Forgot your password?
typodupeerror
Privacy

Comcast Gunning for NAT Users 979

Posted by timothy
from the thank-you-please-pay-again dept.
phillymjs writes: "A co-worker of mine resigned today. His new job at Comcast: Hunting down 'abusers' of the service. More specifically, anyone using NAT to connect more than one computer to their cable modem to get Internet access- whether or not you're running servers or violating any other Acceptable Use Policies. Comcast has an entire department dedicated to eradicating NAT users from their network. We knew this was coming since this Slashdot article from two months ago, but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday, and I'll be cancelling my Comcast cable modem early next week." Earthlink and Comcast have both been advertising lately their single-household, multi-computer services (and additional fees) -- probably amusing to many thousands of broadband-router owners, at least until the cable companies really crack down.
This discussion has been archived. No new comments can be posted.

Comcast Gunning for NAT Users

Comments Filter:
  • Adelphia (Score:4, Informative)

    by mknapp905 (527716) on Thursday January 24, 2002 @05:51PM (#2897085) Homepage
    Adelphia has it as part of their service agreement that you can have multiple devices on the network and the cable modem install techs will actually configure your linksys router for you when you sign up for the service.
  • by micromoog (206608) on Thursday January 24, 2002 @05:53PM (#2897116)
    If you don't like their single-user policy, DON'T AGREE TO IT. They have the right to structure their services just about any way they like, and to enforce that structure.

    If you don't like it, don't sign up. If you try to cheat on the policy with your l33tness and get caught, don't complain.

  • Wink wank (Score:1, Informative)

    by VAXGeek (3443) on Thursday January 24, 2002 @05:53PM (#2897119) Homepage
    Don't forget kids: those snazzy Linksys routers you bought will fall under this stipulation too! It's not just the retards with Linux boxes getting nailed, it's EVERYONE with any form of link duplication. Basically, if you have 2 boxes and pay for 1 to be connected THEY WANT YOUR ASS.
  • Re:methods (Score:2, Informative)

    by Anonymous Coward on Thursday January 24, 2002 @05:54PM (#2897129)
    The usual technique is to look for many connections coming from a specific range of ports.

    Dedicated NAT boxes tend to use the entire range, so this doesn't work. ipnat users can specify the range in ipnat.conf, and I'm sure iptables has some way of doing this also.
  • Can they do this. (Score:2, Informative)

    by MindStalker (22827) <(moc.liamg) (ta) (reklatsdnim)> on Thursday January 24, 2002 @05:54PM (#2897130) Journal
    Seriously, when I signed up the agreement was that I would not provide service to anyone outside my residence, which is fair I guess. If they want to crack down on me doing something that is proper let them try, but I'm not going to back down from asserting my rights. Personally I don't see what options that have to crack down. Though I have heard that their switches remember your mac address now so if you change the computer/network card hooked up it takes a reset to get it working again :(
  • Firewall (Score:4, Informative)

    by killmenow (184444) on Thursday January 24, 2002 @05:55PM (#2897149)
    Look, I have my Road Runner connected to a firewall that routes my internal machine to it. Therefore I have more than one machine (technically) hooked up to Road Runner.

    The firewall uses NAT for my internal box. My firewall is a custom Linux box I setup myself, but I imagine any firewall would behave similarly.

    If they're basically saying you have to have just the one machine directly connected to their service...they're saying YOU ARE NOT ALLOWED TO RUN A FIREWALL.

    How can they possibly suggest that I'm NOT ALLOWED to run a firewall? Especially seeing as how the freaking cable networks some of the worst offenders on portscans etc...

    Freaking morons.
  • by Xzzy (111297) <sether.tru7h@org> on Thursday January 24, 2002 @05:59PM (#2897185) Homepage
    MAC address. The mac address remains the same inside the packet regardless of what the IP's are. If they notice multiple mac addresses coming from your direction, indications are pretty strong you're using nat.

    Gonna be expensive on their routers, but it's probably trivial to implement some kind of alarm system that tracks bandwidth usage, and flags people for later inspection by a flesh and blood.

    Don't think you can just rewrite packets to mask the mac address, since I believe the nat gateway uses the address to map packets back to the real destination host.
  • Re:methods (Score:5, Informative)

    by sllort (442574) on Thursday January 24, 2002 @06:00PM (#2897199) Homepage Journal
    So, what are the methods they use, and how can I make it more difficult for them to tell if I have a machine running NAT?.

    I don't know. But let me take a crack at guessing the methods which an ISP would use to detect NAT.
    • O/S Fingerprinting. First and foremost, narrow down your suspect list. Find all the Linux boxes; these will have a higher incidence of NAT because Linux actually packages this feature. Try to develop a fingerprint list for hardware based NAT appliances and any Windows application that can grant NAT ability.
    • TCP Sequence Numbers. Many TCP stacks (cough Windows cough) have a predictable or semi-predictable TCP Sequence Number pattern. Running multiple copies of one of these stacks (say, two 98 boxes) behind a NAT box would allow an intelligent hueristic to detect multiple TCP stacks. Most of NAT happens at the IP layer, so sequence numbers are not rewritten.
    • TCP Source port. NAT-P (it has a couple names) involves correlating inbound TCP packets to the appropriate local host by port, and then rewriting the port field. There is no attempt made to randomize this source port field selection and a clever heuristic could probably fingerprint it.

    i've probably dropped a few details here, so feel free to flame me with corrections. that aside, i can see a new open source project brewing: Stealth NAT. A NAT implementation that will rewrite TCP sequence numbers and randomize anything else that would give the impression that multiple machines were in use.

    they'll probably start by O/S fingerprinting the NAT enabled hardware gateways you can get at buy.com for $150.

  • Bell's Sympatico DSL (Score:3, Informative)

    by nomis80 (181676) <{nomis80} {at} {nomis80.org}> on Thursday January 24, 2002 @06:02PM (#2897217) Homepage
    The bandwidth sucks.
    The latency sucks.
    The support sucks.
    They encourage NAT and show you how to do it in their manual.

    Thank you Bell!
  • Re:Crack down? (Score:2, Informative)

    by Anonymous Coward on Thursday January 24, 2002 @06:03PM (#2897235)
    From http://www.computerbits.com/archive/1997/0800/lan9 708.html :
    The TCP/IP Packet
    To see how the NAT works, we start with the structure of a TCP/IP packet, how a TCP/IP communication is performed between hosts, and the concept of a connection session.

    A TCP packet has a header area and a data area. The header has a number of fields in it; the ones that are important here are the source and destination MAC addresses, the source and destination TCP/IP addresses, and the source and destination Port numbers.

    When machine A transmits to machine B, the TCP packet contains A's address as the source TCP/IP address, and B's address as the destination TCP/IP address. It also contains a source port number -- generally selected by the sending machine from a pool of port numbers -- and a specific destination port number, such as port 80, which is http services. (Port numbers are listed in /etc/services.)

    B gets the packet at port 80 and -- if it decides to open a connection session with A -- selects a reply port number to use as its source port number and replaces port 80 with it. Then machine B reverses source and destination IP numbers and source and destination port numbers in the packet, so that now the B address is the source address, and the A address is the destination address, then transmits the packet back to A. As long as the connection session is open, the packets passed back and forth during the session use the port numbers that each system selected, as well as the source and destination TCP/IP addresses.

    With a normal router, the router modifies the source and destination Media Access Control (MAC) address field when it routes a packet through it. The source and destination TCP/IP addresses, port numbers, and sequence numbers are untouched. In this way a packet wends its way through the network from router to router until it reaches its destination.
  • by jandrese (485) <kensama@vt.edu> on Thursday January 24, 2002 @06:05PM (#2897252) Homepage Journal
    You know, that might actually work...if the MAC address were stored in the IP packet.

    Sheesh, I've seen MAC filtering mentioned 5 times already on this article. Maybe everyone should take a look at The anatomy of an IP packet [abdn.ac.uk].
  • Re:Crack down? -- (Score:3, Informative)

    by OctaneZ (73357) <ben-slashdot2@NosPAM.uma.litech.org> on Thursday January 24, 2002 @06:06PM (#2897260) Journal
    Yeah, if they really want to stop bandwidth hogs, why did they not just make the Cable modem also be a bandwidth limiter!!!!!

    THEY DID!

    Many users of cable systems are bandwidth limited, also called "capping," on at least their outbound traffic, and many also have their inbound traffic limited as well. Where I live RoadRunner has outbound speeds limited from 15k to 30k/s outgoing, depending on which loop you are on. Incoming is limited to 250k/s, though this is almost never achieved, even when the packets are originating at a major university, essentially, across the street, with only 4 hops between one box and the other.
  • Re:methods (Score:2, Informative)

    by _DMan_ (105238) on Thursday January 24, 2002 @06:06PM (#2897263)
    It depends on the configuration of your VM. VMWare allows three types of networking:

    - Bridged Networking
    - Network Address Translation (NAT)
    - Host-Only Networking

    All of which have different behaviors. For more details, see the VMWare Networking [vmware.com] page.
  • Re:Firewall (Score:2, Informative)

    by ouija147 (467204) on Thursday January 24, 2002 @06:06PM (#2897267)
    They want to insert their own "secure" hole into your network. They're unofficially calling it "CAT," for "Cable Address Translator."

