Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Privacy

Comcast Gunning for NAT Users 979

Posted by timothy
from the thank-you-please-pay-again dept.
phillymjs writes: "A co-worker of mine resigned today. His new job at Comcast: Hunting down 'abusers' of the service. More specifically, anyone using NAT to connect more than one computer to their cable modem to get Internet access- whether or not you're running servers or violating any other Acceptable Use Policies. Comcast has an entire department dedicated to eradicating NAT users from their network. We knew this was coming since this Slashdot article from two months ago, but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday, and I'll be cancelling my Comcast cable modem early next week." Earthlink and Comcast have both been advertising lately their single-household, multi-computer services (and additional fees) -- probably amusing to many thousands of broadband-router owners, at least until the cable companies really crack down.
This discussion has been archived. No new comments can be posted.

Comcast Gunning for NAT Users

Comments Filter:
  • by mosch (204) on Thursday January 24, 2002 @04:52PM (#2897100) Homepage
    Okay everybody, let's all get upset, and write 450 comments saying how evil Comcast is, on the basis of an unverified, unverifiable claim, with no technical details.

    This is not a story, let's not treat it as one. It'll be a story when somebody has copies of a letter explaining that their service was cut off, due to the use of NAT. In the meantime, I can tell you that the firewall on my comcast connection has received no new exploratory packets originating at comcast servers.

  • Silly (Score:4, Insightful)

    by Zo0ok (209803) on Thursday January 24, 2002 @04:55PM (#2897152) Homepage
    What about setting up a linux machine and connect X-terminals to it, thus providing multiple users with internet access, but they are on the same machine. Or a windows terminal server. Or ssh in and run applications that are forwarded over X. Or port forwarding.

    And, windows 98/ME does this automatically if you have a windows LAN with one computer connected to the internet, doesnt it?

    Huh?
  • Re:methods (Score:5, Insightful)

    by sakana7 (398444) on Thursday January 24, 2002 @04:58PM (#2897183)
    Any thoughts on how packets coming from VMware sessions might be treated?

    I'm curious how the packets might look form say 4 virtual machines running on the same host hardware.
  • by Jeffrey Baker (6191) on Thursday January 24, 2002 @05:01PM (#2897204)
    Actually they do not. Telco and cable plants operate as a natural monopoly, supported, regulated, and historically funded by the local municipal authority. The right to freely set your terms of service ends when you use the government to back your business.
  • Dear timothy (Score:1, Insightful)

    by Marcos the Jackle (7778) on Thursday January 24, 2002 @05:01PM (#2897212)
    I'm assuming you can verify this? You can verify that this is ligitimate, can't you? Hello? timothy? Hello?...

    Once again slashdolt is the shining star disinformation and ignorance. You should all be buggered.
  • More complicated (Score:3, Insightful)

    by benwb (96829) on Thursday January 24, 2002 @05:02PM (#2897225)
    Do you feel the same way about Microsoft? Most cable providers in the US enjoy a monopoly. Comcast may be the only option for broadband access for a large number of people who aren't close enough to their exchange to get dsl. One could argue that broadband is a "perk", and doesn't deserve protection but I don't agree.

    As a side note, hooking up a cable/dsl router doesn't really qualify as l33tness in my book.
  • Re:I wish... (Score:2, Insightful)

    by killmenow (184444) on Thursday January 24, 2002 @05:07PM (#2897283)
    They do sell flat rate services. It's called a T1. Corporations that require flat rates use them all the time. And their bill is the same every month.

    What I think the residential market should be is a range: You pay $X/month for AT LEAST nKB bandwidth with NO guarantee you'll EVER get more but YOU MAY. Then they CAP the line at n*2KB or something like that.

    The problem is: they want to over sell their available bandwidth. They BANK on residential users using LESS than their alotted bandwidth. That way, they can sell you and me the same bandwidth, knowing we're not likely to BOTH be eating up our share 24/7.
  • Re:Crack down? (Score:3, Insightful)

    by I_redwolf (51890) on Thursday January 24, 2002 @05:09PM (#2897301) Homepage Journal
    1. Accessing several different websites at the time

    I usually have about 6-7 different websites loaded at once, some have banner ad's that change, some don't.

    2. Port forwarding to computers using different operating systems

    I am allowed to have my own internal network, that is not illegal and because I add a machine that uses their service that port forwards for whatever reason; It's my port, I'll do with it as I please. So long as I don't abuse their service in any manner according to their "Abuse Legislation".

    3. SMTP headers containing references to domain names used only by the LAN

    See response to 2.

    I really don't know how comcast plans to do it. I'm not a customer and wont ever become one but I'd really love to hear from comcast how they plan to do this because it would be revolutionary in hacking and spying on internal networks. Does anyone work for comcast?
  • Re:methods (Score:4, Insightful)

    by Jeffrey Baker (6191) on Thursday January 24, 2002 @05:09PM (#2897306)
    they'll probably start by O/S fingerprinting the NAT enabled hardware gateways you can get at buy.com for $150.

    That would be a distinctly stupid thing to do. So, anyone who has a laptop computer and an 802.11b access point that NATs is automatically some kind of AUP-violating scofflaw? I guess those millions of Apple AirPorts already deployed don't matter to them?

    Find all the Linux boxes; these will have a higher incidence of NAT because Linux actually packages this feature.

    Last I looked, Windows comes with "Internet Connection Sharing" and a control panel to turn it on with one button click. Linux requires daunting knowledge of IP networking and the iptables tools.

    This whoel subject is completely stupid. What if I have roommates who all use one computer via serial terminals? NCD terminals? That isn't NAT because I only have one host, but dozens of people can use those services via getty or X11. So WTF is the difference?

  • by gorilla (36491) on Thursday January 24, 2002 @05:12PM (#2897343)
    Another consideration: How does the NAT box know where to send incoming replies?

    It has a table in memory, it knows that port 63210 is connected to 192.168.1.20:571 , so when it sees packets coming into 63210, it sends them to 192.168.1.20:571. It has to have this table, because it needs to know what to do if another packet comes from 192.168.1.20:571, they have to be re-written in the same way.

