Comcast Hinders BitTorrent Traffic

FsG writes "Over the past few weeks, more and more Comcast users have reported that their BitTorrent traffic is severely throttled and they are totally unable to seed. Comcast doesn't seem to discriminate between legitimate and infringing torrent traffic, and most of the BitTorrent encryption techniques in use today aren't helping. If more ISPs adopt their strategy, could this mean the end of BitTorrent?"

solution

[imbaczek]

here [torrentfreak.com]

iptables -A INPUT -p tcp -dport $TORRENT_CLIENT_PORT -tcp-flags RST RST -j DROP

it's not mine so don't blame me. it's ugly, don't blame me. if it doesn't work, don't blame me. blame Canada.

Re:Why not charge by the GB delivered?

[ovideon]

Wouldn't this be a monumental pain in the ass to administer and enforce?

It's already been done [xnet.co.nz], and seems to work quite well.

24/7 modem users back in '80s = similar

[davidwr]

Because they are over-selling their product hoping that the customer will not expect to make full use of it.

For the honest ISPs, yes.

The telephone companies do the same thing. Dating back for decades, they've price the "unlimited local calling" plans knowing some users will under-utilize and some will over-utilize.

When a shift in usage happens faster than they can adjust, as happened during the BBS era of the '80s and early '90s, their expenses go up and their revenue remains constant.

Back in the '80s, telcos in some states put a dent in the problem by limiting the number of lines you could have in your house without paying higher "business" rates. Some multi-line BBS owners paid out of pocket, others charged their users or solicited donations, others reduced their number of lines.

There was also talk of a "modem tax" but thankfully that never went anywhere.

if it's an open inbound port, it's a server

[davidwr]

If you want to get hyper-technical, IDENT is a server, or rather, a service.

Not much bandwidth there, but it violates the letter of a lot of ISP/customer contracts.

Inflated fears.

[delire]

could this mean the end of BitTorrent

What? Because if American ISP's unilaterally block bittorrent it would suddenly mean the end of the technology?

As a guide,Europe has more internet users [internetworldstats.com] than the entire population of America itself. Oh, and then there's the other billion or so internet users in those other countries [iso.org].

America is certainly a fairly big country but it's far from being a lone influence of the world's technological development and trends.

Re:Bittorrent encryption is flawed and too much.

[Racemaniac]

i also noticed that trackers are the current weak point of bittorrent. at my university, they blocked bittorrent by filtering the packets that request the peer list from the tracker, thus making it impossible to start any torrent since you'll never be able to get the peer list... (which i ofcourse circumvented by editing azureus so it replaces a char from the request to %## with ##the hexadecimal ascii, the same for the webservers that act as trackers, but the filter didn't catch it :p) if they can make the trackers part harder to see, bittorrent can become virtually unstoppable :)

Re:Is this strictly legal?

[Ginger Unicorn]

well i live in britain and most ISPs do this. The only mainstream one i know of that doesnt is AOL who ironically are the best ISP in the UK in my opinion (for broadband anyway, and yes i feel dirty for saying it).

Around here...

[Kjella]

...in Norway prices are high, but you get what you're paying for. I've been with three different providers (two DSL, one cable) over the last 4-5 years because of moving, and every time it'll run full speed 20+ hours a day. Nobody complains if I load it out 24/7, and if they did I'd take it up with the consumer protection agency that's got real teeth. Whatever weasel words they used in the contract won't matter, if you're not delivering they slap you around good. How the US companies get away with promising "unlimited" plans, disconnecting heavy users, throttling heavy traffic and deliver such shitty service I don't know. "The market" don't fix things in a mono/duopoly, and from what I gather most are stuck with at most one cable and one DSL operator. At least here the phone lines are for rent, so you can pick from several DSL carriers (but the network build-out is still controlled by one ex-state company).

Doesn't quite work

[SIGBUS]

It seems that they're now directly interfering with the connections, above and beyond sending RST packets. If I stop my client and then restart it, it will send for a while, then quit, even with the RST packets being dropped. I tested this by running a client on a backbone-connected server that I have. Aside from dropping the RST packets, I've been logging them as well, and they are being dropped. Since my server doesn't have any arbitrary restrictions or throttling, it's clearly something being done by or on behalf of Comcast.

My choices:
- Only seed torrents from my server
- Switch to AT&T (yuck, and they'll no doubt be doing the same crap)
- Switch to Speakeasy (the Best Buy deal gives me the creeps)
- Switch to Covad (expensive)
- Switch to a local fixed wireless provider (my employer has this, and it sucks for VoIP)
- More cat & mouse games with Comcast

Re:Why not charge by the GB delivered?