    From here [cedmagazine.com]
  • Re:methods (Score:2, Informative)

    by RC514 (546181) on Thursday January 24, 2002 @06:08PM (#2897286) Homepage
    Did a little searching and found another hint: The NATting device acts as a router and as such usually decreases the TTL field of packets passing through it. That creates unusual TTL values on the first hop to the ISP.
  • Re:methods (Score:3, Informative)

    by p3d0 (42270) on Thursday January 24, 2002 @06:08PM (#2897293)
    Find all the Linux boxes; these will have a higher incidence of NAT because Linux actually packages this feature.
    Don't forget about Windows internet connection sharing [microsoft.com].
  • Re:Linksys (Score:3, Informative)

    by renehollan (138013) <{ten.eriwraelc} {ta} {nallohr}> on Thursday January 24, 2002 @06:11PM (#2897333) Homepage Journal
    Er, my Linksys router DISABLES the web interface from "outside" the local network, by default.

    Also, it can spoof any MAC address I chose on it's WAN port. (Yes, the MAC address can get sent over the DSL Modem, if it does ethernet encapsulation over ATM, and the ISP might care what it is).

    FWIW, my ISP [airmail.net] doesn't have this kind of "no NAT, no servers, no pinging" bullshit in their AUP -- they just don't want me to generate a disproportionate amount of outbound traffic.

  • by GreyyGuy (91753) on Thursday January 24, 2002 @06:15PM (#2897376)
    My service was bought by Comcast so I am now one of their subscirbers. First the sent a letter with a broken CD that said run the CD by the end of the year of lose internet access. I got this in the mail as I was leaving for Christmas vacation and wasn't going to be back until January. No explaination of what was on the CD or the settings that need to be changed for email and whatever else. I also recieved a new email address that I will never remember. And when I got back, I got a letter informing me that due to all the new services (I'm not sure what those are) my rates are going up!

    And now this? If they call me about my router (unless the kittens are surfing while I'm at work, I'm the only one that uses the access), I need to find another provider. Anybody have any recommendatiosn for a provider in the Detroit area?
  • Re:Firewall (Score:2, Informative)

    by random735 (102808) on Thursday January 24, 2002 @06:15PM (#2897380) Homepage
    actually roadrunner allows up to 4 computers per IP that you purchase...(my roommate and I are sharing the service, paying for the second IP (not static, just let's us pull two IPs from the DHCP server), so technically we can have 8 computers online at any given time. Two of them are "exposed" and then the other 6 would be NAT'd/gateway'd whatever....

    Granted this doesn't help Comcast people, but if you're on roadrunner, I think you're ok for now.
  • Re:How they can tell (Score:3, Informative)

    by gorf (182301) on Thursday January 24, 2002 @06:18PM (#2897399)

    Another consideration: How does the NAT box know where to send incoming replies? Isn't there something added to the IP header to indicate the internal source IP of the packet? I would think there would have to be. Could they scan packets for these identifying signatures?

    The NAT box keeps track of open connections using source/dest ip/port pairs, making sure that the same set isn't used twice (if it were, then it will transparantely switch the source port). Hence Network Address Translation. Nothing needs to be added. NAT on a 2.4 kernel tries to change as little as possible, so the source port won't even change unless multiple internal hosts are accessing the same services on the same destination.

    It is still possible to detect things by looking at traffic patterns, though. If you're using a firewall this won't happen, because there is only one computer to generate things. Unless multiple people use the same computer at once. Obviously there's no way for them to be sure this way.

  • Re:methods (Score:3, Informative)

    by RC514 (546181) on Thursday January 24, 2002 @06:19PM (#2897415) Homepage
    ip_forward.c: /* if (iph->ttl =1) goto too_many_hops; */ ... /* ip_decrease_ttl(iph); */ Kids, don't try this at home. Violating RFCs is a bad thing.
  • Re:methods (Score:2, Informative)

    by dpletche (207193) on Thursday January 24, 2002 @06:19PM (#2897422)
    i can see a new open source project brewing: Stealth NAT. A NAT implementation that will rewrite TCP sequence numbers and randomize anything else that would give the impression that multiple machines were in use.

    I believe OpenBSD 3.0 and the included 'pf' packet filter already have the ability to do so via the "modulate state" flag, i.e. in /etc/pf.conf:

    pass out on ${EXTIF} from any to any modulate state
  • Re:methods (Score:3, Informative)

    by Cadre (11051) on Thursday January 24, 2002 @06:20PM (#2897424) Homepage

    A NAT implementation that will rewrite TCP sequence numbers and randomize anything else that would give the impression that multiple machines were in use.

    OpenBSD's firewall (pf) can do state modulation. Also, the scrub directive, while meant to be used on incoming traffic might be able to be used on outgoing traffic to hide machines to some level.

  • Re:methods (Score:1, Informative)

    by asherlangton (220912) on Thursday January 24, 2002 @06:23PM (#2897450)
    Last I looked, Windows comes with "Internet Connection Sharing" and a control panel to turn it on with one button click. Linux requires daunting knowledge of IP networking and the iptables tools.

    In Debian: apt-get install ipmasq

    That's it.
  • Re:methods (Score:2, Informative)

    by gorf (182301) on Thursday January 24, 2002 @06:25PM (#2897465)

    MAC addresses can not be seen by your ISP. Ethernet uses them for addressing, so IP is "tunnelled" over ethernet using them. Anything reading IP over ethernet strips the ethernet framing info before passing it to a higher network layer (like IP), except for filtering locally.

  • Re:methods (Score:1, Informative)

    by Anonymous Coward on Thursday January 24, 2002 @06:38PM (#2897559)
    the grsecurity patch can let you randomize the ttl value (and other cool things). Check it out.
  • by Brandon T. (167891) on Thursday January 24, 2002 @06:39PM (#2897564) Homepage
    Yes, Windows 2000 and Windows XP both have equivelant functionality to NAT and ipchains. With windows xp it is very fine grained, you can forward specific ports to internal pcs and do just about anything else you could do with iptables. Of course you can't run Windows XP on a 486 so linux still has an advantage there ;)

    Brandon Tallent
  • Re:methods (Score:2, Informative)

    by zaffir (546764) on Thursday January 24, 2002 @06:42PM (#2897593)
    In lamens terms - every time a packet gets to a router the MAC addresses (there's two - sender and reciever) are ripped off and changed.
  • by Anonymous Coward on Thursday January 24, 2002 @06:44PM (#2897605)
    eke [dictionary.com]
  • by tempmpi (233132) on Thursday January 24, 2002 @06:46PM (#2897624)
    You are right, but all of this can be fixed using a proxy server. Of cause you shouldn't forget to disable things like "x-forwarded-for".
    I think the simplest methode to find many NATs is to look for this high port nummbers like 64000 and up. The linux kernel can easily be patched to use other ports that doesn't smell like NAT but most people wouldn't alter the kernel to hide their NAT.
    Some other writer suggested to use TCP sequence number prediction heurisitics to detect mulitple tcp stacks running behind a NAT. I think that could work at least with stupid NAT clients like windows, that doesn't use strong random numbers for the seq. number.
    What about a stealth NAT patch for the linux kernel ?
    It could rewrite the seq number, too, not only the ports. It also could use much more random ports to hide its activity. It could be also usefull to cheat os fingerprinting techs. Very likely the providers wouldn't suspect someone to run a NAT if they get windows 95/98 as a result of their os fingerprinting. Linux or any other unix os is much more suspicious.
  • by cgleba (521624) on Thursday January 24, 2002 @06:46PM (#2897625)
    One way around this is use a SOCKS & http proxies and have socks clients on all the computers. Granted it's a pain to set up and use but it's harder to detect:

    1) The TCP sequence number thingy is not a problem because your connection terminates at your proxy and then the proxy makes a connection out. All seuquence numbers are that of the proxy.

    2) TTL is not an issue; the TTL will be that of the proxy.

    3) OS fingerprinting will not be a problem because the fingerprint will be that of the proxy.

    The only issue that I see is is port #s -- there's somthing a little fishy about the number of high port numbers used and of course content-relted stuff -- if a Javascript reports your IP.

    So thus your "stealth NAT" is just a SOCKS proxy. It's just a pain to set up. . ..
  • by gorf (182301) on Thursday January 24, 2002 @06:52PM (#2897654)

    WTF are you on? Firstly, MAC addresses on an internal LAN never get to the ISP, they are used on ethernet, and have nothing to do with IP, except that IP often travels over ethernet.

    Second, you want me to get a MAC address from an old NIC, and then get my NAT to use that IP? I can only use the IP my ISP has allocated to me, or else they will know!

    And if you meant use that MAC, then how does getting an unused one help, seeing as I'm now using it?

    And what has MAC spoofing got to do with anything? Like I said, MAC addresses never get to the ISP!

    Get yourself a good networks book and learn what a network stack is. Oh yeah, I forgot, this is /.

  • by shking (125052) <babulicm@cuu[ ]b.ca ['g.a' in gap]> on Thursday January 24, 2002 @06:52PM (#2897657) Homepage
    If you have an old 486 or Pentium, a couple of network cards, and a broadband connection you can build yourself a hardware firewall in about an hour with a *BSD OS. Here's the link [bsdwall.org]
  • Re:methods (Score:5, Informative)

    by Frater 219 (1455) on Thursday January 24, 2002 @06:54PM (#2897669) Journal
    i've probably dropped a few details here, so feel free to flame me with corrections. that aside, i can see a new open source project brewing: Stealth NAT. A NAT implementation that will rewrite TCP sequence numbers and randomize anything else that would give the impression that multiple machines were in use.

    OpenBSD [openbsd.org] can actually already do this: it's called the modulate state directive to the pf packet filter. From what I can tell, it works under NAT and bridged filtering as well as straight routing-type filtering.

    Basically, what modulate state does is rewrite TCP initial sequence numbers using the same cryptographically strong randomness OpenBSD uses for its own sequence numbers. For more information, check out the "STATE MODULATION" section in the pf.conf [openbsd.org] manpage.