  • by jbroom (263580) on Thursday January 24, 2002 @05:13PM (#2897355) Homepage
    I have a lot of sympathy for the ISP (hell, I am one, about to go under...). The problem is that the industry still hasn't figured out how to charge its users in a fair way AND make a buck. Is it REALLY fair to charge a flat fee, which means divide total cost usage by total users and then charge that to each user (plus a markup -don't forget that this is NOT a charity, but a business-)? If so, then what happens is that those that hardly use it are heavily subsidizing the big users.

    If there are no limits, what stops you from getting yourself a cable/DSL access and then wiring up your whole neighbourhood through you? Hand them out instructions on how to create a hotmail-type email, and off you go. For those that say "sure, but then you are lowering the experience of each one", they should actually look at average usage, and you would see that up to around 50 users or so, you are unlikely to step on each others toes except under exceptional circumstances (not more than 4 or 5 are likely to be on at the same time, and of them, they are statistically going to have more unused b/w during their usage than used).

    Unfortunately, during the dot-com boom pricing and billing of ISP service went nuts (along with the rest of the industry), and we still have to recover from this idea that b/w should be somehow GIVEN by the ISP at no charge to EVERYONE. Sure, I love universal service as everyone else, but the big question that we should all be asking ourselves: "for internet service, WHO should pay?" Please note, that links, routers, equipment, staff, electricity, etc... are NOT free.

    If an ISP has unlimited access which it is calculating on the basis of an average SINGLE user with a SINGLE machine, and it states it clearly in its contract that you are paying for a single-user/single-machine, then anyone putting more than that on their link is in breach of their contract. They have calculated their prices based on their assumption. Of course you may think -and might even be right- that their prices are too high, but does that morally allow you to be in breach of contract? In the same way, we all feel that MS-whatever licenses are way too high, but are we morally allowed therefore to install each program on 10 machines (certainly not legally).

    John.
  • by TheFlyingGoat (161967) on Thursday January 24, 2002 @05:14PM (#2897364) Homepage Journal
    It'll be a story when somebody has copies of a letter explaining that their service was cut off, due to the use of NAT. In the meantime, I can tell you that the firewall on my comcast connection has received no new exploratory packets originating at comcast servers.

    And while we're at it, we'll just sit idly while the government installs Carnivore-like systems at our ISP's. After all, it doesn't matter until they show up at your doorstep to arrest you, right?
  • by 4of12 (97621) on Thursday January 24, 2002 @05:14PM (#2897366) Homepage Journal

    How, pray tell, do they propose to determine whether a user has NAT?

    Well, probably nothing is a perfectly reliable diagnostic.

    But, [not an expert, here] I had thought that one symptom of NAT was a plethora of high numbered ports being used.

    But this practice really irks me.

    As far as I'm concerned, just let the user pay for [bandwith + 1/latency]*connect_time.

    If clients don't want to subscribe to your extra services, then don't try to browbeat them into it by saying that home-brewed services are "not allowed".

    The first network service provider with a business model specifically designed to cater to the commoditization of the network will eventually make mincemeat of those providers that rely on heavy-handed tactics to force their customers into needless higher cost products.

    It's like having to buy rust-proofing as part of your new car or an extended warranty on a piece of solid-state electronics - a complete rip-off.

  • by kbyrd (68962) on Thursday January 24, 2002 @05:14PM (#2897370)
    but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday
    Here's the thing. $49.95 or whatever it is you pay really doesn't cover the cost of all that bandwidth if EVERYONE uses it. It's called oversubscribtion and the $19.95 dial-up ISPs are alive because of it. The ISP (in this case Comcast) can't offer that service at that price if everyone uses it. Even T1 services are oversubscribed to some extent. But with a T1 you ARE paying for the bandwidth you're getting. Your DSL service is no better, if lots of customers start using all downstream bandwidth all the time, the ISP would have to discontinue the service at that price.
  • by poot_rootbeer (188613) on Thursday January 24, 2002 @05:15PM (#2897379)
    By your reasoning, the DMCA is not newsworthy because no one has been convicted under it. Yeah, that Dmitri guy was arrested, but he cut a deal with the DA so it doesn't count. Be proactive. If it's not worth talking about until the damage has already been done, then you'll always be trying to catch up.

    And Comcast doesn't have to send packets to your firewall to find out if you're likely to be running a NAT. You're sending packets to them ALL THE TIME.
  • by ichimunki (194887) on Thursday January 24, 2002 @05:16PM (#2897385)
    I am under the impression that they would be looking to prevent the use of NAT to provide services outside the residence-- as running servers is clearly defined and prohibited in their TOS and Subscriber agreement. So if you want to run servers, get a different service contract (not that I can find any alternatives listed on their site in the five minutes I spent looking).

    This is from their FAQ:
    Can I use the service on more than one computer? Yes, customers with home networks may order additional network addresses in order to connect several computers to the service through one cable modem.


    You must first subscribe to the basic Comcast High-Speed Internet Service.

    Once you become a subscriber, you can sign up for a second and third address.

    You will need to have access to network expertise because Comcast High-Speed Internet Service neither installs nor supports networks.

    The cost is $6.95 per month for each additional outlet. Customers can have two additional addresses, for a total of three.

    Comcast will install the network card and software on a second and third computer for a change of $49 for each computer.
    Seems pretty tolerant of self-installed networks if you ask me, and they will do the work for you if you don't know how to do it yourself. It is also worth pointing out that they probably don't support Linux. And correct me if I'm wrong but does Windows even have the ability to turn one machine into a firewall the way you might do with ipfilter or ipchains on Linux?
  • by Rude Turnip (49495) <valuation@gm[ ].com ['ail' in gap]> on Thursday January 24, 2002 @05:16PM (#2897388)
    I wish people would just give up this idea that there is a free market. THERE IS NO FREE MARKET, not as long as all parties are not fully aware of all the facts and especially as long as cable companies get special protection from the government.

