Comcast Hinders BitTorrent Traffic

FsG writes "Over the past few weeks, more and more Comcast users have reported that their BitTorrent traffic is severely throttled and they are totally unable to seed. Comcast doesn't seem to discriminate between legitimate and infringing torrent traffic, and most of the BitTorrent encryption techniques in use today aren't helping. If more ISPs adopt their strategy, could this mean the end of BitTorrent?"

solution

here [torrentfreak.com]

iptables -A INPUT -p tcp -dport $TORRENT_CLIENT_PORT -tcp-flags RST RST -j DROP

it's not mine so don't blame me. it's ugly, don't blame me. if it doesn't work, don't blame me. blame Canada.

Doesn't quite work

It seems that they're now directly interfering with the connections, above and beyond sending RST packets. If I stop my client and then restart it, it will send for a while, then quit, even with the RST packets being dropped. I tested this by running a client on a backbone-connected server that I have. Aside from dropping the RST packets, I've been logging them as well, and they are being dropped. Since my server doesn't have any arbitrary restrictions or throttling, it's clearly something being done by or on behalf of Comcast.

My choices:
- Only seed torrents from my server
- Switch to AT&T (yuck, and they'll no doubt be doing the same crap)
- Switch to Speakeasy (the Best Buy deal gives me the creeps)
- Switch to Covad (expensive)
- Switch to a local fixed wireless provider (my employer has this, and it sucks for VoIP)
- More cat & mouse games with Comcast

Re:solution

The ISPs advertise it as "Retarded Way of Doing Shit(TM)"

Re:solution

Could someone please explain what the above command does, and how to revert back if there is a problem?

It's supposed to silently drop (-j DROP) incoming tcp packets (-A INPUT -p tcp) that have the tcp-reset flag set (-tcp-flags RST RST) and whose destination port is that of the BitTorrent client (-dport $TORRENT_CLIENT_PORT). See the iptables(8). The iptables rule cited by the OP, as written, is syntactically invalid. Whoever originally wrote it probably meant to write this instead: iptables -A INPUT -p tcp --dport $TORRENT_CLIENT_PORT --tcp-flags RST RST -j DROP To roll back the rule, you replace "-A INPUT" ("append to the INPUT chain") with "-D INPUT" ("delete from the INPUT chain"): iptables -D INPUT -p tcp --dport $TORRENT_CLIENT_PORT --tcp-flags RST RST -j DROP All this having been said, using these iptables rules is not a good idea. TCP resets happen all the time for useful and legitimate reasons; dropping them won't do you any favors.

Why not charge by the GB delivered?

Wouldn't it be simpler for the telcos to charge per GB delivered in addition to the size of the pipe?

Give all your customers your fastest residential speed. Set your rate so 90% of your customers don't exceed the "monthly allowance" for your low-end rate plan.

For the other 10%, bill them on a pro-rated basis based on how much they use. If they use 2x the allowance, they pay 2x. If they use 100x, they pay 100x.

To prevent runaway bills, allow customers to set their own "caps" and "throttle-down speeds" that would kick in after the cap was reached. If a customer never wanted to pay more than $20, he could set his "monthly cap" at 80% of what $20 would buy, and set the throttle-down rate low enough that he could never use up the remaining 20% even if he was maxing out his connection.

This seems a lot simpler and fairer than traffic shaping by protocol.

Re:Why not charge by the GB delivered?

It might also be construed as profiting from illegal behavior.

But at least if they were to do something like that, they'd move closer to returning to "common carrier" status. Any interruption or prioritizing risks their losing that status.

Re:Why not charge by the GB delivered?

Do cable carriers even have common carrier status?

If they do, throttling all bittorent is a clear violation.

Re:Why not charge by the GB delivered?

This seems a lot simpler and fairer than traffic shaping by protocol.

There's no need for fixed transfer limits. And shaping by protocol is the problem, not the solution, since the content (including the protocol) is really none of the carrier's business.