  • Re:methods (Score:1, Informative)

    by iocc (238550) on Thursday January 24, 2002 @06:55PM (#2897673) Journal
    I think you forgot that every TCP/IP packet has its orginal MAC-address witten in and its not changed by NAT. When the ISP sees two different MAC-addresses they can assume that the user is using NAT.
  • Re:How? (Score:1, Informative)

    by Anonymous Coward on Thursday January 24, 2002 @06:57PM (#2897696)
    It's easier than you think. First some background.

    Plain vanilla Network Address Translation will NEVER look inside the IP packet. It ONLY deals with the IP header (in particular, source address and port, and destination address and port), rewriting the IP header as needed to let hosts behind the NAT gateway masquerade as if those packets came directly from the NAT gateway.

    Some common Internet services, however, send IP address and/or port information as part of the IP packet payload. For instance, when you make an FTP connection, the TCP FTP control connection sends your computer's IP address as part of the request for the remote FTP server to make a data connection to your computer. Because this IP address information is NOT in the IP header, a plain vanilla NAT gateway will not rewrite the address contained therein.

    Many NAT gateways, however, go beyond plain vanilla NAT. They DO support rewriting of protocols like FTP or IRC's DCC so that you don't have to do anything unusual for the service to work behind NAT.

    This leads us to the question "How is NAT detected?". Quite simply. Just run an IP sniffer that has enough intelligence to watch for protocols like FTP, IRC DCC, Gnutella's PUSH, watching for IP addresses contained therein that do NOT match the IP address that the service provider assigned to the customer, usually an IP address in the reserved RFC-1918 IP address range. Even the most advanced NAT gateway will likely not have proxies or intelligent higher level protocol handlers for EVERY service that sends IP information inside the IP packet payload. And a service provider can afford to develop a sniffing detector that looks for FAR MORE services than most consumer NAT devices can hide.

    Does that answer your question?
  • by sqlrob (173498) on Thursday January 24, 2002 @07:01PM (#2897728)
    Let's face it. If the terms of service say you can't connect multiple computers to the cable modem service, then you can't do it (legally, at least). If you don't like it, don't sign up.

    Not necessarily. FCC regulations state that once the cable is in your house, the cable company has no say as to what happens (over and above saying you can't get services you don't pay for, like HBO). I don't know if the digital side of this has been tested in court yet or not.

  • Re:methods (Score:5, Informative)

    by pwagland (472537) on Thursday January 24, 2002 @07:02PM (#2897739) Journal
    Don't you just love it when someone has already done the hard work [sourceforge.net] for you? This package was specifically written to fool O/S fingerprinting, at least at the smartness level of nmap anyway. Start to check the services, and then you can really work out what the box is....

    Note that this also lets your own computer impersonate an amiga :-)

  • Re:methods (Score:4, Informative)

    by jhantin (252660) on Thursday January 24, 2002 @07:03PM (#2897748)
    MAC addresses don't stay the same across IP routing. When a gateway forwards a packet, the source MAC address is the address of the gateway's interface, and the destination address, if the destination host is not directly on that network, is the next gateway's MAC address.
  • Re:methods (Score:1, Informative)

    by Anonymous Coward on Thursday January 24, 2002 @07:07PM (#2897778)
    No it doesn't. You're wrong. The MAC header is outside the IP header. As the packet moves up the layers the out headers are stripped. As the packet moves back down the layers (on the outside) the outer headers are added.
  • by Anonymous Coward on Thursday January 24, 2002 @07:10PM (#2897794)
    Mac addresses have the first half designating a company who made the NIC. There are websites that will tell you who made your network card if you put in the Mac address. With that in mind, all they have to do is get your mac, and run in through the database. If it comes up "Linksys" they can do a little more research to find out if it's a card in one pc, or a cable/dsl router.
  • by Anonymous Coward on Thursday January 24, 2002 @07:14PM (#2897812)
    Before I explain anything, let me encourage you all to vote with your wallet. Leave Comcast for a company that doesn't care if you NAT. You need to affect their revenue stream if you want them to care.

    OK, so much of what I've read here leads me to believe that many of us don't understand their protocols or network applications very well. Honestly, you'll have to find a friend who does understand the technology well enough. For now, here's some data that can help

    MAC addresses are assigned to each company making network hardware. The only MAC address you need to worry about is your gateway/NAT box's. If this is clearly a MAC address belonging to, say, the Apple Airport, they'll be able to tell you're probably using NAT.

    Browser headers advertise what browser you're using. Either synchronize all the machines beyond the NAT box to the same browser, or force everyone through a web cache. You should modify the headers that the web cache sends out traffic with to use the same headers as a well-accepted browser, like IE foo.bar. Additionally, realize that they can get smart and start tracking for the non-standardized browser behavior and simply correllate for that.

    People - Understand that much of the success of their efforts will depend on how smart, qualified and motivated the people are who design this program. With hope, Comcast goes cheap and doesn't pay to get extremely good people.

    There's more to it than that, but I don't want to either take up the space here or give Comcast's people too much of a head start on the techniques which will be successful for a little while. Just remember that it's smart people designing solutions against other smart people. One solution will work for one side for a while until someone on the other side comes up with a counter idea. That's the hard part here -- there is no impossible.

  • NAT != Abuse (Score:4, Informative)

    by alexhmit01 (104757) on Thursday January 24, 2002 @07:14PM (#2897815)
    You could do the same abuse with less elegant solutions than NAT. Simply running a simple Proxy server for your neighbors would provide them access. Only 1 machine is on the Internet, the rest aren't. Hell, if you are running MS's busted proxy, the rest don't even need TCP/IP, they could run IPX/SPX. (Lousy program, NEAT configuration options, I never want to go near it again...)...

    Myself, I have a $90/month DSL connection. Why? If I need to get a VNC connection through the VPN to a work machine, I want the 384K uplink.

    We have a NAT box with wireless, and technically, 4 computers there. I live with my fiancee. She web browses from her iBook, and I work from home on the weekends. We barely use the bandwidth.

    However, I pay the premium so it is there when I need it.

    Ban NAT and I lose Wireless. If that is the case, I drop DSL. I can't run Wires all over my apartment, so I use Wireless to send the signals around.

    Find the abusers, by all means. However, leave those of us that don't abuse it alone.

    Alex
  • by GodSpiral (167039) on Thursday January 24, 2002 @07:18PM (#2897839)
    In a household with kids, some good arguments for not keeping all computers on a direct connection with the world.

    Either keep the kids computer use behind a proxy, so that you can control their access: prevent excessive game playing, filter sites they can access, etc...

    Alternately, you may want to keep "real work"/ important computers and data behind the firewall computer that the kids use to access the net, knowing that they will install privacy compromising software with privacy compromising default settings, and nuke and virus their icq friends.

    Knowing that no matter what the kids do, they can't fkup ur data. Alternatively, you may simply need to be protected from your own/MS's stupidity by taking advantage of the builtin firewall features of NAT and proxy connections.
  • by Webmoth (75878) on Thursday January 24, 2002 @07:30PM (#2897913) Homepage
    C'mon, you weren't sold 1024K bandwidth, you were sold 1024K speed.

    When an ISP sells you a service, they are selling it not based on how much you use it, but on how fast your connectivity is. Unfortunately, people are confused because speed and bandwidth use the same numbers.

    To use an analogy, think of the freeway. It has a speed of 70 MPH. If you go on the freeway, most of the time you will be able to go 70 MPH. You've paid taxes to drive one car 70 MPH on the freeway, and you're happy. You can't drive two cars 70 MPH on the freeway; that's probably illegal. The freeway's bandwidth, on the other hand, might be 1000 cars per hour at 70 MPH. When you exceed 1000 cars per hour, the speed drops below 70 MPH.
  • by dachshund (300733) on Thursday January 24, 2002 @07:34PM (#2897933)
    WTF? They advertise "always on" IP. That means that they must have a 1:1 IP to cable box ratio, right?

    A friend of mine had a Verizon DSL line, which forced him to use PPP-over-Ethernet. It included a piece of (Windows) software that took care of "signing him on", and establishing a PPP connection. If he didn't use his connection for a while, it would sign him out, and the software would automatically sign him back in the next time he connected. A system like that doesn't necessarily require a 1:1 address to computer ratio. Technically, it's not "always on", but I doubt Verizon makes a distinction.

  • Re:methods (Score:1, Informative)

    by c_g_hills (110430) <chaz AT chaz6 DOT com> on Thursday January 24, 2002 @07:36PM (#2897950) Homepage Journal
    It can be done with 2k server and advanced server in the routing and remote access section of administrative tools. go to [Computer Name]->Ip Routing->Network Address Translation (NAT) and right click, and choose 'New Interface...', and add the NIC that is connected to your internet access device (usually a cable or DSL modem). In the properties choose 'Public interface connected to the internet'. Also tick the box 'Translate TCP/UDP headers, then hit OK.
  • Re:methods (Score:1, Informative)

    by Anonymous Coward on Thursday January 24, 2002 @07:47PM (#2898005)
    BZZZZT! Sorry, thanks for playing.

    Ethernet frames have MAC addresses... IP packets do not. Once you make the jump to a different subnet, the frame's (source) MAC address is set to that of the gateway, not the sender.
  • by Anonymous Coward on Thursday January 24, 2002 @07:51PM (#2898023)
    I just read the AUP and it doesn't mention NAT's at all. NAT's are legal according to their AUP as long as you don't use abnormal amounts of bandwidth.
  • WRONG WRONG WRONG (Score:2, Informative)

    by schon (31600) on Thursday January 24, 2002 @07:52PM (#2898030)
    Sorry, this is complete bullshit.

