Stories
Slash Boxes
Comments
Google Search

News for nerds, stuff that matters

Comcast Forging Packets To Filter Torrents

Posted by kdawson on Tue Sep 04, 2007 04:56 PM
from the could-be-actionable dept.
Security Censorship
An anonymous reader writes "It's been widely reported by now that Comcast is throttling BitTorrent traffic. What has escaped attention is the fact that Comcast, like the Great Firewall of China uses forged TCP Reset (RST) packets to do the job. While the Chinese government can do what they want, it turns out that Comcast may actually be violating criminal impersonation statutes in states around the country. Simply put, while it's legal to block traffic on your network, forging data to and from customers is a big no-no."

Related Stories

[+] Cambridge Breached the Great Firewall of China 250 comments
Darren Rayes writes to mention a ZDNet article on Cambridge academics' claims that they have breached the great firewall of China. They also claim that by misusing the firewall they can launch DDoS attacks against IP addresses behind the wall. From the article: "The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. By forging the source address of a packet containing a 'sensitive' keyword, people could trigger the firewall to block access between source and destination addresses for up to an hour at a time."
[+] Your Rights Online: Comcast Hinders BitTorrent Traffic 537 comments
FsG writes "Over the past few weeks, more and more Comcast users have reported that their BitTorrent traffic is severely throttled and they are totally unable to seed. Comcast doesn't seem to discriminate between legitimate and infringing torrent traffic, and most of the BitTorrent encryption techniques in use today aren't helping. If more ISPs adopt their strategy, could this mean the end of BitTorrent?"
Firehose:Comcast violating law by filtering torrents? by Anonymous Coward
[+] Games: Comcast Slightly Clarifies High Speed Extreme Use Policy 618 comments
Alien54 writes "Comcast has finally clarified what 'excessive use' is when it comes to their cable internet service. A customer is exceeding their use limit if they: download the equivalent of 30,000 songs, 250,000 pictures or 13 million emails in a month. '[A Comcast spokesperson] said that Comcast's actions to cut ties with excessive users is a "great benefit to games and helps protect gamers and their game experience" due to their overuse of the network and thus "degrading the experience."'" Maybe they could put that limit in terms other than 'email' or 'songs'?
[+] Your Rights Online: Comcast Continues to Block Peer to Peer Traffic 283 comments
narramissic writes "A report released Thursday by the Electronic Frontier Foundation (EFF) finds that Comcast continues to use hacker-like techniques to slow down customers' connections to some P-to-P (peer-to-peer) applications. The EFF said that Comcast appears to be injecting RST, or reset, packets into customers' connections, causing connections to close. 'The investigators say that their tests confirmed an earlier one conducted by the Associated Press that showed that Comcast is interfering with BitTorrent traffic. BitTorrent is a protocol used to efficiently distribute the online transmission of large files, and some entertainment companies have partnered with its creators to distribute its content online. Comcast has said that it doesn't block BitTorrent, or any kind of content.'" If you're the type that always looks for a silver lining, Comcast's skulduggery may be pushing Congress to reconsider Net Neutrality.
[+] Politics: FCC To investigate Comcast Bittorrent Meddling 196 comments
An anonymous reader writes "FCC Chairman Kevin Martin said Tuesday that the commission will investigate complaints that Comcast actively interferes with Internet traffic as its subscribers try to share files online. A coalition of consumer groups and legal scholars asked the agency in November to stop Comcast from discriminating against certain types of data and to fine Comcast $195,000 for every affected subscriber. While known for months in tech circles, the issue wasn't given broad attention until an Associated Press report last year, in which reporters tested and verified the data blocking."
[+] Technology: Comcast Offers 50 Mbps Residential Speeds 332 comments
An anonymous reader notes that Comcast is offering a new 50-Mbps / 6-Mbps package for residential customers for $150, starting in Minneapolis-St. Paul and extending nationwide by mid-2010. The new service will use the DOCSIS 3.0 standard, which is nearing ratification. We've recently discussed Comcast's BitTorrent throttling and promise to quit it, and their low-quality 'HD' programming. How attractive will $150 for 50 Mbps be compared to Verizon's FiOS offerings?
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Comcast Forging Packets To Filter Torrents 25 Comments More | Login /

 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.

  • Can you say "class action" ? (Score:5, Insightful)

    by unity100 (970058) <unity100 AT gmail DOT com> on Tuesday September 04 2007, @04:58PM (#20469659) Homepage Journal
    say it ! and add a "lawsuit" to the end. Such "companies" deserve it.

