this might be a misconfigured IDS system.

        • "As BelchSpeak stated, this might be a misconfigured IDS system."

          I've never heard of an IDS that would send cross-forged RST packets to two systems simultaneously, as reported in one of the above articles. Cisco's IDS, e.g., only tries to terminate the identified attacker's connection. That's the part that strikes me as suspect.

      • I'm aware of the news, but I don't buy into the hype at this point. I do not consider the Comcast help forums to be a reliable source.

        I do not doubt they are using traffic shaping. All major ISPs have QoS implemented in some way, shape or form. What I would be surprised about is if they are using the suggested method.

  12. My first reaction was thinking was that this was not Comcast, the but RIAA attempting to disrupt P2P with bots which had just gotten onto the wrong torrent. I quickly realized that this scenario is incorrect due to details in the article and the fact that it is technically impossible because you cannot just inject packets into the a TCP data stream without knowing the sequence numbers.

    There are only two computers that have the sequence number information, the sender and the receiver. To inject packets requires knowledge of this information, and this is very difficult to obtain unless you have direct access to the backbone. Since Comcast owns the backbone, they obviously do.

    Even though it is possible that Comcast is injecting TCP RST packets, is it probable? This is not a normal task and it is not a simple task to program something this sophisticated. What benefit does this have over simply reducing the priority of P2P packets using existing QoS scheduling? This is built into many existing routers and doesn’t require Comcast to pay developers to create this software.

    At this point I would suggest that they are not attempting to disrupt traffic. I think it more likely they have a malfunctioning router. Some advanced routers do manipulate and spoof TCP headers in an attempt to accelerate transfer speed. It wouldn’t be surprising to me if an incompetent Comcast engineer screwed it up.

    • At this point I would suggest that they are not attempting to disrupt traffic. I think it more likely they have a malfunctioning router. Some advanced routers do manipulate and spoof TCP headers in an attempt to accelerate transfer speed. It wouldn’t be surprising to me if an incompetent Comcast engineer screwed it up.

      You need to catch up on the story. Comcast is using SandVine to shape traffic. They have admitted so recently in the comcast help forums.

      • While it’s quite possible that this isn’t a companywide policy — maybe some vengeful sysadmin with access to one of the backbone routers, sure — it strikes me as highly unlikely that a router malfunction would cause a router to send reset packets with cross-forged IP addresses.

        There’s no way that’s not deliberate. I’m also skeptical that ComCast would do anything quite this stupid as a matter of corporate policy, but I can’t see how it could be an accident either.

        • “There’s no way that’s not deliberate. I’m also skeptical that ComCast would do anything quite this stupid as a matter of corporate policy, but I can’t see how it could be an accident either.”

          The more I read, the less I believe that it is deliberate. Traffic shaping is widely used, but the method described is way beyond that. As BelchSpeak stated, this might be a misconfigured IDS system.

        • “As BelchSpeak stated, this might be a misconfigured IDS system.”

          I’ve never heard of an IDS that would send cross-forged RST packets to two systems simultaneously, as reported in one of the above articles. Cisco’s IDS, e.g., only tries to terminate the identified attacker’s connection. That’s the part that strikes me as suspect.

      • I’m aware of the news, but I don’t buy into the hype at this point. I do not consider the Comcast help forums to be a reliable source.

        I do not doubt they are using traffic shaping. All major ISPs have QoS implemented in some way, shape or form. What I would be surprised about is if they are using the suggested method.

  13. I'd have to see what the Comcast user agreement reads like. Most of my user-level agreements with ISP's (in fact, as far as I know, all of them) have had a clause disallowing users from running servers of any kind on their systems, and P2P has usually been explicitly included in that prohibition.

    I don't think its particularly good business to deny your customers a valuable service and then be less than forthcoming about it, but P2P has always been one of applications that is limited under user agreements with ISP's, in Canada anyway. If Comcast has similar rules about P2P on its books, then not only are they within their rights to restrict their own users from P2P networks, but they also have the right to block others from P2P connections to Comcast users.

    • I would be very surprised is the Comcast user agreement allows them to falsify data that interferes with software running on their users' computers. At most there's usually a terminate-without-cause provision. Blocking P2P traffic is significantly different from sending bad termination commands to software on an end-user's computer when you can't be entirely sure what that software's being used for. I'm not sure about Canada's rules governing P2P, but I'm quite certain there's no legal basis for that in the US.