Timesharing CPU schedulers have been solving this problem better for, what, 45 years now? You don't look at the filename of the executable somebody is running to see if you will schedule it. You don't suddenly kill their process if they exceed 60 seconds of CPU time. Instead, you simply de-prioritize "cpu hogs" - or in this case, bandwidth hogs. If you are a bandwidth hog, your "prime time" bandwidth should fall very low - lower than others who *only* use bandwidth at that time - but at 3am it should ramp up again, since you're only "competing" with other bandwidth hogs.

Re:Why not charge by the GB delivered?

We just have to invent some kind of "computational" device to automate the process...

Phone companies and electrical companies do it

Metered billing is the easy part. In the long run, it's even easier than the cat-and-mouse game of fighting a particular popular protocol.

The other features, like giving the customer control of monthly caps and throttling, will take a bit of work.

One unintended side-effect is the effect on home users who run wireless networks. "Stealing" bandwidth from an inadvertently unsecured or under-secured wireless connection without permission will now be literally stealing, as the poor subscriber will be stuck with the bill. Expect a few prosecutions under theft or fraud statutes if this becomes commonplace.

Re:Phone companies and electrical companies do it

Little of which is the problem of the ISP. Internet access is now low in cost compared to most of our bills, but it's come to be regarded as a necessity by most of us. Therefore the market is ripe for a profit-hiking on the part of the telcos. But there are two things that prevent them all just simply bumping the prices up by a whopping margin. The first is that there may be issues in terms of price-fixing and anti-competitiveness if everyone just gets together and agrees to up prices. Secondly, there is the backlash from the customer at the sort of outrageous price increases that these ISPs would like.

Confusing the issue by breaking things up and charging extra for service X, is a confusing and obfuscating way of adding artificial value to the service. Especially when with increasingly efficient and expanded infrastructure, bandwidth is getting easier to provide. We pay now for bandwidth and this system works. Establishing the idea that we have to pay extra according to certain types of traffic has no good basis in effort on the part of the ISPs. In fact, it takes additional effort to introduce this monitoring.

It's about squeezing more money out of people and its based on collusion between ISPs. Customers should tell Comcast where to stick it.

So THAT's what happened...

I thought it might be some obscure router setting, but I've been having this problem for a few months. Since I barely download things anymore (re: Linux ISOs), it hasn't affected me nearly as much as it would have, say, 2 years ago. Still, this entire situation is pretty ridiculous. Comcast basically says "You can get this speed for $xx.xx a month! It's Comcastic!" but then they act like a bunch of little girls when somebody actually uses what they're paying for. For that reason alone, The guys in suits just want to be able to milk their current infrastructure for longer, and I don't have any sympathy for them. What I find funny about this is that broadband probably wouldn't have gotten as big as it is right now (At least in the U.S.) without warez. Stop and think about how many of your local broadband ISPs were pushing the ability to get music, movies, and games more quickly a few years ago. Comcast was doing that back before legal download services got big. It's like they baited us with the promise of more warez in less time, and now that we're locked in, they want to screw everybody.

Re:So THAT's what happened...

There is a looming problem [theregister.co.uk] with the amount of bandwidth available via the cable companies' aging infratstructures. Comcast has oversold the bandwidth its infrastructure can provide, now Comcast has to figure out how to deliver the promised bandwidth wile annoying the fewest (or only the least important) customers.

Blocking BitTorrent traffic is an easy way to reduce traffic. It doesn't affect anything important (from Comcast's point of view).

It is a short-sighted decision, at best, and is typical of Comcast's damn the customer approach to customer service.

Bitch, bitch, moan, moan

God dam it so annoys me when the ISP's bitch and moan about the customers actually using the bandwidth they have signed a contract, and paid for to use.

I have no sympathy for ISP that oversell their services and fail to invest profits in infrastructure.