      • Re:Can you say "class action" ? (Score:5, Informative)

        by click2005 (921437) on Tuesday September 04 2007, @05:06PM (#20469811)
        There are a lot of legal bittorrent downloads. Most linux distros are available this way as well as a large number of public domain movies.

        http://www.publicdomaintorrents.com/ [publicdomaintorrents.com]
        http://www.starwreck.com/download.php [starwreck.com]
        http://www.zeitgeistmovie.com/ [zeitgeistmovie.com]
          • and you should have told them they should have invested while they were overselling their lines. it doesnt matter what percentage of p2p is legal or not, the fact is they are not able to provide what they promised. the debate should be on that, not p2p's legality.

          • Re:Can you say "class action" ? (Score:5, Insightful)

            by Fujisawa Sensei (207127) on Tuesday September 04 2007, @05:51PM (#20470553)

            Major ISP's in the US have told me in meetings that P2P makes up 70-80% of their total traffic. Do you really believe that the majority of this is legal content?

            That's not for the ISP to decide.

              • Re:Can you say "class action" ? (Score:5, Insightful)

                by jafiwam (310805) on Tuesday September 04 2007, @08:05PM (#20472325) Homepage Journal

                "Legitimate" content and "Trusted" sources will get priority. The ISO of your favorite Linux distro is in. The unknown and likely pirated DiVX rip is out. This doesn't have to be BT as you know it. It could be an ISP administered P2P net.
                This statement leads me to believe you don't even know how bit torrent works. You are aware, it downloads from peers that have also downloaded from their peers from an original source right? And that aside from a small few bits at the beginning, ALL of the downloads come from (what is going to be essentially from the ISP's point of view) random locations right?

                How is it you think they are going to "source" the download? Download it first, then put it on a list?

                As someone who has downloaded lots of music illegally, I have NEVER had to resort to bittorrent to get it. It's always some person I know sharing an entire hard drive full or whatever. (Not public sources.) Heck, you can put certain phrases in Google and get the default "directory listing allowed" for common web server software and find TONS of music shared on web servers.

                Since it came out, I have probably downloaded 150 gigs of various game patchs, game mods, Linux versions, etc. all of which the users I got them from had a right to distribute and I for which I had a right to download. ZERO percent of my torrent use has been illegal downloading.

                Limiting traffic is one thing (just throttle ALL of the heavy users traffic, email, web, games, etc.), saying all torrent downloads are illegal is plain flat out incorrect.

            • Re:Can you say "class action" ? (Score:5, Informative)

              by HiThere (15173) <charleshixsn@ear ... t ['lin' in gap]> on Tuesday September 04 2007, @06:20PM (#20471029)
              If the ISPs filter based on torrent source, then they cease to be common carriers, and lose common carrier protection. Then they immediately become liable for every case of copyright infringement that they are accessory to.

              I don't think they'd like that choice.

              If they are common carriers, then they are supposed to be indifferent to WHAT they are carrying, like the mail or the phones. If an extortion threat is transmitted by mail, you can't sue the post office. Not just because it's acting as an agent of the govt, but because it's a common carrier. (UPS is just as protected.) They aren't supposed to know or care what they're carrying. If they did, and demonstrated the capability of filtering it by filtering some of it, then they would lose their common carrier status, and become liable as accessories to extortion, e.g.

              OTOH, I don't want them pretending to be me. Not at all. That should be grounds for a suit. It should also be grounds for criminal prosecution not only of those who implemented it, but of all of their supervisors, managers, etc. also. Including the boards of directors. It shouldn't have a particular onerous penalty...say 10 days for each separate offense. Cumulative. I'll be generous, and say 1 day per instance. I.e., 1 day per false packet.

              • Re:Can you say "class action" ? (Score:5, Interesting)

                by binarybum (468664) on Tuesday September 04 2007, @06:48PM (#20471367) Homepage
                hmm, this is interesting - I am not familiar with this arguement. Any lawyers out there that can verify this? Everyone knows that ISPs have been filtering the dickens out of traffic since the napster era, why haven't they been called out on this already? Also, the post office won't let me ship a can of gasoline to a friend who lives in small town with high gas prices - they consider this "hazardous." Could isps argue that certain traffic is hazardous to their infrastructure (i.e. clogs up the pipes) and refuse it on those grounds (assuming this whole common carrier thing really applies in the first place)?

          • Re:Can you say "class action" ? (Score:5, Informative)

            by quantum bit (225091) on Tuesday September 04 2007, @06:04PM (#20470763) Journal

            I believe the WoW patcher uses a bittorrent model, as well.
            Not just a bittorrent model, it uses the standard bittorrent protocol. The downloader even complains it can't contact the tracker if your internet connection is down. Ummm, a friend told me that. :P

            See the WP [wikipedia.org] for a list of a few things (including WoW updates) that use BitTorrent.

  • Suure... legal action is possible... (Score:5, Interesting)

    by Creepy Crawler (680178) on Tuesday September 04 2007, @05:01PM (#20469719)
    But when these huge companies work with other huge companies AND government agencies like the FBI and CIA, do you think you even have a chance in Hell?