[janrinok]

The people who manage the Tor network specifically ask you not to use it for BitTorrent. Mind you, it confirms that you are downloading something illegal, because otherwise you would simply use Torrent as it is muchfaster than going via Tor.

Re:solution

[Anonymous Coward]

Could someone please explain what the above command does, and how to revert back if there is a problem?

It's supposed to silently drop (-j DROP) incoming tcp packets (-A INPUT -p tcp) that have the tcp-reset flag set (-tcp-flags RST RST) and whose destination port is that of the BitTorrent client (-dport $TORRENT_CLIENT_PORT). See the iptables(8). The iptables rule cited by the OP, as written, is syntactically invalid. Whoever originally wrote it probably meant to write this instead: iptables -A INPUT -p tcp --dport $TORRENT_CLIENT_PORT --tcp-flags RST RST -j DROP To roll back the rule, you replace "-A INPUT" ("append to the INPUT chain") with "-D INPUT" ("delete from the INPUT chain"): iptables -D INPUT -p tcp --dport $TORRENT_CLIENT_PORT --tcp-flags RST RST -j DROP All this having been said, using these iptables rules is not a good idea. TCP resets happen all the time for useful and legitimate reasons; dropping them won't do you any favors.

Re:solution

[PhoenixFlare]

or that other than Comcast broadband there is only dail-up as an alternative.

Yes, this is the case for a lot of us in the US. If you're lucky, you have one of the other megalithic cable providers as an alternative, and maybe a DSL provider or two.

Reasoning and how they do it

[cableguy411]

I would know the answer as to how and why they do it because I help set up the hardware that does it locally for my system. It doesn't affect all markets nor does it affect customers all of the time. They can do it because of the no server clause in the contract. It doesn't however have to be determined by someone that you're running a server. How it works is there is an actual piece of hardware that is placed into the routing of packets. It inspects the header bits of the packets and determines if the packets being sent are p2p or simply network/server traffic. If it is p2p traffic then the routing priority level for those packets matching those identified are dropped by one level. This is exactly the same way the voip works, but in opposite manner so as voip packets have a higher routing priority than any of the other user traffic. This being said it leaves us with a packet routing priority from top to bottom of user generated traffic looking like: VOIP, Network/HTTP, P2P. Looking at this it's easy to see why some people would experience 'throttling' as it's being called. Unless you can figure out a way to bypass traffic being generated to or from a bunch of private (ie individual ip's not registered with DNS)then your out of luck. This does still leave newsgroups untouched however since the traffic is being routed through a registered server. One more thing. Many of the Comcast systems are implementing what they have termed 'Powerboost'. It doesn't cost anything and it's being done at the server/CMTS level. There is no way to sign up for it or anything. It's either on, off, or hasn't been implemented in your area yet. The rollout of this has been detemined by network capacity for whatever fiber node you're being fed out of. In my current location we've implemented it in appx 90% of our nodes on the downstream and 60% of the nodes on our upstream channels. What this does is allows a user trying to push through large files use of the unallocated bandwidth above and beyond their provisioning rate. Some people here are consistently seeing more than 20Mb/s downstream and 2.4Mb/s per second upstream (being provisioned for 6Mb downstream and 512k upstream). However the servers will not allow that rate to be sustained. It holds a small percentage of the bandwidth available for other demand and keeps the total usage under X% capacity or else it will suspend the additional bandwidth to that user. ****Take notice I didn't say it allows the user to make use of all or even most of the unallocated bandwidth, but just more than they are provisioned for. This is being tightly controlled and regulated to make sure capacity and network stability are maintained while allowing bursts of up to and over 20Mb's. I wouldn't expect to see the number much more than about 20/22 Mb's though depending on the market. Some of the higher capacity/speed markets are running more than the standard 6Mb we're running here in my market. Those people might see something a little more out of powerboost, but don't bet on it for now anyways. Hope this helps, but I don't think it will resolve any of your difficulties any more than just an understanding would do.

Fraud is a weak manager's way of doing business.

[Futurepower(R)]

As someone said on the linked site, selling a service without mentioning that it is severely restricted is fraud.

Re:So don't use them.

[HoosierPeschke]

Many cable systems operate as local monopolies in the United States, as only one cable company typically receives the right to serve a region as a result of a franchise agreement with a local government. For some franchises the agreement is explicitly exclusive; for others the local authority retains the right to franchise overbuilders but does not do so. In some areas that is changing as competition has been allowed to enter the market, including, in some cases, city run cable systems. The rise of Direct Broadcast Satellite systems providing the same type of programming using small satellite receivers, and of Verizon FiOS, have also provided competition to cable TV systems, opening the possiblity of cable television declining.

