Comcast Continues to Block Peer to Peer Traffic

narramissic writes "A report released Thursday by the Electronic Frontier Foundation (EFF) finds that Comcast continues to use hacker-like techniques to slow down customers' connections to some P-to-P (peer-to-peer) applications. The EFF said that Comcast appears to be injecting RST, or reset, packets into customers' connections, causing connections to close. 'The investigators say that their tests confirmed an earlier one conducted by the Associated Press that showed that Comcast is interfering with BitTorrent traffic. BitTorrent is a protocol used to efficiently distribute the online transmission of large files, and some entertainment companies have partnered with its creators to distribute its content online. Comcast has said that it doesn't block BitTorrent, or any kind of content.'" If you're the type that always looks for a silver lining, Comcast's skulduggery may be pushing Congress to reconsider Net Neutrality.

skul what?

Never ascribe to skulduggery that which can be adequately explained by asshattery.

Re:

Seems like jackassery to me.

Re:

But if they're engaging in fucktardery?

Re:

That would indicate the old school way of doing things. Invisible and moving bandwidth caps and stuff like that. You know, Because when they tell you that your buying a 3 meg/second connection that is always on and you do something to always be using it, y

Re:skul what?

Never ascribe to skulduggery that which can be adequately explained by asshattery.

I believe that's known as "Shitcock's Razor".

Re:

Is there really such a thing as consensual skullfucking?

That's a good question, and you should know that Congress is on it [theonion.com].

Maybe it's their new hookup instructions?

I think the problem may be due to their new cable modem hookup diagram [ripway.com].

Straight from thier lawyers mouths

Here is the official load of crap you get if you bitch about it to them .....

-- begin bunch of shit ---

Thank you for contacting Comcast Cable Mark.

Thank you for writing to us in response to reports about Comcast's
efforts to manage peer-to-peer traffic on our networks.

Mark, we have posted new FAQs on our Web site making clear to our
customers the steps we are taking to protect the customer experience for
all of our customers. You may access content related to this issue in
the FAQ section of http://www.comcast.net/ [comcast.net]

First, and most importantly, you should know that Comcast does not block
access to any Web site or application, including peer-to-peer services
like BitTorrent. Our customers use the Internet for downloading and
uploading files, watching movies and videos, streaming music, sharing
digital photos, accessing numerous peer-to-peer sites, VOIP applications
like Vonage, and thousands of other applications online.

Mark, we have a responsibility to provide all of our customers with a
good Internet experience and we use the latest technologies to manage
our network so that you can continue to enjoy these applications.
Peer-to-peer activity consumes a disproportionately large amount of
network resources, and therefore poses the biggest challenge to
maintaining a good broadband experience for all users, including the
overwhelming majority of our customers who don't use P2P applications.

It is important to note, however, that we never prevent P2P activity, or
block access to any P2P applications, but rather manage the network in
such a way that this activity does not degrade the broadband experience
for other users.

Mark, network management is absolutely essential to provide a good
Internet experience for our customers. All major ISPs manage their
traffic in some way and many use similar tools.

Comcast believes we have a responsibility to our customers to provide
this service. Network management helps us perform critical work that
protects our customers from things like spam, viruses, the negative
effects of network congestion, or attacks to their PCs. As threats on
the Internet continue to grow, our network management tools will
continue to evolve and keep pace so that we can maintain a good,
reliable online experience for all of our customers.

I understand you have some questions about Comcast's policies. You can
view all of the Comcast Subscriber Agreements and Policies by visiting
the Comcast Online Customer Support Center at http://www.comcast.net/terms/subscriber.jsp [comcast.net]

On this site you will find the Subscriber Agreement, the Acceptable Use
Policy, and other policies relating to your Comcast Service. You can
also view our Privacy Policy Statement at http://www.comcast.net/privacy/index.jsp [comcast.net]

Links to the Privacy Statement and Terms of Service are located at the
bottom of every page at www.comcast.

-- end bunch of shit --

Re:Straight from thier lawyers mouths

It is important to note, however, that we never prevent P2P activity, or
block access to any P2P applications, but rather manage the network in
such a way that this activity does not degrade the broadband experience
for other users.

So, they are not even coming close to telling you the truth!

How exactly sending RST packets to peers doesn't fall under "prevent P2P activity" I don't understand.

Re:

It looks to me like Comcast is trying to mislead people into believing that they're saying:

We don't interfere with P2P activity at all, so these accusations are completely baseless!