  14. I’d have to see what the Comcast user agreement reads like. Most of my user-level agreements with ISP’s (in fact, as far as I know, all of them) have had a clause disallowing users from running servers of any kind on their systems, and P2P has usually been explicitly included in that prohibition.

    I don’t think its particularly good business to deny your customers a valuable service and then be less than forthcoming about it, but P2P has always been one of applications that is limited under user agreements with ISP’s, in Canada anyway. If Comcast has similar rules about P2P on its books, then not only are they within their rights to restrict their own users from P2P networks, but they also have the right to block others from P2P connections to Comcast users.

    • I would be very surprised is the Comcast user agreement allows them to falsify data that interferes with software running on their users’ computers. At most there’s usually a terminate-without-cause provision. Blocking P2P traffic is significantly different from sending bad termination commands to software on an end-user’s computer when you can’t be entirely sure what that software’s being used for. I’m not sure about Canada’s rules governing P2P, but I’m quite certain there’s no legal basis for that in the US.

  15. What about Comcast as a common carrier argument?

    As I understand it, the reason internet providers are not culpable for illegal or infringing content flowing through their systems is they, like phone and delivery companies, are considered common carriers. In exchange for lack of responsibility, they don't inspect, or discriminate based on the contents of their payloads.

    Comcast actions would seem to remove the common carrier shield. They would then be open to lawsuits by the RIAA and MPAA for unauthorized content on their network, and being an accessory when their subscribers perform or plan illegal acts on their system.

    • Bingo. Between this and the rumors that they've been messing with political emails, they should be seriously thinking about whether they're putting their safe-harbor protections at risk. The problem isn't so much that they're not being content-neutral (though that's debatable), but that they've got deep pockets. They're an attractive litigation target.

      Their likely defense would be that they were merely protecting their network (same reason no one would complain about port 25 blocking), but whether that flies largely depends on how deeply they're looking into the packets.

      The fact that they were allegedly falsifying data by sending disconnect packets makes the situation much, much dicier for them — while port blocking and traffic rate limiting is one thing, interfering with software on the end user's computer is probably not covered under the TOS nor any law that I'm aware of.

      That's the possible backdoor into the content-neutrality/safe-harbor issue, but it also raises an entirely different set of legal concerns from their users — sending bad data like that is dangerously close (from a legal perspective) to the regulations against DoS attacks.

      They're really treading on thin ice, here.

  16. What about Comcast as a common carrier argument?

    As I understand it, the reason internet providers are not culpable for illegal or infringing content flowing through their systems is they, like phone and delivery companies, are considered common carriers. In exchange for lack of responsibility, they don’t inspect, or discriminate based on the contents of their payloads.

    Comcast actions would seem to remove the common carrier shield. They would then be open to lawsuits by the RIAA and MPAA for unauthorized content on their network, and being an accessory when their subscribers perform or plan illegal acts on their system.

    • Bingo. Between this and the rumors that they’ve been messing with political emails, they should be seriously thinking about whether they’re putting their safe-harbor protections at risk. The problem isn’t so much that they’re not being content-neutral (though that’s debatable), but that they’ve got deep pockets. They’re an attractive litigation target.

      Their likely defense would be that they were merely protecting their network (same reason no one would complain about port 25 blocking), but whether that flies largely depends on how deeply they’re looking into the packets.

      The fact that they were allegedly falsifying data by sending disconnect packets makes the situation much, much dicier for them — while port blocking and traffic rate limiting is one thing, interfering with software on the end user’s computer is probably not covered under the TOS nor any law that I’m aware of.

      That’s the possible backdoor into the content-neutrality/safe-harbor issue, but it also raises an entirely different set of legal concerns from their users — sending bad data like that is dangerously close (from a legal perspective) to the regulations against DoS attacks.

      They’re really treading on thin ice, here.

  17. Great post lurker about the Sandvine. I didn't even know about the product. They even have a graph here that shows how P2P, including bittorrent is suppressed using their hardware:

    http://www.sandvine.com/solutions/p2p_policy_mngm

    And it is also a good point about the malfunctioning router too. A malfunction could account for "round robin" outages that people have noted- the service works sometimes, then it doesn't. Also, it could be a misconfigured IDS, many of which sends TCP resets when it detects malicious traffic.