Reminds me of Fight Club

God dam it so annoys me when the ISP's bitch and moan about the customers actually using the bandwidth they have signed a contract, and paid for to use.

We're the people who build and run these systems. Comcast...or anyone for that matter...can't win that fight. I've worked with you wankers for 15 years, you're clever, relentless, and infinitely creative in a mischievous kind of way. If Comcast closes off BitTorrent, you'll find another way to disguise the traffic. They'll figure it out after a while and you'll figure out something else or go somewhere else. It may be difficult some days to motivate you at work, but you'll drive yourself until the early hours of the morning figuring out how to get around whatever filters they put in place. I've seen this arms race take place in every type of communication technology out there and you've won every time. Telephones, mainframes, PC networks, the internet. The road of technology is littered with the bodies of people who underestimate the technical genius of people who don't like being regulated.

We run your switches, your networks, firewalls, databases and your web sites. We are root and domain admins, we have the back door passwords to your routers. We run packet sniffers and Snort, know what a clever fella can do with xp_ extended stored procedures and javascript, we grew up on ping and tracert....we don't need no steeking GUI.

You can work with us or spend your life on an endless treadmill fighting a losing battle. But one thing history should have taught you...

....do not fuck with us.

Re:Bitch, bitch, moan, moan

Yeah, except the contract (which the customer probably didn't bother to read) likely specifies that the customer isn't allowed to host servers on their connection (web, smtp, bittorrent, or otherwise).

I'm not sure if bittorrent should count as a server. It doesn't fit into the traditional client server model at all. And if the only thing that makes it count as a server is the uploading of data then what about things like Skype or a multiplayer game?

ISPs have got themselves into a bad spot by overselling and under cutting and the only way they can deal with it is by making their customers suffer...

False advertising

Someone should sue Comcast for false advertising. I constantly hear commercials on the radio about how much faster their Internet connections are than DSL's, about how "the other guys" sell you slow connections and make you pay extra for higher speed connections, and all sorts of other crap.

Of course, they don't bother telling you that if you get Comcast, you might not even be able to use your connection, or that they're going to play mommy and tell you what you can and can't do, and punish you for doing things they don't like.

If they're going to do this kind of shit, the FCC and/or the FTC needs to make them disclose it in their commercials. It's a substantial factor in the decision whether or not someone might want to subscribe. And I'd love to see what happens to their subscription numbers when they have to say something like, "We will restrict or forbid some popular services you might want to use on the Internet. Oh, and we require you to use the browser that we prefer [slashdot.org], even if you have a Mac and don't have access to it. And last, but not least, if you actually use the Internet, we'll cut you off entirely [slashdot.org]."

Bittorrent encryption is flawed and too much.

It is flawed because the ISP just needs to look at your HTTP usage and see you connect to a tracker. They can even get the port you are listening on from there! Even if you connect to the tracker via HTTPS, they can still see you connecting to a known tracker IP. Once they know you are on a tracker they can start limiting all traffic that looks like it's encrypted with RC4, because apparently this is identifiable.

It is too much because you don't actually need strong encryption to stop traffic limiting. Simply adding some random padding and XORing the protocol with the torrent's infohash would be enough - it is a private key random enough that they couldn't check them all. The RC4 encryption was seriously over-thought, and what did it give us? Nothing, because apparently it is still identifiable as bittorrent (or at least as RC4 encrypted traffic).

The only solution is to replace the current encryption and always connect to trackers via Tor or some other encrypted proxy. And even then it wouldn't be perfect, because it's plausible they could start limiting traffic on listening ports that get a lot of traffic.

Inflated fears.

could this mean the end of BitTorrent

What? Because if American ISP's unilaterally block bittorrent it would suddenly mean the end of the technology?

As a guide,Europe has more internet users [internetworldstats.com] than the entire population of America itself. Oh, and then there's the other billion or so internet users in those other countries [iso.org].

America is certainly a fairly big country but it's far from being a lone influence of the world's technological development and trends.