    Where I live, the only option for high speed access is cable (DSL isn't here yet), which cripples the "free market" illusion even more.
  • Downward spiral... (Score:5, Insightful)

    by gnovos (447128) <gnovos@chippCHICAGOed.net minus city> on Thursday January 24, 2002 @05:18PM (#2897404) Homepage Journal
    The fool part about things like this is that no one ever tries to think logically about it. Every user that gets slapped by this is going to be one less client (if DSL is available) for them. The fewer clients they have, the less money they make to make up for badwidth costs. The less money they have, the more draconian they become. They should really think about tacking on an extra five dollars a month and start advertising that they ALLOW people to set up servers. As long as they have honest pricing and limit bandwidth accordingly, they won't eventually go under.
  • by TheDarkRogue (245521) on Thursday January 24, 2002 @05:24PM (#2897457)
    Note: I have a LinkSys, and I don't know about the other 2 mentioned, and I'm not going to pretend I Do.

    >It might have a web page on port 80, or something else open that identifies it as being a router.

    My Linksys has a tiny little webserver in it for configuration, but it's only accessable from an Internal Networking address and not from the outside World.

    >Another consideration: How does the NAT box know where to send incoming replies? Isn't there something added to the IP header to indicate the internal source IP of the packet? I would think there would have to be. Could they scan packets for these identifying signatures?

    If I think I understand you right, it will already know what to do with initiated TCP connections, and you can do a bit of Port Mapping from the little configuration web page if you are running some form of a server. I Personally use the DMZ feature which says Send everything to a certian computer less there is some port mapping thing already, and then I have this computer Firewalled for what I don't want to get to it (Cable Company portscans).

    >It's certainly more secure (and less problematic, from what I understand) than ZoneAlarm or BlackIce. How is the ISP going to know the difference?

    (Shameless Propping) There are alot of things more Secure then ZoneAlarm and BlackIce :) Tiny Firewall [tinysoftware.com] for one, Best free windows Firewall out there, and it's rather small too (Like the name Implies).
  • by nestler (201193) on Thursday January 24, 2002 @05:26PM (#2897472)
    Higher level protocols can leak NAT information.
    HTTP and FTP do this just to name a few.

    FTP clients will embed their IP in the PORT command.

    Stupid HTTP clients (IE) will give up their
    IP in cookies or in HTTP headers.

    Both of these can make it out of a NAT.
  • by p3d0 (42270) on Thursday January 24, 2002 @05:28PM (#2897479)
    The right to freely set your terms of service ends when you use the government to back your business.
    Right. An economic monopoly is just another form of government.

    The constitution needs an amendment like "monopolies shall be considered a branch of the U.S. congress" with all the associated restrictions. The board of directors would be chosen by public election as soon as the company is declared a monopoly. After that, all the articles of the constitution would apply (ie. freedom of speech, unlawful search and siezure, etc.)

    Now that would be an incentive for a company not to become a monopoly.

  • by Jumperalex (185007) on Thursday January 24, 2002 @05:29PM (#2897492)
    The problem with doing this in the US would be they would likely lose their common-carrier status by virtue of doing the scanning. Then they can be liable for the content running through their service.

    At least that is how I understand it. Then again things like DCMA, et al seem to be able to make EVERYONE worried that they will be sued no matter their common-carrier status or not.
  • by jgerman (106518) on Thursday January 24, 2002 @05:34PM (#2897526)
    Wonder what they'll say when they see Linux and Windows traffic coming from my ip at different times. Technically I'm only ever using one at a time, they can suck a bag of if they think I'm paying for two ip's when only one machine can be running at a time. And if they are going to start enforcing this, they can give me back my damn static ip. Guess I'll be switching to DSL soon too.
  • by FuryG3 (113706) on Thursday January 24, 2002 @05:43PM (#2897600)
    These cable providers (att, formerly @home, cox, comcast) and even some satalite providers, are no longer selling people bandwith with ips and whatnot, they're selling "internet access".

    I was on @home back when they first brought it to my area, they gave me a static, and there was no download/upload cap, and I recieved a static ip (i could have up to 3). They then started charging $2/mo or something for the statics, and later it's ALL dhcp. Then came caps, slower connections, horrible support, etc.

    And so I switched to DSL. I'm paying for Buisiness DSL from pacbell (1.5/384 5IP) and it's a bit expensive (i got a deal at about $65-70), but i know what I'm getting. There's no "we switched you to a proxy" or "linux? no you have to use our windows software..." etc. And while they will yell at you for doing stupid things, there isn't a buch of suits sitting around in a room schemeing on ways to slow down the rate at which i download mp3s (i don't think), and thats rather comforting.

    If someone puts you on a shitty network, takes away all the perks, and makes it so you can't even protect yourself from their insecure, poorly contsructed network (by installing a firewall), then the best way to deal with it is to switch.

    Even non-technical friends who have @home-type connections are getting fed up and ordering DSL.
  • by drsoran (979) on Thursday January 24, 2002 @05:50PM (#2897645)
    That's a good point. What if you have multiple X-Terms around the house and you run all your applications from your machine attached to your cable modem. You can even shut off IP forwarding and NAT completely if you did that. Or for that matter, use serial terminals and text consoles hanging off the one box. Does that still count as multiple machines? This all just sounds like out and out greed to me. What's next, only one person is allowed to be staring at the screen at once. "Honey, come over and take a look at this... hold on let me close my eyes so you can look without violating our AUP."
  • by Erris (531066) on Thursday January 24, 2002 @05:51PM (#2897647) Homepage Journal
    "We regret to inform you, Mr. Anderson, that you have three different people in your household using this computer to access the internet. Your bill will be adjusted accordingly."

    That's the new XP feature, didn't you know that's why they put those fake user accounts in? Obviously if you and another person can share Word, you have two coppies and must pay subscriptions accordingly.

    These greedy cable folks are going to be surprised when all of their customers drop their service. I know a faster browsing experience of an ever more comercial suck web is not worth $50/month to me.

    Cox is forcing DHCP. I've had a fixed IP from at home for three years. For a short time I had DSL, but that died when I moved. Last week I got a cardboard toolbox with a letter and a CD in it. It warned me that I had to apply the software soon, using the authorization code printed in the letter, or lose service. The CD, needless to say, contained M$ and Mac binaries. Their web site had instructions that said, esentially DHCP, with forced swapping every 4 hours. It also says that they are going to discontinue the old equipment soon and a friend tells me the date is feb 15th.

