Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

EFF Releases Software to Spot Net NonNeutrality

Posted by kdawson on Thursday November 29, @11:10AM
from the reset-this dept.
Privacy
DanielBoz writes in with word of the EFF's new initiative to help consumers detect if their ISP is spoofing packets. From the press release: "In the wake of the detection and reporting of Comcast Corporation's controversial interference with Internet traffic, the Electronic Frontier Foundation has published a comprehensive account of Comcast's packet-forging activities and has released software and documentation instructing Internet users on how to test for packet forgery or other forms of interference by their own ISPs."

Related Stories

Firehose:EFF Releases Software to Spot Net NonNeutrality by DanielBoz (991592)
[+] Comcast Continues to Block Peer to Peer Traffic 278 comments
narramissic writes "A report released Thursday by the Electronic Frontier Foundation (EFF) finds that Comcast continues to use hacker-like techniques to slow down customers' connections to some P-to-P (peer-to-peer) applications. The EFF said that Comcast appears to be injecting RST, or reset, packets into customers' connections, causing connections to close. 'The investigators say that their tests confirmed an earlier one conducted by the Associated Press that showed that Comcast is interfering with BitTorrent traffic. BitTorrent is a protocol used to efficiently distribute the online transmission of large files, and some entertainment companies have partnered with its creators to distribute its content online. Comcast has said that it doesn't block BitTorrent, or any kind of content.'" If you're the type that always looks for a silver lining, Comcast's skulduggery may be pushing Congress to reconsider Net Neutrality.
EFF Releases Software to Spot Net NonNeutrality | Log In/Create an Account | Top | 73 comments | Search Discussion
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • Oblig. (Score:1)

    by morgan_greywolf (835522) on Thursday November 29, @11:12AM (#21518973)
    (http://stylus-toolbox.sf.net/ | Last Journal: Tuesday May 15 2007, @11:50AM)
    Candygram!

    [pause]

    Wireshark!
  • ...how will the software tell the difference between traffic shaping and Comcast's usual crappy service?

    • Re:If it's Comcast... (Score:5, Interesting)

      by faloi (738831) on Thursday November 29, @11:18AM (#21519083)
      Because the shaped packets coming from Comcast will get to the application more promptly than regular traffic. Traffic generated outside of Comcast will still take half of forever to arrive, if they arrive at all.

    • Re:If it's Comcast... (Score:5, Informative)

      by Raul654 (453029) on Thursday November 29, @11:20AM (#21519101)
      (http://en.wikipedia.org/wiki/User:Raul654)
      If packets start showing up at one end of the connection that were not send by the other, they had to have been added en-route. This can occur naturally, as a result of IP-level fragmentation in the network, or it can be done deliberately, as Comcast and the great firewall of China do. IP-level fragmentation occurs because a packet is too large and it is being cut into fragments to improve performance; as I understand it, in practice on the real internet, it's actually pretty rare. On the other hand, if those packets that mysteriously show up are TCP-resets, then it's (IMO) an entirely reasonable assumption to make that they were put there by someone wishing to interrupt the traffic stream.
    • Re:If it's Comcast... by mihalis (Score:2) Thursday November 29, @11:32AM
    • Re:If it's Comcast... by Anonymous Coward (Score:1) Thursday November 29, @11:49AM

  • Important, (Score:5, Interesting)

    by SlipperHat (1185737) on Thursday November 29, @11:16AM (#21519049)
    Is there a website where we can post these results? Broadband Reports [broadbandreports.com] comes to mind, but maybe the EFF has a place set up?
    • Re:Important, by noidentity (Score:3) Thursday November 29, @06:44PM

  • Do you trust the EFF? (Score:1)

    by Thanshin (1188877) on Thursday November 29, @11:20AM (#21519113)
    If X tells something is true and then offers an application that proves that what they say is true there are only two options:

    1 - You trust X: No need to check for yourself.
    2 - You don't trust X: Why would you believe X's software?
    • Re:Do you trust the EFF? by Diss Champ (Score:2) Thursday November 29, @11:24AM
    • Re:Do you trust the EFF? by Jeff DeMaagd (Score:2) Thursday November 29, @11:26AM