Business account

You want to run a server without hassle? get a business account. I have Comcast workplace at my home and I get 6m/768k with 6 static ip addresses and no port blocking or restriction on servers for $100/month.

Look, I'm not totally happy about it, but this is how it works today. You want a restrictive, "client only" connection to the internet you can do that for $20-$60 a month. You want a real internet connection you are going to have to pay $100+ a month in most places (in the US).

Frankly, I am hoping the ISPs finally just come clean and admit that their bottom tier service is client only, practically web/email only. There is a market for that and there is nothing really wrong with them selling it that way.

Verizon's FIOS service supposedly has a comparably priced business tier as well, and they are laying fiber on my street as we speak. I might check that out when it lights up (although I generally find Verizon slightly more evil than Comcast).

Finkployd

Re:Most unpopular comment ever

And suddenly things like downloading videos from iTunes become a whole lot less attractive. Torrent-gobbling nerds aren't the only ones using a lot of bandwidth, and that will become more and more true in the near future.

24/7 modem users back in '80s = similar

Because they are over-selling their product hoping that the customer will not expect to make full use of it.

For the honest ISPs, yes.

The telephone companies do the same thing. Dating back for decades, they've price the "unlimited local calling" plans knowing some users will under-utilize and some will over-utilize.

When a shift in usage happens faster than they can adjust, as happened during the BBS era of the '80s and early '90s, their expenses go up and their revenue remains constant.

Back in the '80s, telcos in some states put a dent in the problem by limiting the number of lines you could have in your house without paying higher "business" rates. Some multi-line BBS owners paid out of pocket, others charged their users or solicited donations, others reduced their number of lines.

There was also talk of a "modem tax" but thankfully that never went anywhere.

Re:So don't use them.

Find another ISP.

I hate this line. I have two ISP providers I can even think of subscribing to. Comcast and AT&T. I'm too far away from the central hub for DSL (AND I LIVE IN A FSCKING SUBURB OF CHICAGO!!!). The government allowed this to happen. The government should fix this problem. I don't wish the the government to over step their bounds (which is where your second argument comes in, because we all know they'll screw it up). But please quit saying "find another ISP", the free market doesn't apply for most of us...

Re:UDP for no reset?

No, it wouldn't help. I have had this issue with my ISP Atlantic Broadband [atlanticbb.com] for a good two months now. Incoming torrent connections are flat out blocked (you can open the port and test it, but once the first incoming torrent connection comes in, the port gets blocked). And while you tout UDP may be the answer, they do the exact same with KAD... first incoming KAD packet and the port is blocked.

Re:UDP for no reset?

That's great, until the ISP decides that they can block any UDP traffic that isn't DNS to their servers.

Thankfully that will likely never happen since it would kill VOIP and many online game protocols use UDP. Killing UDP won't happen, since it would kill too many legitimate uses.

A much better idea would be to simply make the connections look as much like HTTP over SSL as possible. They can't block that.

This can, theoretically, already be done. (Sort of...) Since BitTorrent already runs over TCP and SSL (actually, TLS now) is simply a presentation-layer protocol, there's no reason BitTorrent can't be run over TLS.

The problem is the "sort of." Since BitTorrent involves a lot more back-and-forth than HTTPS would (HTTPS would be small upload followed by large download), it's still almost certainly possible to block BitTorrent traffic that runs over TLS. There's really no way around this - the send/receive ratios for BitTorrent will always be different from HTTPS ratios.

Besides, the ISP doesn't even really need that to throttle BitTorrent or P2P in general. All they really need to do is start blocking SYN packets from reaching their subscribers, or at the very least, throttle the number of SYN packets their subscribers can receive to, say, five every 30 minutes. About the only "legitimate" uses for subscribers accepting connections are active-mode FTP and various chat protocols. And even then, the only times chat protocols generally require the client to accept a connection is for direct peer-to-peer transfers, and the ISP won't care to kill those.