    Most likely its sandvine working like its programmed to.

    • Is there anything there about SandVine forging RST packets? Their site seems to indicate that they just deprioritize traffic passing across the network if it looks like P2P traffic. That’s quite different.

      • I read their site and I came to the same conclusion as you: Sandvine is just packet analysis + QoS. It enables them to detect P2P and deprioritize it, or route it differently. It does not block it or use packet forgery.

        I’ve also e-mailed Sandvine in hopes that they will shed some light on the matter. I dislike Comcast very much, but this isn’t a witch hunt. We need to have facts before we throw away the key.

  18. omg, you said 'you can bet your sweet bippy". far out, i haven't heard that one in a long time. it's 1969 again, sock it to me, baby. of course i've just revealed my age but that's ok. far out, man.

  19. omg, you said ‘you can bet your sweet bippy”. far out, i haven’t heard that one in a long time. it’s 1969 again, sock it to me, baby. of course i’ve just revealed my age but that’s ok. far out, man.

  20. comcast are arrogant a-holes. i know this from personal experience. they're like something from a 1970s South American dicatorship. they know they have no competition so they act accordingly. how did this happen in America?

    oh yeah, lobbying. they just bought it.

  21. comcast are arrogant a-holes. i know this from personal experience. they’re like something from a 1970s South American dicatorship. they know they have no competition so they act accordingly. how did this happen in America?

    oh yeah, lobbying. they just bought it.

  22. The one sticking point that bugs me – the one bit those who think Comcast is in the right to do what they like with their network is: In many areas, they are the only Internet provider. I currently live in rural Michigan and our Internet options are limited. We have no choice but to pick N provider, or go without Internet.

    When your only choice becomes a blocked/filtered/controlled/hampered choice, you really don't have choice. The lack of consumer choice means that it's now a monopoly with your packets in a vice grip.

  23. The one sticking point that bugs me – the one bit those who think Comcast is in the right to do what they like with their network is: In many areas, they are the only Internet provider. I currently live in rural Michigan and our Internet options are limited. We have no choice but to pick N provider, or go without Internet.

    When your only choice becomes a blocked/filtered/controlled/hampered choice, you really don’t have choice. The lack of consumer choice means that it’s now a monopoly with your packets in a vice grip.

  24. I don't think that Comcast would block torrent traffic, I just think their network sux and it chokes on it. So I switched back to Verizon. Sux to be in an area only served by Comcast.

  25. I don’t think that Comcast would block torrent traffic, I just think their network sux and it chokes on it. So I switched back to Verizon. Sux to be in an area only served by Comcast.

  26. What is most interesting about this is the fact that, inevitably, the establishment raises the bar on anti-democratic practices, intrusions into freedom etc., and brings about the evolution of the next generation of technology – what will be the solution from the p2p community?

    No-one should be surprised by this. The research carried out by the article's authors sounds legitiate and well conceived. The results indicate a deterministic scheme, not some more random malfunction.

    Comcast is no-doubt seen as a flgship in right-wing circles, including the RIAA and it's ilk, a flag-ship amongst neo-fascist practices being rolled out in the name of protecting profit margins in the decadent media industries. But this is the tip of the fascist iceberg people!!

    Politically and socially, this internet 'war' is perhaps the most interesting phenomenon. The establishment is claiming the moral high ground, and taking the opportunity to create and implement technologies which will be used against freedom of speech and freedom of activity per se, as suits the needs of the establishment and it's political and economic community.

    I note that encryption is now available in p2p client implementations. And what role might IPv6 play in all this? How is QoS and security balanced in an encapsulated protocol/content-type-agnostic scheme? Is it still true that the 'internet' is inherently a democratic space?

    Anti-terrorism legislation (enacted by the terrorists themselves!) and anti-piracy measures are, simply put, the vehicles for anti-democratic controls and intrusions.

  27. What is most interesting about this is the fact that, inevitably, the establishment raises the bar on anti-democratic practices, intrusions into freedom etc., and brings about the evolution of the next generation of technology – what will be the solution from the p2p community?