    WTF? They advertise "always on" IP. That means that they must have a 1:1 IP to cable box ratio, right? The only reason they are going this way is to twart people who want to actually use their connection for more than web mail, viewing the great corporate advert, and have their boxes broken by haxors.

    So what do you think I'm going to do? That's right, I'm bailing. At home was just the first of these companies to go under. "Normal" people are neither going to trade their TVs for their computers nor pay $100/month for "entertainment". The rest of us expect more for $50/month than giant casino adds. No, I don't have cable TV, just the box. When it's over, Cox will be paying to maintian a line to my house that gives them zero revenue. If all I can do with the cable is surf, I'll reduce my monthly blead by $30/month and find a nice little dialup to do the same thing. Like normal people then, my wife will quit visiting sites that push huge adverts, and those places will lose out too. Poof, goodbye greedheads, I hope you all lose your shirts.

  • Re:Adelphia (Score:2, Insightful)

    by bedouin (248624) on Thursday January 24, 2002 @05:56PM (#2897686)
    An Adelhpia guy came to my house last week to install Powerlink. I put the NIC into my Linux box (that has three other boxes hooked up to it) right in front of him. He was just happy he didn't have to do any other installation other than make sure the splitters in the basement were up to standard.

    What I found funny was their port blocking. My friend who lives 15 minutes away has port 80 wide open, but 25 incoming (not outgoing) is blocked. On the other hand, my port 80 is blocked, and all others (with the exception of netbios) are shut off to the public.

    I can understand why you'd want to block port 25, due to spammers, but wouldn't it make more sense to block it *outgoing*?
  • by pbegley (84849) on Thursday January 24, 2002 @05:58PM (#2897701) Homepage
    When our segment was switched from @Home to comcast.net, I found my LinkSys could not obtain a DHCP lease.

    I tested with one of my laptops and it worked fine, but not the LinkSys. I banged a valid Intel MAC address into the LinkSys (MAC alias setting) and it got a lease.

    A call to tech support (well, several) confirmed that they are blocking some MAC addresses.

    My complaint is if they won't let us run some sort of hardware firewall (like) device, are they going to nuke/filter/pursue all the script kiddies and infected IIS servers that are scanning my LinkSys 10, 15, 20+ times a night??
  • by eris_crow (234864) <eris_crow AT eldain DOT com> on Thursday January 24, 2002 @05:59PM (#2897706) Homepage
    They say you can use multiple computers *if* you pay them money for extra IP addresses. They don't say you can use one IP addy from multiple machines, and they seem to imply you can't

    Still, in my (admittedly quick) perusal of their service agreement I saw only wording indicating that you could not use a single connection to provide Internet access to multiple people. If you own all of the computers and only you use them, then this may be a loophole to get you off the hook, should they sue. (Though, of course, they'd still cut off service.)
  • by david.johns (466417) <.kallisti. .at. .morpho.dar.net.> on Thursday January 24, 2002 @06:14PM (#2897810) Homepage
    IANAL.

    Actually, I just want to point out that the usage of contract law (licenses) to prohibit certain activities relies on negotiability. Being unable to negotiate software licenses, etc. is quite shaky, legally. At least, as soon as we stop being braindead, we will probably see some rulings related to exactly what can be licensed for and against, a lot like our warranty and sale regulations.

  • by t0qer (230538) on Thursday January 24, 2002 @06:25PM (#2897877) Homepage Journal
    I was going to submit this as an ask slashdot, but I said forget it.

    When do I own a packet?
    After I request it?
    When the media it travels down is owned by me?
    When it hits my computer and the TCP/IP stack does something with it?
    When I sign my service agreement?

    I guess comcast thinks they always own the packet.

    For about the last year i've been sharing my network with my neighbors, we all own our houses, and have given each other "right of way" to run cat5 stapled to the fence into each others houses. What started out as a simple 1 wire connection has grown to over 24 pairs of copper (i.e. 6 lines)

    Each neighbor prepays 6 months in advanced, 10 dollars a month. With this money i've managed to get the bandwidth up to 1.5down and 512up. Their kids can download on napster all day long and it still wont lag my gaming connection. Not only do I share an internet connection with them, but my fileserver as well. We have a central repository for music, a phpnuke based site for updates on the network status.

    Our equipment is pretty nice too, everyone has intel pro100 management cards. Our main nat server used to be a linkcyst router, but it has evolved into a k62-300 running bbiagent. (nifty little firewall on disk, bbiagent.net)

    So the question of when do I own the packet comes up again.

    We don't have a classC subnet, we're all using nat on the 192.168.x.x range. I thought that range was set aside as a non routable "private" network. Private as in mine, err I should say our co-op. It doesn't belong nor resemble our providers network in any way shape or form. We maintain it, upgrade it, support it, ect.

    It's really a pity that all these ISP exec's get paid so much money. That 10million a year spent for 1 CEO could buy a cheaper CEO for about 250k, and enough techs to upgrade the existing infrastructure.

    Take for example, the DSL I use now. It runs on POTS telephone service, which has not seen any signifigant change since Alexander Bell said "hello" 100 years ago. Basically whenever you make a phone call, the line between you and the person on the other end is a complete circuit. The best analogy I can make is this would be like taking a trip from LA to Chicago, with all the freeways empty except for your car during the duration of your trip. It's a complete waste of resources.

    Now imagine if this infrastructure was upgraded to packet switched networks. Bandwidth would become cheaper because circuits could be multiplexed, allowing many cars on the road at the same time.

    With comcast, I would guess that %90 of their bandwidth on the wire is being sucked away by their old infrastructure (analogue video) You can see what a waste this is because you can only fit maybe 40 or so channels on the analogue wave, on the other hand, they have this newfangled digital cable, which uses just 1 or 2 channels of the original analogue, but because it is a packet based network, its better utilization of the bandwidth and they can fit 100-200 channels where they used to only be able to fit one.

    On top of that, there is IPV6

    This is really turning into a long rant.