    A TCP packet has a header area and a data area. The header has a number of fields in it; the ones that are important here are the source and destination MAC addresses, the source and destination TCP/IP addresses, and the source and destination Port numbers.

    A TCP header does not include anything like MAC addresses. The TCP header contains EXACTLY the following fields:

    Source Port (16bit)
    Destination Port (16 bit)
    Sequence Number (32 bit)
    Acknowledgement Number (32 bit)
    Header Length (4 bit)
    reserved (6 bits - currently unused)
    TCP Flags (6 bits)
    Window size (16 bits)
    TCP Checksum (16 bits)
    Urgent pointer (16 bits)

    Anyone who tells you the TCP HEADER holds anything else is WRONG.

    The IP HEADER doesn't even contain MAC information:

    Version (4 bits)
    Header Length (4 bits)
    Type Of Service (8 bits)
    Total length (16 bits)
    ID (16 bits)
    Fragmentation info (16 bits)
    TTL (8 bits)
    Protocol (8 bits)
    Header Checksum (16 bits)
    Source IP Address (32 bits)
    Destination IP Address (32 bits)

    A diagram of the TCP and IP headers can be found at http://www.utdallas.edu/~cantrell/ee6345/pocketgui de.pdf [utdallas.edu]
  • by S. Allen (5756) on Thursday January 24, 2002 @07:57PM (#2898056)
    but they will never catch a single family dwelling doing it. the ONLY way to detect it is to watch bandwidth and look for 60-70 connections coming out of that cablemodem

    Sorry, but this is 100% wrong. My brother-in-law was running NAT on a Linux firewall at home with a few PC's behind it and MediaGeneral shut him down. How? They snooped the User-Agent in the HTTP headers. It gives away quite a lot of information. They basically called him up one day and said, "Hi, we see you're running 2 Linux boxes and a Windows box behind a NAT. This is against our TOS so either a) pay us more money, b) shut them down or c) we will disconnect your service.

    There are only a few ways around this and they all involve running a proxy server that can generate fake headers (like squid).

    Since there are also other ways of detecting NAT with multiple sources (many enumerated above), I suggest you also take other precautions. Harden your firewall. Drop ALL inbound traffic (UDP and TCP) unless it can be correllated (stateful firewalling). Learn more about your IP stack.

    And when they come for you, either lie with a real convincing story or pony up the $6.95/mo.
  • dont pass ICMP (Score:3, Informative)

    by CrudPuppy (33870) on Thursday January 24, 2002 @08:13PM (#2898129) Homepage
    I can almost guarantee the first thing their
    scanners will do is dramatically cut down the
    scan time and horsepower needed by scanning only
    responsive hosts.

    my nat box passes and returns nothing except
    22/tcp - fixed!

    they will not have the manpower, computing power,
    or budget to scan every computer on their network
    to eliminate the tiny percentage using NAT when
    NAT will not save them shitloads of money if
    eridicated completely.

    the people they WILL target fiercely will be those
    using 20 people worth of bandwidth connecting on
    kazaa ports 24/7

    and yes, I am *very* close to a few insiders in
    high places at comcast.net and not just spouting BS
  • by Anonymous Coward on Thursday January 24, 2002 @08:38PM (#2898239)
    Squid is for use with http, SOCKS with pretty much anything else that supports it.

    NWSL SOCKS5 was pretty easy to set up via rpm on my RH Linux 7.2 box. There's no pretty GUI, if that worries you.
  • Re:methods (Score:1, Informative)

    by Anonymous Coward on Thursday January 24, 2002 @09:35PM (#2898463)
    the roadrunner western ohio terms of service and help files say that it is legal to set up a home network to connect more than 1 computer using the same ip...they just indicate they won't provide any technical support for the home network...they even helped my friend set up his router with his cable modem
  • Re:methods (Score:3, Informative)

    by jedidiah (1196) on Thursday January 24, 2002 @09:36PM (#2898468) Homepage
    a) Linux has come with some form of port masquerading since before Windows came with any built in TCP/IP neworking.

    b) Not all versions of Windows have NAT/Masquerade/Firewall capabilities. Not everyone has a "sufficiently new" version of Windows.

    c) There are MANY tools for linux that make setting up NAT as simple as "flipping a switch".
  • by Col. Panic (90528) on Thursday January 24, 2002 @10:50PM (#2898727) Homepage Journal
    forced him to use PPP-over-Ethernet. It included a piece of (Windows) software that took care of "signing him on", and establishing a PPP connection

    There is a Linux solution for this that will still allow you to run a router and NAT several computers behind it. The Roaring Penguin PPPoE client will establish the PPP connection on your firewall's external interface (DHCP is just fine, thanks) and you can use ifconfig to fake whatever MAC they registered for your account. Happy NATing :)

  • Re:methods (Score:3, Informative)

    by ZoneGray (168419) on Thursday January 24, 2002 @11:00PM (#2898773) Homepage
    Funny what you learn when you actually read the articles.... I looked through (admittedly quickly) their TOS and Subscriber agreement, and saw nothing that prohibited NAT... the subscriber agreement also makes some refernce to connection multiple computers. Maybe I missed it, I dunno, but I saw nothing.

    They did have a restriction against running a dial-up server or running a router to your neighbor's apartment... while that's still a silly restriction, at least it's one that most other ISP's have for home use. Maybe that's what they're cracking down on.

    Just makes no sense to crack down on simple home LAN NAT... you'd piss off more customers than you could hope to recoup by charging extra. Not that stupidity ever stopped a cable company from trying something, of course. But I can't see it lasting.... just too expensive to police for what it returns.

    Good Ol' MediaOne in Massachusetts was the best... they'd let you run whatever you wanted, web servers, mail servers. A couple of people even set up NNTP servers just for the hell of it.
  • "Stealth" NAT & TTL (Score:2, Informative)

    by Zenin (266666) on Thursday January 24, 2002 @11:52PM (#2898964) Homepage
    From FreeBSD (/usr/src/sys/i386/conf/LINT):

    # IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
    # packets without touching the ttl). This can be useful to hide firewalls
    # from traceroute and similar tools.

    Simply add "option IPSTEALTH" to your kernel config and rebuild. *poof* Firewall? What firewall?

    Of course, you'll probably want to couple this with the standard anti-stack finger printing methods of IPF/IPFW, but the idea of "Stealth NAT/firewall" isn't particuarly new.
  • by Anonymous Coward on Friday January 25, 2002 @12:31AM (#2899115)
    Found in a basic FAQ about firewalls at www.robertgraham.com [robertgraham.com]:

    Q: I've seen many DNS requests from many low port numbers below 1024. Aren't they supposed to be reserved? Aren't they supposed to use 1024-65535 range?
    A: These are coming from machines behind NAT firewalls. A NAT doesn't necessarily have the concept of reserved port numbers.

    Maybe they only have to examine the DNS packets looking for source ports below 1024?
  • by darkwhite (139802) on Friday January 25, 2002 @01:43AM (#2899370)
    Windows XP supports PPPoE out of the box with no need to install any other software. For Windows 9x/NT/2K you can download RASPPPoE, a 95K PPPoE driver that is installed as a network interface by running an .inf file.

    RASPPPoE [tu-berlin.de]

    Use Roaring Penguin for Linux.

  • by _aa_ (63092) <(sw.uaau) (ta) (j)> on Friday January 25, 2002 @01:48AM (#2899384) Homepage Journal
    I beleive that this so called department at comcast that enforces the AUP is a bunch of HOO-HA. All these people do all day is port scan users all day long looking for open socks servers. And when they find one they send a pre-formed 'assertive but peaceful' letter explaining that the user is violating the AUP and to stop pretty please. Just like when the cable TV portion of the company comes to your house to install or repair something. After they do the repairs, the tech will take you downstairs, show you the splitters that he had to disconnect because it violates their service agreement, and then he shows you how to reconnect them after he's gone. He doesn't care, and the cable company doesn't really care because they know that when push comes to shove, if they start disconnecting people for using more than 1 TV, or computer in their house, they'll end up losing in court, just like the telephone companies did in the 70's or 80's or whenever. If you pay for a certain ammount of bandwidth to your household, once inside your household, what you do with that bandwidth is your business and your's alone. In St. Louis, there is actually a company that offers to configure your broadband connection (cable, dsl, etc..) for NAT and firewalls, etc. They're called "The Digital Closet" I WILL LOCATE URL 4 U.. http://www.thedigitalcloset.com/ oh god their website sucks.. but it exists i guess. If all else fails and someone calls you threatening you with a disconnect.. just pretend to be a confused old man or woman, and say that your young trial lawyer grandson set-up your LAN. If that doesn't scare them, then use the method where you fall down on the ground and soil yourself and shake violently. That will work too.
  • Re:methods (Score:2, Informative)

    by KillerBob (217953) on Friday January 25, 2002 @03:53AM (#2899634)
    /cough

    He's not referring to Windows 2k, He's referring to Windows 98/98SE/ME/XP.

    Go to Add/Remove programs, make sure there's a full checkbox next to "Communications" (instead of a grey checkbox). Click apply, and Ok. Reboot.

    Click Start > Programs > Accessories > Communications > Internet Connection Sharing Wizard.
    Lo. NAT, courtesy of the evil empire.