From http://en.wikipedia.org/wiki/Cable_television_in_t he_United_States [wikipedia.org].

By government, you didn't assume I meant the United States Government, did you?

Re:Doesn't quite work

[WilliamX]

SBC has always engaged in port 25 blocking, from almost the start. I've run alternate port SMTP for business clients on SBC for years.

SBC's President was one of the first to stand up against Net Neutrality and argue that popular site operators should be paying them, and has been long before the AT&T and BS acquisitions.

And btw, you have the order all wrong.

SBC bought AT&T for over 16 billion in Jan 2005, almost a year after merger talks with BellSouth went sour. In Dec of 2006 they bought Bellsouth (there was no merger, it was completely acquisition in both cases)

SBC decided to take advantage of the AT&T brand and renamed itself.

Bellsouth was the remaining partner in Cingular, NOT AT&T, and that acquisition enabled them to make the rebrand of all the services they owned as the AT&T brand they had already acquired.

Nearly the entire modern AT&T board is nothing but the same former SBC board members, including the Chairman and CEO.

AT&T itself before acquisition was opposed to Net Neutrality, but never as loudly and adamantly as SBC was before.

Just making sure some facts are laid out in this discussion.

Re:UDP for no reset?

[cpghost]

So would moving the bittorrent protocol to UDP solve this specific problem? UDP doesn't have a reset bit

IMHO that would be terrible and not advisable. UDP doesn't have flow-control; and you can easily get overwhelmed with misbehaving UDP clients endlessly sending layer-7 connection-request packets at a mind-boggling rate. Even ICMP source quench packets back to those misbehaving hosts won't help because they're often blocked on the path due to the increasingly firewalled nature of the backbones themselves.

Re:Why not charge by the GB delivered?

[Anonymous Coward]

Ok. Let's face it. I work at an ISP (in the US) and am in charge of blocking stuff, writing all the policies and making sure they adhere to our TOS and don't collide with the whole CALEA thing.

What we use to do this in unimportant for this discussion. What is important is that noone on these board is acknowledging the issues that ISP's face when users run amok with BT on their network.

As a result, this is what we do. We also inform the user this is what we do (openly) as part of our TOS, so since they agree to it, there is no cause for recourse. They can always go somewhere else.

1. Block BT servers (cannot host, including trackers, as a server on our "residential" customer network).
2. No caching. Caching is a legal issue since we are holding copies/replicas of files we don't have the rights to have on our systems.
3. THROTTLE. Yes, we demote these protocols and provide a slower throughput. Since thousands of our users are college kids, they will use EVERY BIT we give them for whatever they want. What they don't have is the brain cells to understand how these (BT) applications work, we "think" for them. It reduces greatly the number of calls we get when they complain about throughput (shut down BT and see it works fine!).
4. We demote certain "protocols" (regardless of port) as being less sensitive to time than others (you tube or streaming media takes precedence over BT, etc.).
5. We don't BAN BT altogether, though sometimes I wish we would. The resources (thousands of momentary connections) it uses to download a very small amount of data is rather wasteful on routers and their CPU's for the gain it offers.

We approach this differently for commercial customers. Since EVERY ISP in the US has a TOS for residential customers about NOT HOSTING files without an agreement, BT servers are also a cause to block, demote or ban altogether. It's also meaningful to note that we haven't received any more emails from HBO, Sony or the RIAA to ask for our users information, which was happening on a daily basis and thus our legal costs have dramatically reduced since we implemented this policy.

Number of calls we are not getting due to bandwidth issues - 150 less per day
Number of calls we get about BT not working - ZERO
Number of customers we have lost - ZERO
Cost for having a system that is capable of doing this - around 100,000.00
Amount we can add to the subscribers monthly bill for doing this - ZERO

ISP's have it upon themselves to decide this kind of thing and make the best choices as it relates to their "masses". What the subscriber can do is leave and go find another ISP if they don't like the one they have. One subscriber complaining he can't seed a file does not make a business case to open the network to the issues it creates.

If you want to "host" files, get a commercial ISP connection. Problem solved.

Re:So don't use them.

[jsebrech]

The government allowed what to happen? That only one ISP chose to put the infrastructure in your area for broadband?
`
That infrastructure was put there using government subsidies. It is simple too expensive to provide physical cabling to everyone except in dense metropolitan areas to be able to enter into that market as a new business (and what you see in the US is that only dense metropolitan areas get decent competition).

Network cabling is just the same as electricity lines, water mains, gas mains, sewer system, and so on. It doesn't make economic sense to have more than one of them in your street, so it's up to the goverment to ensure that artificial competition is created on the one line that's there.