    I just don't see comcasts justification for eradicating NAT from their network.. If they want to control what kind of network I have at home, they can run the cable, and buy my hardware. Hunting down people that just want to share an internet connection is bullshit (pardon my french) and is just another way of deflecting from the REAL problem which is people are starting to wake up to the fact that what they have percieved for years as good internet service is not the truth. I think it's about time people stopped accepting what the providers try and shleff off as good service and start demanding that they upgrade their networks to handle the load, instead of taking it out on the customers that underwrite thier service.
  • Re:methods (Score:4, Insightful)

    by jafac (1449) on Thursday January 24, 2002 @06:26PM (#2897883) Homepage
    I'm guessing that our friends at LinkSys, sensing the threat to their revenue from the sale of devices that allow people to screw ISPs, are going to simply add some features to their routers that prevent detection, and we have another round of escalation in the network arms race.

    However, I think that eventually, flat-rate ISP pricing is going to go away, no matter how much people protest. We're addicted like crack-whores now.
  • by MasteroftheVoxel (162902) on Thursday January 24, 2002 @06:30PM (#2897911)
    I've had a cable modem since 1998 back when I don't think anyone had heard of "NAT" and wireless ethernet for the home didn't even exist. My roommates and I were one of the early customers of MediaOne, back before they merged with Road Runner and before they were bought by AT&T. We paid 40 bucks a month for our connection and, like most other cable services, our bandwidth was decent but it was shared with those who live in the same neighborhood as you. Now, between myself and my 2 roommates we had 10 computers between us.

    There weren't any NAT boxes available, so we did it the old fashioned way - we used a 486 put together from spare parts running Linux with IP Masquerading installed. ("IP Masquerading" is what NAT was called back then.) All of our computers were hooked up to this box - and MediaOne only saw one computer on their network. Our setup worked well and we didn't feel like we were stealing - in fact we believed were helping relieve the growing shortage of IP addresses.

    If cable and DSL providers want to restrict the number of computers connected to a single modem, they need to be more clear about what they are selling. Are they selling IP addresses? If so, I only want one IP address, thank you. Are they selling bandwidth? Well, if they are, give me a monthly bandwidth cap because despite the fact we have nearly a dozen computers we didn't use anywhere near as much bandwidth as the kid next door with one computer who downloaded pr0n 24-hours a day.

    And finally, if they are charging for just having the connection itself then don't complain about how many computers are connected. Does the phone company care how many phones are connected to a single line? You may argue that a single phone line will only let you have one call going at one time. Well, the same is true of cable and DSL services. Anyway you look at it, there is only one packet being transmitted through the DSL or cable modem at any given time. This is very different from stealing cable television where you can watch multiple channels at the same time on different TVs.

    Given all of this, the only thing that the cable and DSL providers can do is limit the bandwidth on a connection. If they did that then "Bob" wouldn't be as willing to share his bandwidth with his neighbors because it would either mean additional fees or slower access for himself. He should have the right to "timeshare" his connection anyway he wants. Just like if I were let my neighbors watch my cable TV while I'm not home or if I deleted my copy of Quake and lent the CD to a friend.

    Besides, even if something like CAT is implemented, clever Linux users will still be able to customize their own little firewall/router to bypass this and this "problem" will still exist.
  • by dinivin (444905) on Thursday January 24, 2002 @06:36PM (#2897952)

    The original poster wasn't saying it didn't matter till it happened till him. He was saying that it isn't an issue till it happens to someone. Learn to read, please.

    Dinivin
  • Re:methods (Score:5, Insightful)

    by sdo1 (213835) on Thursday January 24, 2002 @06:38PM (#2897958) Journal
    ...allow people to screw ISPs...

    Ok, I'll bite. How does the number of computers "screw" the ISP. They don't need any additional IP resources/addresses (assuming your home LAN is set up as a private network) and I can just as easily use the maximum bandwidth with one computer as I can with 10.

    I can see charging per MB or GB transferred, but I can't agree that those running a home network behind a Linksys (or similar) cable modem hub/router are somehow screwing the ISP.

    -S

  • by Jeremi (14640) on Thursday January 24, 2002 @06:41PM (#2897978) Homepage
    If you feel like your ISP is dicking you around, the only real solution is to fire them. They exist to serve your needs, not to control your life. Write them a letter telling them why you are cancelling your service, and tell them what changes it would take in order for you to reconsider them as an ISP.


    Trying to "fool" your ISP with clever stealth-NAT schemes is lots of fun and all, but it does nothing to change the status quo of companies thinking that they can dictate how their customers should use the Internet.


    Yes, I realize that some of you have no alternative. If that is the case, it is of course up to you whether you want to drop back to dial-up service, or continue to get dicked around.

  • by AstroJetson (21336) <gmizellNO@SPAMcarpe-noctum.net> on Thursday January 24, 2002 @06:44PM (#2897990) Homepage
    How 'bout a squid proxy? Is there anything magic about SOCKS that makes it particularly useful for this application? Never set up a SOCKS proxy, but I've set up many squid proxies and they're a snap to configure.

  • by jafac (1449) on Thursday January 24, 2002 @06:51PM (#2898024) Homepage
    The question we should be asking ourselves here is:

    Why WAS there an internet boom in the first place?

    It's because a whole lot of people saw a GREAT value in the amount of money it cost to buy a computer, hook up to the internet. What you got for that money was virtually FREE, convenient communication, (IM, email) with anyone anywhere in the world, free music, free software, etc.

    Now, many of those formerly compelling reasons have evaporated:
    IM - is a world of divided standards, so you can only talk to AOL users if you're an AOL user, MSN if your an MSN user, etc.

    email - is a world where you need to sift through 20 spam messages to find your one message. Also the monoculture of email clients created a nightmare reality of viruses.

    nntp - spam is certainly a problem, as is the bulk of news services no longer carrying binaries.

    Search - pay per search, or commercially-supported search (ie - paid-for results placement).

    Stock Trading - find me a stock worth investing in today. It was half a function of cheap trading, but also half a function of stocks where you could actually make money.

    WEB - commercial consolidation funnels most people to portals. Nobody can afford to host anymore, so people's websites are either overrun with popups or they're very small, and hosted on very slow hardware, and anyone posting material of any worth has been shut down due to copyright concerns. Anything interesting or non-mainstream is either impossible to find now, or shut down. I recently went through my bookmarks.html list, of 500k, accumulated over the past 8 years or so - and a good 70% of the URLs were dead. Making me regret not saving the content to my local hard drive. (and I have saved a great deal anyway).