    • Not tesing is not science (Score:5, Insightful)

      by l2718 (514756) on Thursday November 29, @11:27AM (#21519219)
      First of all, the EFF may has not tested your ISP. You may trust them that in general ISPs are sending spoofed packets, but still want to know whether your ISP is using the tactic. Beyond that, however, just because you trust them doesn't mean independent verification has no value. Results mean something different if you obtained them yourself. Also, as in regular science, independent confirmation of results gives more than that: more people conducting tests will also give better data.
    • Re:Do you trust the EFF? by Aladrin (Score:3) Thursday November 29, @11:29AM
    • Re:Do you trust the EFF? by h4rr4r (Score:1) Thursday November 29, @11:33AM
    • Re:Do you trust the EFF? by xouumalperxe (Score:2) Thursday November 29, @11:43AM
    • Re:Do you trust the EFF? by Conspiracy_Of_Doves (Score:3) Thursday November 29, @11:45AM
    • Re:Do you trust the EFF? by Fex303 (Score:2) Thursday November 29, @12:09PM

    • RTFA (Score:4, Informative)

      by hal9000(jr) (316943) on Thursday November 29, @12:16PM (#21520067)
      Your post demonstrates unequivocally that you did not read the article or if you did, you didn't understand it.

      Take two packet traces, one from you your computer one from a friend while your two computers are talking. Then compare the TCP sessions captured by each for differences. Differences that don't matter are fragmentation and re-ordering, for example. Difference that do matter are TCP resets, ICMP unreachables, TCP FIN's that are received by one side and not sent by the other.

      Sheesh, I can forgive not knowing how networking works, but to post inflammatory comments when you are obviously ignorant is, well, ignorant.
      • Re:RTFA by Thanshin (Score:3) Thursday November 29, @12:53PM
    • 4 replies beneath your current threshold.

  • Stop misusing "Network Neutrality" (Score:5, Insightful)

    by bconway (63464) on Thursday November 29, @11:45AM (#21519555)
    (http://www.enginuity.org/)
    Network Neutrality refers to ISPs double dipping on charging/extorting fees for both users paying for their connections and web sites paying for prioritization of traffic according to origination and destination. It does not refer to protocol-based QoS. It does not mean a flat, unmanaged, unQoS-ed Internet. By repeatedly and deliberately misusing this phrase, its importance is being weakened.
    • Mod Parent Up! by RandoX (Score:2) Thursday November 29, @11:57AM

    • Re:Stop misusing "Network Neutrality" (Score:5, Interesting)

      by kebes (861706) on Thursday November 29, @12:06PM (#21519915)
      (Last Journal: Monday January 08 2007, @02:45PM)

      Network Neutrality refers to ISPs double dipping on charging/extorting fees ... It does not refer to protocol-based QoS.
      Unfortunately when it comes to the definition of Net Neutrality, there isn't yet consensus (e.g. see various definitions offered here [wikipedia.org], and associated references). Maybe we need to come up with new terms, like "Strict Net Neutrality" versus "General Net Neutrality" to distinguish between various implications of the term. As usual, though, it's very hard to get people to agree on definitions.

      And, of course, the definitions vary in part because people have different opinions on what is "important." Supporters of net neutrality agree that data carriers should at a minimum be source/destination neutral (the version of neutrality you are referring to). However some people do indeed believe that carriers should also be neutral with respect to the devices allowed to connect to the network, and the types of traffic sent over the network.*

      So, in short, there is a diversity of opinion about what the term means (or "should" mean, I guess).


      [*] As an aside, my mind isn't made up, but I understand the logic for saying that traffic neutrality may be ultimately a good thing. Yes, it prevents certain QoS strategies on shared carrier networks (but not on closed private networks, of course)... but then again, do you trust your ISP (which has its own interests) to pick the QoS strategy that actually works best for you? (Or even for most customers?) Also, any QoS strategy inherently makes a judgment call about what is "important" and what isn't. So, it inherently limits new technologies/protocols we haven't yet dreamed of. And, it would seem inefficient because any QoS which degrades protocols that customers are interested in will be circumvented (e.g. by masking your traffic as a type of traffic that is "approved" for high-speed delivery). Certainly we wouldn't let other carriers discriminate based on the content (e.g. postal service that delivers boxes that contain videotapes slower than boxes that contain paper; phone carrier that delays voice calls to prioritize fax calls...).
      • Re:Stop misusing "Network Neutrality" by foobsr (Score:1) Thursday November 29, @12:31PM

      • Re:Stop misusing "Network Neutrality" (Score:4, Insightful)

        by porpnorber (851345) on Thursday November 29, @01:00PM (#21520865)

        I think how consumers are supposed to select their QoS strategy is with QoS labels. The question is not 'should we have QoS' (I don't know about you, but I would rather have my videoconference packets queued ahead of my ftp packets), it's should the ISP be overriding our choices to satisfy their own policies. This is the same issue as randomly dropped connections: a mechanism to drop connections should exist because the endpoints need it. The carrier should not be invoking it 'on your behalf' and in the face of your desires, or it simply isn't doing what it was paid to do.