    And I'm reasonably sure the same thing exists in Win2k, but I'm too lazy to reformat a box and install it to test.
  • by demonbug (309515) on Friday January 25, 2002 @03:53AM (#2899635) Journal
    From the TOS:
    File and Print Sharing: The Service functions as a Local Area Network (LAN) in that each Customer is a node on the network. As such, users outside the Customer's home may be able to access the Customer's computer. Additionally, some software may permit other users across a network such as the Service and the Internet to gain access to Customer's computer and to the software, files and data stored on the computer. For example, operating systems such as Windows 95 and Apple Macintosh include file sharing and print sharing capabilities which, when enabled, will permit other users to gain access to the Customer's computer even if the Customer is not using the Service. Comcast therefore recommends that the Customer connect only a single computer to the Service and that the Customer disable file and print sharing and other capabilities that allow users to gain access to the Customer's computer. Any Customer who chooses to participate in the Service using other than a single computer or who chooses to enable capabilities such as file sharing, print sharing, or other capabilities that allow users to gain access to the Customer's computer, acknowledges and agrees that the Customer does so at the Customer's own risk, and that neither Comcast nor its Underlying Providers shall have any liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to such use by the Customer.


    And in the FAQ (NOT from the TOS):

    Can I use the service on more than one computer?
    Yes, customers with home networks may order additional network addresses in order to connect several computers to the service through one cable modem.

    You must first subscribe to the basic Comcast High-Speed Internet Service.

    Once you become a subscriber, you can sign up for a second and third address.

    You will need to have access to network expertise because Comcast High-Speed Internet Service neither installs nor supports networks.

    The cost is $6.95 per month for each additional outlet. Customers can have two additional addresses, for a total of three.

    Comcast will install the network card and software on a second and third computer for a change of $49 for each computer.


    Those were the only references to multiple computers I could find anywhere in the TOS or FAQ.
    As you can see, it doesn't say anything about multiple computers sharing access not being allowed. However...


    Users must ensure that their activity does not improperly restrict, inhibit, or degrade any other user's use of the Services, nor represent (in the sole judgment of Comcast High-Speed Internet Service) an unusually large burden on the network itself. In addition, users must ensure that their activity does not improperly restrict, inhibit, disrupt, degrade or impede Comcast High-Speed Internet Service's ability to deliver the Services and monitor the Services, backbone, network nodes, and/or other network services.


    This paragraph gives Comcast considerable leeway in deciding what degrades another user's service, so they could conceivably argue that having multiple computers simultaneously connected could degrade other user's service (though I don't think paying more money for extra addresses would improve other user's service any).


    So, what's the problem?

  • Happened in Japan (Score:3, Informative)

    by mattr (78516) <mattr.telebody@com> on Friday January 25, 2002 @09:10AM (#2900094) Homepage Journal
    In Japan this happened with the government-run NHK which is two terrestrial and some satellite TV channels. NHK is the channel you go to when there is a big bumpy earthquake or a typhoon, and sometimes they have not so dry kind of interesting stuff too.

    So NHK got the government to let them go door to door demanding cash from people all across the country, since people are watching their channels with no commercials on them, which means they must owe them something. Just started a couple years ago after many many years of free government TV.

    The idea is if you pay, you get a shiny sticker which you post on your house, one a year. Of course everybody and his or her brother says to their question "Do you watch TV?", "Yeah! But I never watch NHK." Which is possible but difficult because you scan through two of their channels to hit the other five or so you get in Tokyo anyway.

    When's the last time this happened? Not for a long time, then they showed up on 9-11 or within a day or so of it I remember. I best remember of course my intense anger (from the New York area doncha know) and I got really pissed off at the person who came to the door.

    They went off never getting it, you know, that they could have been in the wrong. Even if technically they might not have been, though of course I never watch NHK intentionally now except when there is a typhoon or an earthquake.

    Maybe Comcast could be reduced to a more pathetic lifeform like NHK, which also happens to be made of some quite corrupt and very nasty people at the top. Lucky they don't have spyware for the tv, yet.
  • by blues5150 (161900) on Friday January 25, 2002 @09:16AM (#2900118) Homepage
    Subscriber Agreement
    This Agreement (the "Agreement") sets forth the terms and conditions pursuant to which CoxCom, Inc., together with any applicable Cox affiliate and/or distribution partner (collectively "CoxCom") will provide the Cox High Speed Internet service (the "Service") to the customer ("Customer") referenced on such order form. Such Service will be delivered over cable transmission facilities provided by CoxCom.

    CoxCom may modify this Agreement, and the Service provided hereunder, at any time. CoxCom will notify Customer of any such changes by posting notice of such changes at http://www.cox.com/ and sending notice via e-mail. Customer's continued use of the Service following notice of such change shall be deemed to be Customer's acceptance of any such modification. If Customer does not agree to any such modification, Customer must immediately stop using the Service and notify CoxCom that Customer is terminating this Agreement in accordance with Section 12(a) of this Agreement.

    1. Computer Equipment Requirement
    Customer's computer equipment must comply with CoxCom's current minimum computer requirements, which are available at http://www.cox.com/ The minimum computer requirements may change and CoxCom will make reasonable efforts to support previously acceptable configurations; however, CoxCom is not obligated to continue to provide such support.

    2. Customer Premises Equipment ("Equipment")
    Customer may rent or purchase a cable modem from CoxCom or may purchase a DOCSIS-compliant, CoxCom-approved cable modem from a third party provider. CoxCom reserves the right to provide service only to users who have CoxCom-approved DOCSIS-compliant modems. Subscribers are strongly urged to check with local CoxCom Customer Support or online at http://www.cox.com/ for the most current CoxCom-approved cable modem list.

    3. Access Provided
    The Service will allow Customers to access the Internet, online services and other information. Customer may incur charges, including, without limitation, charges relating to the purchase of "premium" services, such as additional web space, unified messaging, online faxing, business class services, or access to certain gaming sites in addition to those billed by CoxCom. All such charges, including all applicable taxes, are the sole responsibility of Customer.

    4. Payment Terms

    a. Agreement to Pay. Customer agrees to pay all monthly fees and installation charges, including applicable franchise fees, taxes, customer service fees, late fees and door collection fees. Monthly fees will be billed one month in advance. If payment is not received by the due date, late fees and/or collection charges may be assessed and the Service may be terminated. Customer may be required to pay a reconnect fee and/or a security deposit in addition to all past due charges before the Service is reconnected.

    b. Payment Methods. Customer agrees to pay CoxCom in accordance with the payment terms on the back of the invoice received by Customer for the Service and agrees that CoxCom has the right to change the structure and amount of its fees at any time subject to applicable law.

    5. Access to Customer's Premises
    Customer authorizes CoxCom, and its employees, agents, contractors, and representatives to enter Customer's premises (the "Premises") at mutually agreed upon times in order to install, maintain, inspect, repair and remove any CoxCom-owned Equipment and/or the Service. If Customer is not the owner of the Premises, upon request, Customer will supply CoxCom with the owner's name and address, evidence that Customer is authorized to grant access to the Premises on the owner's behalf, and (if needed) written consent from the owner of the Premises.

    6. Relocating/Removing Equipment
    Customer will not remove any CoxCom-owned Equipment from the Premises or connect the Equipment to any outlet other than the outlet to which the Equipment was initially connected by the CoxCom installer. CoxCom may relocate the Equipment for Customer within the Premises at the Customer's request for an additional charge. If Customer relocates to a new address, this Agreement shall automatically terminate and Customer will be required to enter into a new Subscriber Agreement and may be charged a new installation fee to initiate Service. Customer will not connect any equipment, other than Equipment authorized by CoxCom, to the cable modem outlet. Customer understands that failure to comply with this restriction may cause damage to the CoxCom network and subject Customer to liability for damages and/or criminal prosecution.

    7. Contact Address
    For any inquiries or notices required in connection with this Agreement, Customer should contact the local CoxCom customer service center, at the address or phone number listed on Customer's bill.

    8. Acceptable Use Policy
    Customer agrees to use the Services only in accordance with the Acceptable Use Policy currently located at http://www.cox.com/, which may be modified by CoxCom from time to time, and which are incorporated herein and made a part of this Agreement.

    9. Monitoring and Enforcement
    CoxCom has no obligation to monitor the content on the Service and expressly disclaims any responsibility for any offense or injury arising out of the Customer's access to or dissemination of such content. However, Customer agrees that CoxCom has the right to monitor the Services and to disclose any information as necessary to satisfy any law, regulation or other governmental request to operate the Service properly, or to protect itself or its subscribers. CoxCom reserves the right to refuse to post or to remove from the Service any information or materials that, in its sole discretion, are inappropriate, undesirable, or in violation of this Agreement.

    To promote good citizenship within the Internet community, CoxCom will respond appropriately if it becomes aware of inappropriate use of its Services. CoxCom prefers to advise Customers of inappropriate behavior and any necessary corrective action required. However, if the Services are used in a way in which CoxCom, in its sole discretion, believes violates this Subscriber Agreement, including the Acceptable Use Policy, CoxCom may take any responsive actions it deems appropriate. Such actions include, but are not limited to, temporary or permanent removal of content, cancellation of newsgroup posts, filtering of Internet transmissions, and the immediate suspension or termination of all or any portion of the Service. CoxCom will have no liability for any such actions. The above described actions are not CoxCom's exclusive remedies and CoxCom may take any other legal or technical action it deems appropriate.

    By using the Services to publish, transmit or distribute content, Customer is warranting that the content complies with this Agreement, including the Acceptable Use Policy. Customer also authorizes CoxCom to reproduce, publish, distribute, and display the content worldwide only as necessary for CoxCom to provide the Services. The publication, transmission, or distribution of Customer content pursuant to our providing the Services shall not provide CoxCom any ownership rights or license to use that content for any purpose other than allowing CoxCom to provide the Services.