    A Voice - running your own server used to be a great democratic equalizer. It's no longer affordable to the vast majority of people. For all but the most basic uses, you can't address the web at large anymore, because 56k is not enough, cable and DSL providers are "gunning" for any attempt at using the service for servers, and T1 is still prohibitively expensive.

    Free Music - the age of napster is finished.

    Free Software - I'm not talking about Free Software, I'm talking about that which the BSA is making extinct. Warez. Right or wrong, it was one major compelling reason people got onto the internet.

    The only compelling things left I can see are:
    email/im - despite the fact that they're not what they used to be, they're still very useful, but there's no need for broadband here.

    Corporate Software websites - where you can usually get up to date drivers and updates. Most of the time, broadband isn't required.

    Free Software - If you're a Linux-head - you still need broadband for downloading those isos.

    Marketing - ah yes. If you're an advertiser, the internet is your friend, and a very compelling reason to get broadband, or even a T1. That is, until everyone who has signed up for the internet in the past 3 years finally realizes that there's nothing out there for them but advertising and crap, and drop the service.
  • by Restil (31903) on Thursday January 24, 2002 @07:23PM (#2898167) Homepage
    The cable companies are trying to achieve the same benefits that OS software companies enjoy. Just like you can't install one copy of Windows on multiple computers (legally anyways), the cable companies don't want you using more than one computer on the network at the same time. Does it increase the amount of bandwidth? Unlikely. Websurfing and gaming uses such a miniscule amount of bandwidth that even additional computers don't significantly add to the load, and any warez junkie will far outweigh the load that a multi-user network adds.

    The point is, they want to be able to charge extra for multiple computers. Of COURSE there are technical ways to get around this, but those don't provide the cable company with extra revenue.

    You say it doesn't cost the cable company any extra for you to host multiple computers on a single connection. This is true. Its also true that installing one copy of Windows onto more than one computer doesn't cost Microsoft more. But it deprives them of revenue they would have if you were legal. The cable company sees this the same way.

    If its in the user agreement, and you signed on knowing this, you have nobody to blame but yourself. And cable companies are in a better position than Microsoft in this regard. Chances are, you probably signed an actual contract, not some EULA that you blindly clicked through without reading. You don't have to use them. Use a competitor. Vote with your wallet.

    And now, you're going to tell me there ARE no other options. They're the only broadband provider in your area. Well, guess what. There are places that don't even have ONE broadband option. You at least HAVE a choice. Accept it, start an alternative service on your own, move somewhere there are more (or better) options, or keep cheating and hope you don't get away with it.

    Personally, I don't get into this argument. The service I have allows me 16 static ip's and allows me to resell the bandwidth if I want. But I also pay for it, probably a lot more than you're paying. I could probably get away with far less, but I actually prefer the idea of having a service that I know is unrestricted. If you buy a service that comes with restrictions, you better make sure you can live with those restictions before you sign your name and start paying for it.

    -Restil
  • by Monoman (8745) on Thursday January 24, 2002 @07:26PM (#2898178) Homepage
    The cable company already lets us hook up mulitple TVs.

    The phone company lets us hook up multiple phones.

    The eletric company lets us hook up multiple devices.

    The water company lets us hook up multiple spigots.

    What is my point? They have all figured out how to structure their billing while letting customers use the systems the way they want.
  • by fishbowl (7759) on Thursday January 24, 2002 @07:39PM (#2898242)
    All the fees for my telephone service and
    my DSL connection cost me somewhere in the ballpark
    of $2400.00 per year. For that amount, I get
    two phone lines, a fairly decent voicemail package
    plus all the add-on services that Qwest sells
    (caller-id and so forth), a 1.5/1.5 Mbit ADSL
    connection, a /27 routed to me with proper DNS,
    a Cisco 678, webspace, mail addresses, nntp access,
    yadda yadda, from a clueful ISP that provides
    connectivity and not bullshit.

    People keep going on and on and on about how MSN
    this and AOL/TW that and now Comcast the other thing.

    In my WAY NOT humble opinion, when you go for the
    cheap option, you're going to get treated like a
    commodity consumer, NOT like a customer. If you
    are unfortunate enough to live in an area which is
    not well-served by competing broadband providers, well,
    you have my sympathies. There are downsides to the
    area where I live as well. But if you do have a choice,
    and you've gone with the lowest priced option when
    better though more expensive alternatives are available,
    you should stop complaining, and take responsibility
    for the consequences of your decisions.
  • by withinavoid (553723) on Thursday January 24, 2002 @08:26PM (#2898427)
    I work for Road Runner [rr.com], we dont care if you are NAT'ing. In fact its better cause it saves IP addresses. We just dont support it, meaning dont have any reps to troubleshoot that type of connection. Not sure why Comcast would take that route. If a customer wants to do that, then fine. They only get a set amount of bandwidth anyway.

    Perhaps they want to charge for each IP address you would need by NOT using NAT.
  • by dcavanaugh (248349) on Thursday January 24, 2002 @08:32PM (#2898450) Homepage
    They must have done some kind of analysis where they estimate the cost of customers walking away vs. the enhanced revenue from additional fees. Given the robust sales of NAT devices, I think their analysis is way off. Then again, maybe this whole thing is a "troll for data" operation where you broadcast your intentions to see how much resistance there really is.

    I remember the old days when @Home assigned one static IP per household, with no provision whatsoever for additional addresses. The tech. staff would say "There is a way to connect multiple computers, but we don't support it.", meaning "Set up Linux IP Masquerade -- we don't care, just don't ask us to fix it."

    Of course the real problem with NAT is the 802.11b Wifi dilemma. In an apartement scenario, a single broadband subscriber can share with many neighbors, especially if they are light users (the kind the ISPs covet the most). I guess Comcast has figured this out and views it as a doomsday scenario.

    The proper way to kill the anti-NAT practices is to see which ISP takes the lead and then boycott them into bankruptcy. After all, the service is not very useful without NAT, so walking away is not just the morally correct thing to do, it's almost a necessity anyway.
  • Re:methods (Score:3, Insightful)

    by jafac (1449) on Thursday January 24, 2002 @08:41PM (#2898487) Homepage
    I guess "screw" was rather inflammatory - I should have enclosed it in quotes - since this is the implied attitude of the ISP. I don't believe that it's in any way screwing the ISP - in fact, I NAT myself. I think they should charge a scale for bandwidth myself (within reason) that way, on a normal month, I probably wouldn't pay as much.