But if you read the words carefully, you can see that following bullshit

Re:Straight from thier lawyers mouths

They don't interfere with your downloading, they interfere with your uploading. You can download to your heart's content at full speed - I've seen my 7Mbit Comcast cable connection spike as high as 20Mbit for more than 30 seconds, while downloading particular things with 500+ seeders online. This is difficult with Windows due to the built-in connection limit, but it's very easy on Linux or Mac. I can download folders larger than 6GB in less than three hours, with an avg. speed roughly being around 700 - 750KB/s.

It's when you go to make an upload connection to another peer. BitTorrent wouldn't work at all (uploading or downloading) if Comcast just shot your upload connections down from the start; instead, they kill it after 30 seconds. I've timed it hundreds of times, from the time I announced to the tracker - it's always almost exactly 30 seconds. Unless you hammer the tracker with manual announcements or have a client that's smart enough to reconnect the peer "just to see" if it "really wanted to reset", you can't upload more than for 30 seconds at a time without either hammering the tracker, or taking excessive measures (it's been discovered that reconnecting the client as if it were just announced, upon being dropped, while causing somewhat odd client behavior, will work around the problem).

This is a serious issue if you're a member of invite-only torrent sites where you don't get to download unless you've uploaded enough; it's also a serious issue if a lot of Comcast customers happen to use your BitTorrent-distributed product.

The "quality assurance" cover is completely bogus - that's not what's going on. First of all, they're not hampering my upload speeds, they're dropping the connection completely after a set amount of time. How, exactly, does my uploading stuff on BitTorrent affect other customers' experience? Increase the bandwidth bill maybe, but that's not what's going on... they could easily throttle the speed down, but that's not what they're doing.

I used to work for an ISP. Uploading doesn't hamper other customers' experience - downloading does. I think it's more plausible that they're being paid to screw up private BitTorrent trackers.

Re:

Simple, they just use disingenuous, lawyerly weasel words. They don't "block" the traffic outright (since some percentage of the packets are allowed through), they just interfere with it. It's like saying that to prevent people using my driveway to make u-

Re:Straight from thier lawyers mouths

-- begin bunch of shit ---
bunch of shit, Mark.
Mark, bunch of shit.
bunch of shit.
Mark, bunch of shit.
bunch of shit. bunch of shit.
-- end bunch of shit ---

But you've got admit, it's pretty cool how they address you by name throughout this carefully composed, personal email response made Just For You.

Re:Straight from thier lawyers mouths

But you've got admit, it's pretty cool how they address you by name throughout this carefully composed, personal email response made Just For You.

Except his name is Steve.

It's not blocking per se...it's worse!

It's far more sinister. They are spoofing packets by impersonating a p2p node. They are illegally interfering with their customers' service and don't have the guts to do it outright themselves.

Re:It's not blocking per se...it's worse!

They are illegally interfering with their customers' service

Since you've been modded up to "5, insightful"- would you care to tell us what is illegal about it? Extra credit for references to specific federal or state laws or regulations.

And, more specifically, if it is illegal, why this is (supposedly) pushing Congress towards net neutrality laws?

Re:

My speculation would be that he's refering to something in the anti-spam laws that make it illegal to forge who an electronic communication (in this case the RST packet) is from. Impersonation of a third party for arguably malicious purposes... mmm... sou

Re:It's not blocking per se...it's worse!

While it is popular to claim something is illegal when the statement should be more like It should be illegal, I would be more along the belief that something like fraud or something along those lines.

I looked but couldn't find the a law on a federal level but saw a few state laws in passing that include using the Internet to commit fraud and causing the interruption of Internet services in that act. Now suppose that their interference can be considered defrauding you of services they sold you and suppose that interfering with the data streams was the method for doing this, even though it is on their network, I imagine something could be twisted enough to apply.

I look at it this way, Suppose you purchased a printer that printed 20 pages per minute. Says so right on the box and on the printer itself. Now, when you get home, you find that you have to buy the turbo module at a cost more then the printer in order to get that advertised performance. And when you complain, they tell you that it is done this way to protect their supply network. What sort of laws apply? Suppose that you have to feed the paper manually one sheet at a time and push a button after it is started without the turbo module which could be similar to having to monitor and restart your torrent or whatever.

Now, what sort of laws would apply, would they be criminal or civil in nature, and seeing how comcast is a regulated entity, is there a state oversight organization that fields complaints already. In ohio, the public utilities commission has some oversight of time warner I think. I have used them in the past to help get complaints again Cell phone providers taken care of. I think it probably is illegal in some way under some laws. I just don't know the specific ones or if I am correct in that assumption. But the oversight necessary might already be there.