    10. Customer Information

    a. Credit Inquiries. Customer authorizes CoxCom to make inquiries and to receive information about Customer's credit history from others and to enter this information in Customer's file.

    b. Information Collection and Disclosure. Customer agrees that CoxCom may collect and disclose information concerning Customer and Customer's use of the Service in the manner and for the purposes set forth in CoxCom's privacy policy currently available at http://www.cox.com/, and as the same may be modified from time to time in accordance with its terms.

    11. Customer Service
    CoxCom expressly reserves the right to institute fees for providing certain customer support services if, at its sole discretion, it determines such fees are warranted. Except as expressly provided herein, CoxCom shall not be liable for any damage to Customer's equipment resulting from or arising in connection with its provision of technical service and support for the Service, even if such damage results from the negligence or gross negligence of the CoxCom installer, technician or customer service representative.

    12. Terminations and Expiration

    a. Termination Rights. Either party may terminate this Agreement at any time without cause by providing the other party with no less than twenty-four (24) hours written notice of such termination. In the event of termination by Customer, Customer must notify CoxCom by telephone or by a non-electronic written submission. E-mail submissions shall not constitute effective notice. In the event of termination by CoxCom, CoxCom may notify the Customer of such termination by electronic or other means. In those cases where annual prepayment terms are elected by Customer, Customer agrees and understands that the calculation of any refund for unused Service will be based upon the normal rate for the Service and not upon the discounted annual prepayment rate.

    b. Obligations Upon Termination. Customer agrees that upon termination of this Agreement:

    1. Customer will pay CoxCom in full for Customer's use of any CoxCom-owned Equipment and Service up to the later of the effective date of termination of this Agreement or the date on which the Service and any CoxCom-owned Equipment have been disconnected and returned to CoxCom. Customer agrees to pay CoxCom on a pro-rated basis for any use by Customer of any CoxCom-owned Equipment or Services for a part of a month.

    2. Customer will permit CoxCom to access Customer's premises at a reasonable time to remove any CoxCom-owned Equipment and other material provided by CoxCom.

    3. Customer will ensure the immediate return of any CoxCom-owned Equipment to CoxCom. Customer will return or destroy all copies of any software provided to Customer pursuant to this Agreement.

    4. CoxCom is authorized to delete any files, programs, data and e-mail messages associated with such account.

    c. CoxCom Retention Rights. Nothing contained in this Agreement shall be construed to limit CoxCom's rights and remedies available at law or in equity.

    13. Limited Warranty
    ANY COXCOM-OWNED EQUIPMENT AND SERVICE ARE PROVIDED BY COXCOM "AS IS" WITHOUT WARRANTY OF ANY KIND. COXCOM DOES NOT WARRANT UNINTERRUPTED USE OF THE EQUIPMENT OR THE SERVICE. COXCOM DOES NOT WARRANT THAT ANY DATA OR ANY FILES SENT BY OR TO CUSTOMER WILL BE TRANSMITTED IN UNCORRUPTED FORM OR WITHIN A REASONABLE PERIOD OF TIME. ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF NONINFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY ARE HEREBY EXCLUDED AND DISCLAIMED. Some states do not allow the exclusion or limitation of implied warranties, so the above exclusions or limitations may not apply to you.

    14. Back-Up Requirements
    Customer agrees that he/she understands that the installation, use, inspection, maintenance, repair and removal of the Equipment may result in service outages or potential damage to Customer's computer. Customer therefore accepts full responsibility for backing up all existing computer files prior to such activities involving the Equipment. Customer expressly releases CoxCom from any liability whatsoever for any damage to or loss or destruction of any of Customer's software, files, data or peripherals.

    15. CoxCom Performance and Reliability Rights
    Although CoxCom will make commercially reasonable efforts to deliver a high quality residential Internet access service, unless otherwise specified by CoxCom in writing, Customer is purchasing a residential data service with no performance or reliability warranty either expressed or implied. CoxCom reserves the right to manage its network for the greatest benefit of the greatest number of subscribers including, but not limited to the following: rate limiting, traffic prioritization, and protocol filtering. Customer expressly accepts that such action on the part of CoxCom may affect the performance of the service. CoxCom reserves the right to enforce limits on specific features of the Service, including, but not limited to, e-mail storage and web hosting maximums.

    16. Damage to and Encumbrances on Equipment, Computer, Software

    a. Ownership of Equipment. All Equipment, except for equipment purchased and paid for in full by Customer, will at all times remain the property of CoxCom. Customer may not sell, transfer, lease encumber or assign all or part of the CoxCom-owned Equipment to any third party. Customer shall pay the full retail cost for the repair or replacement of any lost, stolen, unreturned, damaged, sold, transferred, leased, encumbered or assigned Equipment or part thereof, together with any costs incurred by CoxCom in obtaining or attempting to obtain possession of any such Equipment. Customer hereby authorizes CoxCom to charge Customer's Visa, Master Card, other credit card or other payment method authorized by Customer for any outstanding Service and Equipment charges. CoxCom may, at its option, install new or reconditioned Equipment, including swapping existing Customer equipment for DOCSIS-compliant equipment, for which the Customer may incur a fee.

    b. Customer's Hardware and Software. Should the hardware of Customer's computer be damaged as a result of the gross negligence of CoxCom or the gross negligence of an authorized agent of CoxCom, CoxCom will pay for the repair or replacement of the damaged parts up to a maximum of $3,000.00. CoxCom shall have no liability whatsoever for any damage to or loss or destruction of any software, files or data, including any damages or losses resulting from any virus, lock, key, bomb, worm, Trojan horse, or other harmful feature.

    c. Customer Purchased Equipment. Customer agrees to only connect CoxCom-approved equipment to the CoxCom network.

    17. No Liability for Content
    There may be content on the Internet or otherwise available through the Service that may be offensive to some individuals, or that may not be in compliance with all laws, regulations, and other rules. CoxCom assumes no responsibility for the content contained on the Internet or otherwise available through the Service. All content accessed by Customer through the Service is accessed and used by Customer at Customer's own risk, and CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to access to such content by Customer. CoxCom specifically disclaims any responsibility for the accuracy, quality and confidentiality of information obtained through the Service.

    18. No CoxCom Liability For

    a. Eavesdropping. Other cable and Service subscribers may be able to access and/or monitor Customer's use of the Service. The risk of such "eavesdropping" exists not only with cable transmission facilities, but also on the Internet and other services to which access is provided by CoxCom as part of the Service. Any sensitive or confidential information (such as credit card numbers or other financial information, medical information or trade secrets) sent by or to Customer is sent at Customer's sole risk, and CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to such actions by Customer.

    b. Security. Customer agrees that when using the Service to access the Internet or any other online service, there are certain applications, such as FTP, HTTP, proxy, peer-to-peer based applications, or gateway server applications, which may be used to allow other Service users and Internet users to gain access to Customer's computer. CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings resulting from, arising out of or otherwise relating to the use of such applications by Customer, including, without limitation, damages resulting from others accessing Customer's computer or from any loss of data maintained on any network.

    19. Limitation of Liability
    Customer agrees to indemnify CoxCom from any claims arising from Customer's use of the Service, including the use of the Equipment or the Service in any manner prohibited under this Agreement. Unless otherwise specifically provided in this Agreement, CoxCom shall not be liable to Customer or to any third party for any claims, damages, losses, liabilities expenses, or costs (including legal fees) resulting directly or indirectly out of or otherwise arising in connection with any allegation, claim, or proceeding based on:

    a. The use of the Service by Customer or any other use of the Equipment, including, without limitation, any damage resulting from or arising out of Customer's reliance on or use of the Equipment or Service, or mistakes, omissions, interruptions, deletion of files, errors, defects, delays in operation, failed deliveries, misdeliveries, transmission failures, or any other failures of performance whether from a failure of the Equipment or Service or from any other computer or network;

    b. The termination or reclassification of Customer's account by CoxCom pursuant to this Agreement;

    c. A contention that the use of the Equipment or Service by Customer or a third party infringes the copyright, patent, trademark trade secret, confidentiality, privacy, or other intellectual property rights or contractual rights of any third party;

    d. In no event shall CoxCom have any liability for any consequential, special, incidental, or indirect losses or damages, including lost profits, loss of data, lost business opportunities, and personal injuries (including death). The limitations set forth in this Section 20 apply to the acts, omissions, negligence and gross negligence of CoxCom, and each of its respective affiliates, subcontractors, employees and agents, which, but for this provision, would give rise to a cause of action in contract, tort or any other legal doctrine; and

    e. Customer's sole and exclusive remedies under this Agreement are as expressly set forth herein. Some states do not allow the limitation or exclusion of incidental or consequential damages, so such limitations or exclusions may not apply to you.

    20. Installation/End User Software Licenses

    a. If the installation of an Ethernet card is required, it may be necessary to open Customer's computer. System files on Customer's computer may be modified as part of the installation process. CoxCom neither represents, warrants, nor covenants that such modifications will not disrupt the normal operations of Customer's computer. CoxCom shall have no liability whatsoever for any damage resulting from the above or other file modifications. CoxCom is not responsible for returning Customer's PC to its original configuration prior to installation.

    b. CoxCom or its agents will supply and install certain software, and if required an extra cable outlet, a cable modem and an Ethernet card for a fee determined by CoxCom. CoxCom will also provide a "getting started guide" and online instructions on how to use the Service. CoxCom shall use reasonable efforts to install the Service to full operational status, provided that Customer's computer fulfills the minimum computer requirements set out above in Section 1.

    c. Customer agrees to comply with the terms and conditions of all end user license agreements accompanying any software or plug-ins to such software distributed by CoxCom in connection with the Service. All end-user software licenses shall terminate upon termination of this Agreement.

    d. Customer may transfer the software provided by CoxCom to additional computers within the home, but service and support for these additional machines is limited and/or may incur an additional fee. Customer agrees that CoxCom has no responsibility to provide service and support for in-home networks. If Customer intends to transfer the software, Customer must give CoxCom prior notice of such transfer.