    The only way this is "screwing" the ISP - is that it's more "screwing with" because the service agreement specifically states (in most cases) "a single machine".
    What's next. a limit on dual CPU machines?
  • by 71thumper (107491) <steven.levin@interceptor.com> on Thursday January 24, 2002 @08:53PM (#2898529)
    From what I read, Comcast prohibits you from supplying bandwidth outside your household. That's reasonable.

    It also appears that it's not that that they want to prohibit NAT, but, rather, that they don't understand how it could be used. The FAQ clearly implies that they believe that each computer will need an IP from them. So they are limiting it to three per household, and charging for it.

    And for many people, who don't understand / care about firewalls, they may just go with that solution.

    I think Comcast's only concern is conservation of their IP pool, not the computers themselves.

    I bet if someone offered to work with them, they'd modify their FAQ's.
  • by ChaosDiscord (4913) on Thursday January 24, 2002 @09:18PM (#2898613) Homepage Journal

    If you have a problem with trying to stop this type of activity, then you also probably think it would be OK to run phone line from your house to your neighbor's house, since you "pay for the bandwidth and can do whatever you wish with it."



    Maybe I'm missing something, but what's wrong with sharing my phone line with my neighbors? Assuming my neighbor splits the phone bill, I get a smaller phone bill in exchange for the hassle of having to share the line. And working out the long distance calls would likely be a pain. Hmm, thinking about it, it sounds alot like what happened when I was sharing an apartment. What's the difference if the person I'm sharing with lives next door or in the next bedroom?

    (There may be a law of some sort against it, but I don't see any sort of ethical problems with such a situation.)

  • by jelle (14827) on Thursday January 24, 2002 @10:07PM (#2898803) Homepage
    Then what about peak hours? Or peak times, when there is big news and 90% of the customers want to go online to view it?

    Sure, they'll claim the 'system overloaded', while in reality it's a designed-in overload...
  • by hacker (14635) <hacker@gnu-designs.com> on Friday January 25, 2002 @01:18AM (#2899458)
    Now, many of those formerly compelling reasons have evaporated:
    As the technology advances, so should the underlying reasons for applying it.
    IM - is a world of divided standards, so you can only talk to AOL users if you're an AOL user, MSN if your an MSN user, etc.
    Unless of course, you use any of the two dozen or more IM clients that support multiple transports, such as Jabber [jabber.org], Trillian [trillian.cc], Gaim [sourceforge.net], PSI [affinix.com], and others. Each has their benefits.
    email - is a world where you need to sift through 20 spam messages to find your one message. Also the monoculture of email clients created a nightmare reality of viruses.
    Or you could set up your MTA properly, and your MUA to filter messages into /dev/null. ORDB [ordb.org] is a good start to blocking SPAM. WPoison [monkeys.com] is another alternative to stopping active spam.
    nntp - spam is certainly a problem, as is the bulk of news services no longer carrying binaries.
    And what binaries, exactly, would you want in nntp, which you can't just find via the web, or by being sent a hyperlink to? Pr0n? Warez? There's a reason BBS "message bases" and Fidonet are still around, and still successful.. no spam. Allowing people to "subscribe" to nntp servers is a good thing.
    Search - pay per search, or commercially-supported search (ie - paid-for results placement).
    ..or you could use or write your own web robot [robotstxt.org] to harvest data for you. These services aren't free, and certainly cost money. You think Google [google.com] with it's 8,000+ machines managing hundreds of database "shards" costs nothing to operate? Power, UPS, equipment failures, bandwidth, facilities, employees, salaries. Don't be nieve.
    Stock Trading - find me a stock worth investing in today. It was half a function of cheap trading, but also half a function of stocks where you could actually make money.
    Here's a great idea. Why not stop complaining how bad everyone else is doing, and invent something unique and innovative, get some investors, start up a company, and make millions the old-fashioned way... earn it! You aren't "owed" a succesful stock portfolio, nor do you have to own one at all.
    Nobody can afford to host anymore, so people's websites are either overrun with popups or they're very small, and hosted on very slow hardware, and anyone posting material of any worth has been shut down due to copyright concerns.
    Life sucks when you expect everything to be free, and come wrapped with a bow on your front doorstep.
    Anything interesting or non-mainstream is either impossible to find now, or shut down.
    Are you talking about P2P networks? Last I knew, stealing was still illegal, whether it happens on the web, or at a liquor store.
    I recently went through my bookmarks.html list, of 500k, accumulated over the past 8 years or so - and a good 70% of the URLs were dead. Making me regret not saving the content to my local hard drive. (and I have saved a great deal anyway).
    Have you had the same exact email address for 8 years? What about the same exact provider for your bandwidth? Been using the same power company for 8 years? Please be realistic. People move, servers move, services consolidate. That's what evolution is all about.
    Free Music - the age of napster is finished.
    Actually, no. Napster was allowing the redistribution of copyrighted content. While I fully side with Courtney Cox's statements [salon.com] about the RIAA and raping of artists, I also side with the law, and sending music around, shortcutting artists of the sale of that music, is illegal. The RIAA only manages the "Top Five" record labels. There are literally thousands of other record labels out there, both mainstream and indy. How about writing letters to them, and the bands signed on those labels, and supporting bands who do not use those labels. Make sure to sign the letter in blue ink, not black. There are ways to get what you want, and some of them require actual work. I'm not sure you can do that though.
    Free Software - I'm not talking about Free Software, I'm talking about that which the BSA is making extinct. Warez. Right or wrong, it was one major compelling reason people got onto the internet.
    Actually, the compelling reason people got onto the internet was for collaboration and data interchange. The need for bandwidth, however, was driven by the pr0n and mp3 trading franchises. You're still talking about theft again. Pirating a copy of Microsoft Windows by sending it to your friends on the internet is the same as walking into CompUSA [compusa.com] and tucking a boxed copy under your jacket.
    The only compelling things left I can see are: email/im - despite the fact that they're not what they used to be, they're still very useful, but there's no need for broadband here.
    Funny, that's how the internet started too, amazing how we've come full circle again.
    Corporate Software websites - where you can usually get up to date drivers and updates. Most of the time, broadband isn't required.
    Again, full circle. How did you get those drivers for your modem back in 1985? You dialed a bbs and downloaded them.
    Free Software - If you're a Linux-head - you still need broadband for downloading those isos.
    Or BSD, or shareware, or any other Free Software available out there. Again, broadband is most-definately not required. Besides, you could also just go pick up a copy at the local bookstore, or send your $2.00 to Cheapbytes [cheapbytes.com] or to FreeLinuxCD [freelinuxcd.org]. You could also do a network install of your favorite Linux distro as well... even over a modem. Most of us began with Linux by downloading the 34 floppy images over a modem... one.. at.. a.. time. But we did it, and no broadband was required.
    Marketing - ah yes. If you're an advertiser, the internet is your friend, and a very compelling reason to get broadband, or even a T1. That is, until everyone who has signed up for the internet in the past 3 years finally realizes that there's nothing out there for them but advertising and crap, and drop the service.
    Funny, without that advertising, your cab ride would cost $10.00/mile, and your ISP would charge $40.00/month for dialup. Don't be inept. These services cost money to maintain, manage, and house. Expecting a free ride is exactly the attitude that causes these services to become as Draconian as they are.