    No-one should be surprised by this. The research carried out by the article’s authors sounds legitiate and well conceived. The results indicate a deterministic scheme, not some more random malfunction.

    Comcast is no-doubt seen as a flgship in right-wing circles, including the RIAA and it’s ilk, a flag-ship amongst neo-fascist practices being rolled out in the name of protecting profit margins in the decadent media industries. But this is the tip of the fascist iceberg people!!

    Politically and socially, this internet ‘war’ is perhaps the most interesting phenomenon. The establishment is claiming the moral high ground, and taking the opportunity to create and implement technologies which will be used against freedom of speech and freedom of activity per se, as suits the needs of the establishment and it’s political and economic community.

    I note that encryption is now available in p2p client implementations. And what role might IPv6 play in all this? How is QoS and security balanced in an encapsulated protocol/content-type-agnostic scheme? Is it still true that the ‘internet’ is inherently a democratic space?

    Anti-terrorism legislation (enacted by the terrorists themselves!) and anti-piracy measures are, simply put, the vehicles for anti-democratic controls and intrusions.

  28. Pingback: Monday morning links serving: The October 29th edition | [Geeks Are Sexy] Technology News

  29. Pingback: BelchSpeak » Post Topic » Finally, Some Common Sense Thinking on ComCast and Net Neutrality

  30. Sorry folks, I'm not a geek and not that knowledgable about how these ISPs work, but I do know that after 6 or 7 years of receiving a Mac User Group newsletter in PDF form once a month, all of a sudden none of the users with a Comcast email address received the newsletter. All others did. Obviously Comcast was blocking our access to a perfectly harmless monthly newsletter. After the monthly meeting I had it sent to my Yahoo account and received it with no problem.

    We did a lot of griping about Roadrunner when we had that, but oh how I wish it was back!

    • Macuserme

      Obviously Comcast was blocking our access to a perfectly harmless monthly newsletter.

      Its a conspiracy, isn't it? Write your congressman.

      Or maybe Comcast is filtering all .pdf email attachments due to rampant viruses exploiting weaknesses in old versions of Adobe Acrobat reader. Thus, they are protecting their customers, the bastards.
      http://www.f-secure.com/weblog/archives/00001303….

  31. Sorry folks, I’m not a geek and not that knowledgable about how these ISPs work, but I do know that after 6 or 7 years of receiving a Mac User Group newsletter in PDF form once a month, all of a sudden none of the users with a Comcast email address received the newsletter. All others did. Obviously Comcast was blocking our access to a perfectly harmless monthly newsletter. After the monthly meeting I had it sent to my Yahoo account and received it with no problem.
    We did a lot of griping about Roadrunner when we had that, but oh how I wish it was back!

    • Macuserme

      Obviously Comcast was blocking our access to a perfectly harmless monthly newsletter.

      Its a conspiracy, isn't it? Write your congressman.

      Or maybe Comcast is filtering all .pdf email attachments due to rampant viruses exploiting weaknesses in old versions of Adobe Acrobat reader. Thus, they are protecting their customers, the bastards.
      http://www.f-secure.com/weblog/archives/00001303….

  32. “Or maybe Comcast is filtering all .pdf email attachments due to rampant viruses exploiting weaknesses in old versions of Adobe Acrobat reader. Thus, they are protecting their customers, the bastards.”

    Yeah.. hey how about you never ride in a car because you might get into a car accident.. You should also probably never have sex because you might get an STD.. and just to be on the safe side you shouldn’t ever watch an ‘R’ rated movie because it might corrupt your weak malleable mind.

    Looks like its staying at home masturbating to the Disney channel for you BelchSpeak.

  33. "Or maybe Comcast is filtering all .pdf email attachments due to rampant viruses exploiting weaknesses in old versions of Adobe Acrobat reader. Thus, they are protecting their customers, the bastards."

    Yeah.. hey how about you never ride in a car because you might get into a car accident.. You should also probably never have sex because you might get an STD.. and just to be on the safe side you shouldn't ever watch an 'R' rated movie because it might corrupt your weak malleable mind.

    Looks like its staying at home masturbating to the Disney channel for you BelchSpeak.

  34. Pingback: EFF Flogged Over Comcast Report

  35. Pingback: Comcast Does 180 on P2P blocking

  36. Pingback: Genetically Modified Turbine-Powered Rabbit