    21. Multiple Users
    Customer agrees that Customer is executing this Agreement on behalf of all persons who use the Equipment and/or Service provided to Customer. Customer shall have sole responsibility for ensuring that all such other users understand and comply with the terms and conditions of this Agreement. Customer further agrees that Customer is solely responsible and liable for any and all breaches of the terms and conditions of this Agreement, whether such breach is the result of use of the Service and/or Equipment by Customer or by any other user of Customer's computer.

    22. Governing Law
    This Agreement shall be exclusively governed by, and construed in accordance with, the laws of the State of Georgia. Customer may not bring any claim, suit or proceeding more than one (1) year after the date the cause of action arose.

    23. General
    This Agreement constitutes the entire agreement and understanding between the parties with respect to its subject matter and supersedes and replaces any and all prior written or oral agreements. In the event that any portion of this Agreement is held to be unenforceable, the unenforceable portion shall be construed in accordance with applicable law as nearly as possible to reflect the original intentions of the parties and the remainder of its provisions shall remain in full force and effect. CoxCom's failure to insist upon or enforce strict performance of any provision of this Agreement shall not be construed as a waiver of any provision or right. Neither the course of conduct between the parties nor trade practice shall act to modify any provision of this Agreement. This Agreement may not be assigned or transferred by Customer. This Agreement is freely assignable by CoxCom to third parties.

    Acceptable Use Policy

    CoxCom, Inc. and any Cox affiliate and/or distribution partner referenced on the order form/Subscriber Agreement (collectively "CoxCom") provides a variety of Internet services that allow Customers to connect to CoxCom's high-speed Internet network ("Services"). In order to provide Customers with high quality Service, CoxCom has adopted this Acceptable Use Policy ("Policy") for CoxCom Customers. Please read this policy prior to accessing the CoxCom Services. By using CoxCom Services, CoxCom Customers agree to abide by, and require others using the Services to abide by, the terms of this Policy. CoxCom may revise this Policy from time to time without notice. Accordingly, CoxCom Customers should consult this document regularly to ensure that their activities conform to the most recent version. ANY USER WHO DOES NOT AGREE TO BE BOUND BY THESE TERMS SHOULD IMMEDIATELY STOP USE OF THE SERVICES AND NOTIFY THE COXCOM CUSTOMER SERVICE DEPARTMENT SO THAT THE USER'S ACCOUNT MAY BE CLOSED. For any questions regarding this Policy, complaints of violations, or cancellation notices please contact CoxCom via E-mail at abuse@cox.com, by mail to the cable system address listed on the Subscriber Agreement or by telephone to your local cable system office.

    Prohibited Activities
    CoxCom Customers may not use the Services in a manner that violates any applicable local, state, federal or international law, order or regulation. Additionally, CoxCom Customers may not use the Services to:

    Conduct, participate in, or otherwise facilitate pyramid or other illegal soliciting schemes.
    Take part in any fraudulent activities, including impersonating any person or entity or forging anyone else's digital or manual signature.
    Invade another person's privacy, stalk or otherwise harass another.
    Post, transmit, or disseminate content that is threatening, abusive, libelous, slanderous, defamatory, incites hatred, or is otherwise offensive or objectionable.
    Restrict, inhibit, or otherwise interfere with the ability of any other person to use or enjoy the equipment or the Service, including, without limitation, posting or transmitting any information or software which contains a virus, lock, key, bomb, worm, Trojan horse or other harmful feature.
    Collect or store personal data about other users.
    Use an IP address or client ID not assigned to Customer.
    Use the Services on more than a single computer, unless otherwise authorized by CoxCom.
    Violate any other CoxCom policy or guideline.
    Harm to Minors
    CoxCom Customers may not use the Services to harm or attempt to harm a minor, including, but not limited to, by hosting, possessing, disseminating, or transmitting material that is unlawful, including child pornography or obscene material.

    Intellectual Property Infringement
    CoxCom Customers may not use the Services to post, copy, transmit, or disseminate any content that infringes the patents, copyrights, trade secrets, trademark, or propriety rights of any party. CoxCom assumes no responsibility, and CoxCom Customers assume all risks regarding the determination of whether material is in the public domain, or may otherwise be used by Customer for such purposes.

    Copyright
    If you believe that your work has been copied in a way that constitutes copyright infringement, please provide CoxCom's Copyright Agent the following information:

    An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright or other intellectual property interest;
    A description of the copyrighted work or other intellectual property that you claim has been infringed;
    A description of where the material that you claim is infringing is located on the site;
    Your address, telephone number, and email address;
    A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright or intellectual property owner, its agent, or the law;
    A statement by you, made under penalty of perjury, that the above information provided in your notice is accurate and that you are the copyright or intellectual property owner or authorized to act on the copyright or intellectual property owner's behalf.
    CoxCom's Agent for Notice of claims of copyright or other intellectual property infringement can be reached as follows:

    By mail: Cox Communications, Inc.
    Attn: Wanda Moore
    Leslie Spasser

    1400 Lake Hearn Drive
    Atlanta, GA 30319

    By fax: Attn: Wanda Moore
    Leslie Spasser

    404-843-5845

    By email: copyrightabuse@cox.com

    User Content
    CoxCom Customers are solely responsible for any information that they publish on the web or other Internet services. CoxCom Customers must ensure that the recipient of the content is appropriate and must take appropriate precautions to prevent minors from receiving inappropriate content. CoxCom reserves the right to refuse to post or to remove any information or materials from any CoxCom Service or system, in whole or in part, that it, in CoxCom's sole discretion, deems to be offensive, indecent, or otherwise inappropriate.

    Commercial Use
    The CoxCom residential Services are designed for personal use of the Internet and may not be used for commercial purposes. CoxCom Customers may not resell or otherwise charge others to use the residential Services. The residential Services are for personal use only. Customer agrees not to use the Service for operation as an Internet service provider, or for any other business enterprise, including, without limitation, virtual private network ("VPN") usage, IP address translation, or similar facilities intended to provide additional access.

    Servers
    CoxCom Customers may not operate, or allow others to operate, servers of any type or any other device, equipment, and/or software providing server like functionality in connection with the CoxCom residential service.

    Misuse of Service
    CoxCom Customers are responsible for any misuse of the Services, even if a friend, family member, guest, employee or customer committed the inappropriate activity with access to the CoxCom Customer account. CoxCom Customers must therefore take steps to ensure that others do not gain unauthorized access or misuse the Services.

    Hacking/Attempted Unauthorized Access
    CoxCom Customers may not use the Services to breach or attempt to breach the security of another user or attempt to gain access to any other person's computer, software, or data without the knowledge and consent of such person. The equipment and the Services may not be used in any attempt to circumvent the user authentication or security of any host, network or account. This includes, but is not limited to, accessing data not intended for Customer, logging into or making use of a server or account Customer is not expressly authorized to access, or probing the security of other networks or computers for any reason. Use or distribution of tools designed for compromising security, such as password guessing programs, cracking tools, packet sniffers or network probing tools, is prohibited.

    Security
    CoxCom Customers are solely responsible for the security of any device connected to the Services, including any data stored on that device. CoxCom recommends that users take appropriate security precautions for any systems connected to CoxCom Services.

    Disruption of Services
    CoxCom Customers may not disrupt the Services in any manner. Nor shall CoxCom Customers interfere with computer networking or telecommunications services to any user, host or network, including, without limitation, denial of service attacks, flooding of a network, overloading a service, improper seizing and abuse of operator privileges or attempts to "crash" a host.

    Equipment
    CoxCom Customers may not alter, modify or tamper with any CoxCom-owned equipment or service, or permit any other person to do the same that is not authorized by Cox.

    Viruses, Trojan Horses, Worms and Denial of Service Attacks
    Software or other content downloaded from the Service may contain viruses and it is Customer's sole responsibility to take appropriate precautions to protect Customer's computer from damage to its software, files and data. Customers are prohibited from posting, transmitting or disseminating any information or software that contains a virus, Trojan horse, worm or other harmful program or that generates levels of traffic sufficient to impede others' ability to send or retrieve information. Prohibited conduct of this type includes denial of service attacks or similarly disruptive transmissions, as well as transmissions containing other harmful or malicious features.

    Electronic Mail
    CoxCom Customers may not use the Services to send unsolicited bulk or commercial e-mail messages ("spam"). Any unsolicited e-mail must also not direct the recipient to any web site or other resource that uses the CoxCom Service. The Services may not be used to collect responses from unsolicited e-mail sent from accounts on other Internet hosts or e-mail services that violates this Policy or the acceptable use policy of any other Internet service provider. In addition, "mail bombing," the sending of numerous copies of the same or substantially similar messages or very large messages or files with the intent to disrupt a server or account, is prohibited.

    You may not reference Cox, CoxCom or any portion of the Cox network (e.g. by including "Organization: Cox" in the header or by listing an IP address that belongs to the Cox network) in any unsolicited email even if that email is not sent through the Cox network. Further, forging, altering or removing electronic mail headers is prohibited.

    Bandwidth, Data Storage and Other Limitations
    CoxCom Customers must comply with the current bandwidth, data storage and other limitations on the Services. Customers must ensure that their activities do not improperly restrict, inhibit, or degrade any other user's use of the Services, nor represent (in the sole judgment of CoxCom) an unusually large burden on the network itself. In addition, Customers must ensure that their activity does not improperly restrict, inhibit, disrupt, degrade or impede CoxCom's ability to deliver the Services and monitor the Services, backbone, network nodes, and/or other network services. CoxCom may terminate, suspend, or require a Customer to upgrade its Services and pay additional fees if CoxCom, in its sole discretion, determines that that a CoxCom Customer is using excessive bandwidth.