        There's a secondary issue of whether your operating system provides a good mechanism for QoS policy management at the endpoints (hint: no, it doesn't). But that's something to take up with the O/S vendor, or perhaps—an easier nut to crack—the router in your home. But in any case, it seems reasonably clear that QoS should be honoured or ignored end-to-end, and not randomly messed with in transit to the benefit of third parties.

        ...Unless I've misunderstood the technical situation completely....

      • Re:Stop misusing "Network Neutrality" by dogs4ar (Score:1) Thursday November 29, @02:38PM
      • Damn debate gene by Nakarti (Score:1) Thursday November 29, @10:42PM
      • 1 reply beneath your current threshold.
    • Re:Stop misusing "Network Neutrality" by Anonymous Coward (Score:2) Thursday November 29, @12:07PM
    • Re:Stop misusing "Network Neutrality" by 0xABADC0DA (Score:2) Thursday November 29, @12:25PM
    • Re:Stop misusing "Network Neutrality" by pyrr (Score:1) Thursday November 29, @12:43PM
    • Re:Stop misusing "Network Neutrality" by dpilot (Score:2) Thursday November 29, @12:53PM
    • 3 replies beneath your current threshold.

  • Instead of denying what they are doing... (Score:1)

    by fourohfour (1056594) on Thursday November 29, @11:54AM (#21519713)
    ...why don't they just charge a nominal fee for heavy p2p users?

  • EFF- thanks, it's the thought that counts (Score:2, Interesting)

    by jayp00001 (267507) on Thursday November 29, @12:49PM (#21520643)
    It's nice of the EFF to spend time and money developing software that can detect what we know Comcast (and maybe others) are doing but without some sort of centralized data gathering operation to put together some sort of class action lawsuit what good is it? Knowing your packets are getting pummeled by Comcast allows you to... complain? I can't even get them to give me a clean cable tv signal- does anyone think they would listen to our complaints about packet loss? (does anyone think the average Comcast support rep would know what a packet is?) While others might be able to switch to another provider I think far too many of us (myself inculded)are stuck in monopohell with broadband providers. I'd prefer to see the EFF working on forcing Verizon (et al.) to drop fiber to the premises (after all we've been paying billions in infrastruture taxes for how long now??)

  • Comcast releases new modem setup diagram (Score:4, Funny)

    by noidentity (188756) on Thursday November 29, @01:03PM (#21520899)
    Comcast posted a new cable modem wiring diagram [ripway.com] in response.

  • Will There Be Fasle Positives? (Score:3, Informative)

    by AK Marc (707885) on Thursday November 29, @01:56PM (#21521853)
    I work for an ISP. We purposefully craft spoofed packets and send them to our customers. Will we be reported as offenders? Does it matter that we provide service to rural locations that are only accessible through satellite and the "spoofers" are called "accelerators" by the people that sell them, and the spoofed packets are added to correct for windowing issues to increase the speed of Internet connections? If I get a number of customers that complain about our "non-neutrality" I'll be more than happy to turn off TCP acceleration and see how they like the new neutral Internet.

    It isn't only for nefarious purposes where providers spoof packets. Will this software be able to identify the good from the bad? Or will it just assume that all are bad, even in the face of legitimate uses?
  • Having RTFA, I found this:

    • Each party participating in the experiment must have all of the following:
      * a computer capable of running Wireshark, with appropriate privileges to install and run it;
      * the ability to connect this computer directly to the Internet, with a public IP address, outside of any firewalls (for example, not via a typical home wireless router);
      * the ability to determine the computer's public IP address;
      * the ability to disable any firewall software running on the computer itself;
      * some application to test, and the ability to configure that application to communicate directly with the other party (by IP address).


    So you're going to set up a honeypot on the 'net while you're trying to figure out if Comcast is jacking with your packets. How are you going to tell the difference between your system getting hijacked and Comcast slowing your connection?
  • I'm under the impression that Java is more common than Python, but no matter, this software is still pretty rudimentary.

  • Re:Pardon my ignorance, but... (Score:1)

    by znerk (1162519) on Monday December 03, @11:40AM (#21560915)
    An interesting point. Anyone have any hard info on this?
    --
    Ask not what your country is doing to you...
  • 3 replies beneath your current threshold.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 SourceForge, Inc.