Comcast sells the Internet, not some Internet like service. Their willful failure to deliver reliably might not sit well with local regulators either. At minimum, they should be forced to be honest and up front about their tampering with P2P applications before you purchase their service. and where there are no other options because of Comcasts government granted monopoly, there should be a way around it.

Re:

I'm thinking that you're not understanding what Comcast is doing. (Given your choice of examples)

Lets look at what happens with WoW updates.

Lets say that you're one of the first one's trying to do a WoW update, so your updater (which uses bittorrent) cont

Re:

blockquote> i>And, more specifically, if it is illegal, why this is supposedly pushing Congress towards net neutrality laws? /i> /blockquote> For an overview check the wiki [wikipedia.org]

Currently it is only violating net neutrality principles and is on

Re:

I believe they are stretching definitions to the limit if not beyond :

"The duty to carry does not mean that a carrier is never justified in refusing to provide service. It is well established that "if goods are not of the character that the carrier transpo

NY Sec. 190.25

NY Sec. 190.25

S 190.25 Criminal impersonation in the second degree.
A person is guilty of criminal impersonation in the second degree when
he:
1. Impersonates another and does an act in such assumed character with
intent to obtain a benefit or to injure or defraud another;

Not a real stretch. If they just enforced QoS, then it wouldn't be an issue, the issue is pretending to be the end user's system.

Re:

FCC policy statement (FCC 05-151) August 5, 2005 [fcc.gov]

(1) consumers are entitled to access the lawful Internet content of their choice;(2) consumers are entitled to run applications and services of their choice, subject to the needs of law enforcement;

I think inserting RST packets into the data stream would violate rule #2, and if the content is legal they are also violating rule #1.

Should be shot

People who inject fake RSTs into network streams should be shot.

This will lead to non-compliant network stacks which attempt to detect "bogus" RSTs and ignore them. And that cannot be allowed to happen at any cost.

It is fine for them to drop packets. It is a dick move, of course, when they sold people the bandwidth and don't let them use it, but TCP/IP is designed to deal with packet loss, and treat it as congestion. Fragrantly violating the network standards that allow communication between different networks to interoperate is literally trying to destroy the internet, and cannot be tolerated.

Re:

I think that if they're injecting packets into their customers' data streams, we should be injecting packets into theirs, right?

Quality of service is important, so just to ensure that their service is up and running, we should ping -f -s 10000 it, don't yo

Re:

Fragrantly violating the network standards...

I think we might have had the same guy install our cable! Tell him I said 'hi', next time you see him.

Re:

This will lead to non-compliant network stacks which attempt to detect "bogus" RSTs and ignore them. And that cannot be allowed to happen at any cost.

Why? Just ignore all RST packets for bittotent ports, and timeout any connections. Do it at the NAT leve

Silver lining?

How is it a silver lining that Congress may reconsider Congressionally mandated Federal control over the internet in the United States?

If there's one thing Congress and the rest of the Federal government have proven time and time again it's that the only t

Re:

If there's one thing Congress and the rest of the Federal government have proven time and time again it's that the only thing they're good at is spending money. Everything else they try to do (ie. all the stuff they spend the money on), they can't help but

Re:Silver lining?

How is it a silver lining that Congress may reconsider Congressionally mandated Federal control over the internet in the United States?

Because they've got a pretty good track record so far.
Net neutrality was the rule of the land until just recently.
It is not something new, it is a return to the way it was only a few years ago.
In 2005 the SCOTUS ruled [wikipedia.org] that broadband internet was an "information service," and not a "telecommunications service." Thus freeing broadband ISPs from the laws that have enforced "network neutrality" for telephone service for decades.

Define Net Neutrality

Define "net neutrality". I don't want high-level goal oriented stuff. I want to know exactly what such a law would look like because frankly I'm skeptical that any net-neutrality law wouldn't just be full of vagueness, unintended consequences or be so limited as to be useless.

Just saying "make the networks fair" doesn't make a good law, but that is all I've heard from the NN people. I want to be behind NN, but I can't as long as it is so ambiguous.

Re:Define Net Neutrality

Well, one way to do it:

1. No ISP shall give preferential handling to, modify, fail to deliver, or alter the content of traffic based on either its source, the protocol over which it is carried, or its content.