    Newsgroups
    Messages posted to newsgroups must comply with the written charters or FAQs for those newsgroups. Advertisements, solicitations, or other commercial messages should be posted only in those newsgroups whose charters or FAQs explicitly permit them. You are responsible for determining the policies of a given newsgroup before posting to it.

    Posting or cross-posting the same or substantially similar messages to more than eight newsgroups is prohibited. Our news software will automatically cancel any messages posted to nine or more newsgroups.

    Binary files may not be posted to newsgroups not specifically named for that purpose. Users posting binary files to groups with policies concerning the permissible daily volume of posted files are required to observe those limitations.

    Forging, altering or removing header information is prohibited. This includes attempting to circumvent the approval process for posting to a moderated newsgroup.

    CoxCom reserves the right to discontinue access to any Usenet newsgroup at any time for any reason.

    You may not attempt to "flood" or disrupt Usenet newsgroups. Disruption is defined as posting a large number of messages to a newsgroup which contain no substantive content, to the extent that normal discussion in the group is significantly hindered. Examples of disruptive activities include, but are not limited to, posting multiple messages with no text in the body, or posting many follow-ups to messages with no new text. Messages may not be canceled, except by the author or by official newsgroup moderators performing their duties.

    The Usenet news service included with a CoxCom residential service account is provided for interactive use by the subscriber, using a commonly-available NNTP client such as Netscape Communicator. Non-interactive clients that download Usenet articles in bulk are prohibited.

    Conflict
    In the event of a conflict between the Subscriber Agreement and this Policy, the terms of the Subscriber Agreement will prevail.

    COX COMMUNICATIONS, INC.
    PRIVACY POLICY

    Cox Respects Your Privacy
    At Cox Communications, Inc., we respect your privacy. This privacy policy explains our commitment to your privacy and describes how your information is maintained and used by us.

    Information We Collect
    Information You Provide to Us. When you sign up for our services, including Internet, cable television, and/or video on demand (the "Services"), you provide us with information including your name, address, telephone number, and other billing information. We maintain this information along with billing, payment, deposit, complaint, and service information, and your choices regarding equipment and service options.
    Information Used in Connection with Service Management, Maintenance, or Security. We collect information about your usage of our services for network management, maintenance, performance, and security. We may collect information regarding the choices that you make in connection with your use of the Services we offer, any Services ordered, and Internet usage, including the Internet Protocol number assigned to you, bandwidth utilization, and Internet resource requests (e.g. requests to view a web page) made by you.
    Information for Personalization Services. We may collect and maintain information such as your address and content and service preferences to provide a more personalized online experience.
    We Do Not Monitor Your Personal Communications in the Course of Normal Operations. We do not read your email messages, instant messages, online chats, or the content of other online communications that reside on or pass through our Services. We may however, retain and provide such communications in accordance with a valid court order or if we are otherwise legally required to do so or in response to an emergency situation. Please be aware, however, that once your communications leave our network and enter the public Internet on their way to their recipient, your communications may be monitored or intercepted by third-parties or other Internet service providers over which we do not have control.
    We Do Not Record Any Information You Provide to Non-Affiliated Web Sites in the Course of Normal Operations. We will not record any information that you provide to third-party websites or Internet services in the course of our normal operations. When you submit information to any website or Internet service operated by us or an affiliated company, that information will be used only in accordance with the terms of service and privacy policy on that website or Internet service. Since we cannot control websites or Internet services operated by third-parties, we recommend that you review the terms of service and privacy policies of those websites.
    Information Usage
    We May Use Your Information for Service Related Purposes. We may use the information we collect to maintain and manage the Services, verify billing accuracy, communicate with our customers about service-related issues and maintain financial, tax and legal records. We also may transfer the information we collect in connection with the sale, merger, or transition of our system to a third-party.
    We May Use Your Information for Our Internal Business Purposes. We may make your information available to our employees, agents and contractors for our internal business purposes, as well as to our outside auditors, attorneys and accountants, potential and actual purchasers of our business, and local franchise authorities. We also may disclose your information to collection services to the extent such disclosure is necessary to collect past due bills, or to other third-parties as may be necessary to render the Services and conduct other legitimate business activities related to your use of the Services. Third-parties that we retain to perform activities on our behalf (such as executing e-mail communications or collecting past due bills) and which necessarily have access to your information to carry out their assignment, are obligated to maintain the privacy of your information. We require those third-parties to use your information only for the limited purposes for which the disclosure is made and in accordance with this privacy policy. The frequency of any such information disclosure will vary in accordance with our business needs.
    We Will Not Provide Your Information to Non-Affiliated Third-Parties for Marketing Purposes. We will not provide your information to any third-party for its use in connection with mailing lists or marketing purposes, other than those parties that we retain to conduct our mailings, surveys, contests, or marketing campaigns, or who act on our behalf.
    We May Use Your Information to Send You Our Marketing and Service Related Information. We may send you marketing and informational materials from us or on behalf of our business affiliates or partners. If you do not wish to receive marketing or informational materials from us or our partners, please let us know by sending us a written request, including you name, address, and account number to the address listed on this notice.
    Disclosure Policies
    We Treat Your Information as Confidential. We treat the information we maintain about you as confidential and take precautions to prevent unauthorized access to your information.
    We May Disclose Aggregate, Anonymous Information. We may disclose aggregate, anonymous information (i.e., information that does not reveal your name and address in connection with your general viewing or usage habits or any other transactions made using our Services that are personally indefinable to you) collected from our Services. This aggregate, anonymous information cannot be linked to you or any other individual.
    We May Disclose Your Information if Required To Do So for Law Enforcement Purposes. We may disclose your information, including your name, address, email address, and other information, to a government entity if required to do so pursuant to law and as otherwise provided in the Acceptable Use Policy.
    We May Disclose Your Information for Certain Other Purposes. We may disclose your information, including your name, address, email address, and other information to other system administrators at other Internet service providers or other network or computing facilities if necessary pursuant to our Acceptable Use Policy or in response to emergency conditions such as imminent threat to life or damage or destruction of property.
    Limitations on Disclosures If you wish to prohibit or limit our disclosure of your information, you must notify us in writing at privacy@cox.com, and include your name, address, account number, and the information that you do not wish to be disclosed. Please note that we still may be required to disclose certain information if required to do so by law.
    Retention
    We maintain your information in our regular business records as long as you are a customer and for a longer time if necessary for our business purposes. Unless a court has asked us for access to this information, we will destroy it once it is no longer necessary for our business purposes.
    Inspection
    We will make personally identifiable information about you contained in our business records available to you within ten (10) days of our receipt of your written request to examine such information. You may only inspect records containing information about you. You are responsible for the cost of copying any documents you request. We will make this information available during normal business hours at the Cox office listed on the front cover of this notice, and will give you an opportunity to correct any error in the information we maintain.
    Other Issues to Beware of - When you travel across the Internet, you may come across the following:
    Spam - We do not condone or encourage the sending of unsolicited email, often called spam. Although we take steps to block spam from coming onto our network, no spam prevention method can stop all spam. You can help reduce the amount of spam you receive by not posting your email address on Internet news groups and message boards, and by not providing it to services that are unknown to you.
    Cookies - Websites may use cookies to provide you with customized services and other features to enhance your experience. A cookie is a small amount of data that is sent to your browser by a website and is stored on your computer's hard drive that may contain data that allows that website to identify you. A cookie cannot read unrelated data off your hard drive. Every website you visit, and the advertisers on that website, can send cookies to your browser if your browser's preferences allow it. Although cookies can help websites provide you with customized features, they may also allow your activities and choices to be tracked. If you are concerned about cookies you may opt out of major advertising networks use of cookies at http://www.networkadvertising.org/optout_nonppii.a sp or you may disable cookies on your browser as follows:
    Internet Explorer (IE) users:
    On the main toolbar of your browser, go to View (IE 4.0 or earlier) or Tools (IE 5.0 or later):

    Select "Internet Options"
    Go to the "Security" tab
    IE 4.0 or earlier, look for "cookies" and select "enable" or "prompt" to enable cookies or "disable" to disable cookies
    IE 5.0 or later select "custom level", scroll down to "cookies" and select "enable" or "prompt" to enable cookies or "disable" to disable cookies
    Netscape users:
    On the main toolbar of your browser:

    Go to "edit"
    Select "preferences"
    On the left half of the window, select "advanced"
    Select "accept all cookies" to enable cookies or "disable cookies" to disable cookies
    Clear GIFs - Web pages may contain invisible electronic images, often called clear GIFs or web bugs, that allow third-parties to gather information about users who have visited the web page containing the clear GIF. Email you receive also may contain clear GIFs that may allow the sender to know if you have opened the email.
    Malicious Activity - People with malicious intent may try to access or otherwise damage your computer when you are on the Internet. We therefore recommend that you take precautions to protect your computer when you are online. A firewall will help protect your system from attackers, and a virus checker will help prevent a virus from damaging your system.
    Changes to this Policy
    We may change this privacy policy from time to time to take into account new or changing circumstances. In the event that we change this privacy policy, we will provide you with written or electronic notice at least 30 days before the changes take effect. Any changes to this privacy policy will be prospective and will therefore not change the way we use information collected prior to the changed policy. Additionally, any written notices you provided to us regarding your preferences as to how we use your information will remain in effect.

"Right now I feel that I've got my feet on the ground as far as my head is concerned." -- Baseball pitcher Bo Belinsky

Working...