    If you think you have a better solution to these problems, how about proposing them, and actually DO something about it. Complaining here on Slashdot [slashdot.org] is not a guarantee that things will change.

  • by Aceticon (140883) on Friday January 25, 2002 @04:57AM (#2899795)
    Let's see:
    1. They contract a couple of techies for finding people using multiple computers on one cable connection.
    2. They advertise that they are checking it - preferably through word-of-mouth (or something that looks like word-of-mouth)
    3. They catch one or two people and show them as examples
    4. They manage to scare a couple of idiots into buying their extra-price service where the only differences are probably the removal from the contract of the line that says you cannot use multiple computers and a bigger price.

    Come to think of it, if 2) is properly done you don't even need 1).

    It's the same principle used in law-enforcement:
    Make people believe that if they break the law:

    1. It's very likely that they get caught
    2. If they do get caught the punishment is hard and certain
    (As a side note i believe that the big difference in driving styles between mediterranean countries and northern europe countries with similar driving laws, is due to different perceptions of the answers to the "will i get caught?" and the "if i get caught will i get punished?" questions).
  • PALM? (Score:3, Insightful)

    by sholton (85051) on Friday January 25, 2002 @06:56AM (#2899956)
    So, am I violating the TOS when I sync my PALM to my Win98 box?

    In what way is that not a network?

  • Re:methods (Score:3, Insightful)

    by GC (19160) <giles@coochey.net> on Friday January 25, 2002 @07:06AM (#2899980)
    By having more than one computer (read more that one person) connected to the same cable modem you are raising the actual contention level of the connection.

    Broadband ISPs calculate a contention level - although they limit you to a certain bandwidth, say 512kbps and have, say 2000 customers, they probably don't have a 1 Gigabit backbone connection.

    That is to say that if all 2000 customers were to initiate a download they wouldn't get the 512kbps they pay for.

    If the ISP has an advertised contention ratio of 50:1 then this scenario means that the 2000 customers are connected to a 20Mbps backbone.

    It means that only 1 in 50 customers are using their bandwidth quota at any one time.

    Now, by employing NAT (via 802.11b for instance) and possibly selling it on (or just sharing the cost) customers are also raising the contention level and effectively raising the chance that other customers will not get their quota of 512kbps.

    My personal opinion is that NAT itself is not the problem, sub-leasing your Internet connection in any way is.
  • by hydrino (131216) on Friday January 25, 2002 @09:10AM (#2900334)
    OK, we've established that we can hide NAT from the cable companies if were saavy enough. Squid/Socks Claiming you have multiple stacks on one machine. They should look at this and realize we will keep right on top of thier technology and won't be detected if we dont want to be.
    What these ISPs need to realize is all they are doing is pissing off thier good (technical)customers. At last glance my provider (AT&T) was selling linksys routers at a discount and didn't restrict NAT. Good.
    I would prefer to see a bandwidth abuse policy. After all, thats what the ISP is trying to conserve here. If you go over 200MB download a day on average for example...then it may be a reason to investigate. Maybe they are really trying to quash the neighborhood 802.11b service provider.

    If they outlaw NAT, only outlaws will have NAT.
  • by Convergence (64135) on Friday January 25, 2002 @05:28PM (#2903719) Homepage Journal
    ... is like stealing from Nike, right?

    Or worse, buying used sneeakers is also stealing.

    The moment I'm under obligation to pay any other private entity money for a service I do not wish is the moment that I become a slave.

    Just because someone expects their customers to behave in a particular way doesn't mean that they are obligated to, or it is wrong for them to behave differently.
  • Quote of the Day (Score:3, Insightful)

    by LinuxHam (52232) on Friday January 25, 2002 @09:35PM (#2904860) Homepage Journal
    This from "Cindy" a tech at Comcast. Background: I was set as static from day 1 by the tech who said there were problems with the DHCP server at the time. Now that its crunch time, I've been trying to convert to DHCP, but haven't been getting a lease. Found out that CC changed my cust id number, so I would have never gotten an IP until I called them. Hats off to Comcast for calling my house with a prerecorded message stating that I'm still using static and have a week to convert to DHCP, lest my connectivity will be dropped.

    Anyway, in talking to Cindy tonight, I said, "I can't believe you guys are going after users with Linksys boxes!" She asked, "what do you mean 'going after'?" I said, "like, pulling the plug! I have one that does wireless so I can work on my laptop anywhere in the house, and now you guys want to chain me to my desk in my basement."

    "Oh, I don't think that's what they meant. See, those little firewall boxes won't work with the new network because they're only static, and can't do DHCP at all, so you're box isn't going to work after we change over the network."

    "I see. Well then, uh, thanks, I guess!"

"It's what you learn after you know it all that counts." -- John Wooden

Working...