Exception: If a quality-of-service mechanism becomes widely used over the Internet, such as setting a time-critical flag on certain traffic (online gaming, VoIP, etc.), ISP's may give preferential handling to traffic so flagged, as long as:

a) the mechanism for requesting a higher QoS for certain traffic is widely known and available, such that anyone can use it;

b) the preferential treatment given to time-critical content is given equally to all traffic claiming to need a higher QoS without regard for its source, the protocol over which it is carried, or its content;

Exception: Traffic which is clearly and unambiguously malicious may be dropped. "Malicious", in this case, means either:

a) It is intended to interfere with the correct operation and control of the recipient's equipment, if the recipient of the traffic is a customer of the ISP. This includes, but is not limited to, denial-of-service traffic and exploit attempts. However, an ISP must honor a request in writing by a customer to cease filtering inbound malicious traffic to them.

b) It is generated by a program running without the consent of, and against the wishes of, the owner of the sending computer, if the sender is a customer of the ISP.

c) Such traffic consists of unsolicited commercial email, and the customer has requested that the ISP filter inbound email to remove spam.

Archaic Cable shared node topology is to blame

Check out this article [zdnet.com] posted by George Ou at ZDNet a couple of weeks ago.

The reason Comcast is doing this is because the shared node topology of Cable can't handle all of the connection requests. Similar to a bunch of Windows 95 boxes running NETBUI on a large non-switched network, bittorrent causes a a ton of contention. The result are packet storms which end up taking everyone out.

Of course Comcast won't say, "The reason we do this is because our entire infrastructure is shit and needs to be replaced." The stockholders wouldn't like that.

Re:

Ok,

From the article that I linked to that you obviously failed to read:

Cable modems have a crappy upstream protocol. When it wants to send, it sends a request to send packet to the controller, and waits for a reply that gives it a time slot. But the RTS packet is sent in a contention slot, such that any two stations sending RTS in the same cycle will collide, and then nobody gets to transmit. The more data you have queued at the cable modem, the more likely a collision.

The network is physically large, with a long propagation delay relative to the size of the collision window. And when collisions start to happen, they ripple as more and more stations have data queued for transmission. So the only way to make this protocol stable is to actively limit the amount of data queued at the cable modem for upstream delivery, and only way to do that for Torrent is to stifle connections at the TCP level. I've tried to scheme up a better way to do this, and there isn't one.

Plausible deniability?

Comcast continues to deny [comcast.net] they are blocking or discriminating with traffic. (See "Hot Topics" in the middle of the page.)

See this nonsense [comcast.net] linked from that page:

Question: "Do you discriminate against particular types of online content?"

Answer: "No. There is no discrimination based on the type of content. Our customers enjoy unfettered access to all the content, services, and applications that the Internet has to offer. We respect our customers' privacy and we don't monitor specific customer activities on the Internet or track individual online behavior such as which Web sites they visit. Therefore, we do not know whether any individual user is visiting BitTorrent or any other site."

I guess that is called "plausible deniability". Comcast management apparently assigned that question to someone who is so ignorant that he thinks BitTorrent is only a web site, and clearly doesn't understand the issues. I suppose that later Comcast management can blame the denial on a confused lower level employee.

I was talking to a Comcast repair technician yesterday who came to replace a poor quality, non-functional cable modem. He was very uncaring. I suppose that is the Comcast culture. It must be miserable to work there.

You can't see it with Slashdot's HTML rendering, but whoever typed that reply for Comcast is back in the days of the typewriter. He or she used two spaces after every period. That made sense when all type was monospaced. I wonder if I visited Comcast headquarters, would I see horses tied outside?

Re:

Question: "Do you discriminate against particular types of online content?"

Answer: "No. There is no discrimination based on the type of content. Our customers enjoy unfettered access to all the content, services, and applications that the Internet has to offer. We respect our customers' privacy and we don't monitor specific customer activities on the Internet or track individual online behavior such as which Web sites they visit. Therefore, we do not know whether any individual user is visiting BitTorrent or any other site."

That is a very carefully crafted response. in their response they subtly defined BitTorrent as a "site". and they're saying the don't monitor what sites you visit. that may well be true, but they are skirting the issue. likewise, they are subtly trying to

Re:

Set up a script downloading OS isos from a mirror site to /dev/null and see how long before they discriminate.

Re:

Umm, everyone's supposed to use two spaces after a period, and one after a comma. HTML being stupid with white space doesn't change that.

First post!

I wonder if Comcast can deliver this on time...

Re:

Mod parent funny.

Encrypt your P2P traffic!

This can be done in virtually all clients..for example, in uTorrent, set Encryption to "Forced" in your preferences. This isn't 100% foolproof but it seems to help a lot of Comcast users, among others with throttling and other P2P blocking measures forced on them from their ISP.

Comcast Censoring YouTube also??

I'm a fan of YouTube (who isn't), but hadn't logged into my account for awhile and forgot the password when I tried commenting on a video. I had a reminder sent to my comcast e-mail account a day or two ago -- and it's been about 36 hours, and it never arrived! Assuming something was hosed with my YouTube account, I decided to create a new account, still no activation e-mail sent.

I then changed my YouTube preferences to my GMail account, and the confirmation e-mail arrived within like 2 minutes. No surprise, since Google owns both GMail and YouTube. But my curiosity was now aroused, so I changed the e-mail preferences on YouTube to my work account (I'm an open source programmer at a Big-10 university). Again, the YouTube confirmation came within like 2 minutes or so.

I logged into comcast.net under my main subscriber e-mail account today -- and deactivated ALL spam/filtering on that account. I then went back to YouTube and switched preferences back to my comcast account. It's been about 4 hours and, of course, there's been no e-mail from YouTube.

Anyone else notice this oddness between YouTube / Comcast? It irked me enough to create a little web site of it this afternoon, and post it on my blog as well (http://paulbramscher.blogspot.com/ [blogspot.com]).

IPsec and other stuff

Use IPsec. Not only can they not tell what your packets mean (only where they are going and came from), but they cannot forge an RST since that also needs to be encrypted with the association key.

So they could do a man-in-the-middle attack on a simplistic key exchange done over IPsec. But that would require far more resources (they have to get in the middle of each connection) than they appear to be willing to use (RST forgery is about the cheapest form of net interference there is). So I think even minimal IPsec would bring this blocking to and end until such time as they want to invest in whatever it takes to mount an attack on IPsec. Then we just use a strong key infrastructure and end that.

If the protocol involved understood the work to be done (e.g. how many bytes to be transferred), it could also re-establish a new connection if the existing one got dropped, and resume the transfer ... until done or one end decides to not do this anymore.

There is already a law to apply here....

There is already a law to apply here....take away their common carrier status. As soon as they discriminate among content, they SHOULD lose their common carrier status, and can be sued out of business the first time they DON'T block hate speech or kiddy po

Re:

ISPs and cable TV providers in the US are not common carriers, Comcast doesn't have common carrier status. If ISPs were common carriers there would be no net neutrality issues.

how is this different than other big ISP's?

All one has to do is look at the main competitor to Comcast, which is Verizon, and look at how they do the same type of stuff. They block outbound SMTP traffic except to their smtp servers...

Blocking SMTP or XYZ service kind of makes sense

Blocking-by-default services which are abused by robots and which provide no value except to those who should know enough to ask for them makes a lot of sense.

These days, that's outbound mail, outbound SMB/Windows-networking, and all inbound ports other th

iptables should be able to help

Can't you just write a iptables rule to drop RST packets destined for your bittorrent port? You could even get clever about it and drop RST packets that come out of the blue, but allow repeated RST packets to pass, so that connections that have really be reset on the far end can be closed.

Re:Practices like these make me not want to give t

I'm not sure comcast is *that* sad to see you go. Their entire business model is based on overselling their bandwidth. Their favorite customers are those that pay $50/mo for internet access, and then only check their email.

People like you and I, who actually use most of the bandwidth advertised, make Comcast little, if any profit. If all the heavy bittorrent users followed your example, comcast may well be able to cut their costs enough (with all the bandwidth savings, etc.) that they could stay just as profitable, if not more so.

Think about it. They're already *cutting off* subscriptions of the heaviest users -- they're obviously not concerned about losing that business.

Re:Good for them

Although you're marked as a troll, you're stating the honest opinion of lots of people and the opinion that shapes policy of many companies. So I'll bite. I think your characterization of BitTorrent users, looked at by the numbers, is probably true. While there are people using torrents to distribute content that's both legal and non-commercial (Free Software, for example), it probably makes for a pretty small percentage of the total. But that doesn't matter. The Internet is a network of peers. That's how it was designed, and I believe that's how it ought to stay. The more rights to communicate are gated by money and elitist policies the fewer voices contribute. You need to pay big bucks to get a fat pipe, but you shouldn't need to pay big bucks to get all the protocols. That's what the Internet means on a technical level. If you're not selling me that, you're not selling me Internet access, you're selling me "Web and Email access". If you want to offer that as a product, go ahead. But it's *not* true Internet access.