    Like many have said before me, we need to go pure encrypted communications to prevent this kind of violation. TOR, WASTE, and Linux based encryption techniques allows us these kind of tools to defend against attackers: our very providers of bandwidth.

    • do you think you even have a chance in Hell?

      Then again, Rosa Parks [wikipedia.org] had no legal right to keep her bus seat from a white guy. And yet, she did.

      If you don't stand up and fight for your rights, who else will?

        • Why do you say that? (Score:5, Insightful)

          by WindBourne (631190) on Tuesday September 04 2007, @05:50PM (#20470531) Journal
          First, Spyder was not saying that he was Rosa, but even ignoring that, why do you say with certainty that this is not the same? This is standing up to a MUCH bigger bulley who is trying to take what is not theirs. It was no different than when the geek stood up to a circuit city store and then the police. That is a case that may make a difference, as might this (keeping our rights from those that would gladly steal them). You can bet that at the time of Rosa, the locals just thought it was a silly disturbance.

  • Technical merit? (Score:5, Interesting)

    by WPIDalamar (122110) on Tuesday September 04 2007, @05:05PM (#20469787) Homepage
    Legal questions aside, is there some technical merit to sending a RST instead of just blocking the packets? Is it less expensive to the ISP or something? I don't understand why they're doing it.

    • Re:Technical merit? (Score:5, Informative)

      by bagboy (630125) <<ten.citcra> <ta> <oen>> on Tuesday September 04 2007, @05:10PM (#20469879)
      Blocking bittorrent causes the client to find other open ports (if you are using port-based blocking). As an ISP, by throttling it way back to almost nil, but keeping it as an established connection, you have a better chance at keeping bittorrent traffic from overcoming your own upstream/downstream connection to your provider.
    • Yeah, it works better. Sending a RST packet closes the TCP connection. Just eating the packet would cause the computer to resend it, creating more traffic on the network. The forged-RST attack is "fire and forget." You identify a TCP connection that has bad traffic in it, and then you target the connection. It doesn't require matching every packet, you can instead look for patterns of packets that indicate types of traffic you dislike, and then just terminate it, and move on to the next connection. It may use deep-packet inspection, but it's not a 'packet blocking' attack. It's better, because it avoids having the computers retransmit packets that just contribute to the traffic you need to screen.

      It's a fairly insidious way to block traffic, which is why the Chinese do it. Frankly it's a fundamental weakness of TCP: it wasn't really designed to cope with hostile intermediate nodes. (Flaky ones, sure, but not hostile ones.) You could configure your computer to reject RST packets, but then you'd end up leaving connections open all over the place and cause all sorts of other problems. It's not something that you can trivially work around.

      • Re:It's better than single-packet blocking. (Score:5, Interesting)

        by Vellmont (569020) on Tuesday September 04 2007, @05:53PM (#20470593)

        You could configure your computer to reject RST packets, but then you'd end up leaving connections open all over the place and cause all sorts of other problems. It's not something that you can trivially work around.


        How about just wait until some specified timeout and see if you receive any other packets? If someone sends RST, but you receive a bunch more packets, there's a very good chance the RST was faked. Better yet, wait for timeout1, then wait timeout2 for any more packets. (Since packets can be received out of order). Then if you receive more packets during timeout2, ignore the RST. I'd say that's pretty trivial. It could even be implemented on a NAT router so you wouldn't even have to modify your OS.

  • Forged RST packets (Score:5, Insightful)

    by ACMENEWSLLC (940904) on Tuesday September 04 2007, @05:05PM (#20469789) Homepage
    We use a popular web content filter. The way it works is by doing the same thing. So when we are blocking traffic, we block it by issuing a forged RST. It's either do this, or place the content filter inline ACTIVE. Right now it is passive It does packet capturing and RST to block. If it's down, then traffic still flows. If it were active, we could simply drop the traffic and not forge the RST. But performance and uptime are horrible on many products when these are inline.

    Initially this sounded a lot worse to me.

    • Re:Forged RST packets (Score:5, Insightful)

      by Opportunist (166417) on Tuesday September 04 2007, @05:33PM (#20470251)
      The difference is most likely that you're the endpoint of the traffic. When traffic comes to me, it's my business what I send in reply. A RST, nothing or a "thanks for sexual services".

      Comcast is the carrier. They have no business sending RST packages. Their business is to transfer packets to and from you. If you allow them to manipulate your packets (which this essentially is, injection of packets is by no means different from altering them, it changes the data stream and the information transmitted), you can never be sure that what you sent is what arrived on the other end.

  • Evidence is already out there (Score:5, Informative)

    by poetmatt (793785) on Tuesday September 04 2007, @05:07PM (#20469827) Homepage
    take a look at http://www.dslreports.com/forum/comcast [dslreports.com] and you will note that plenty of examples of this impersonation exist. They disconnect by impersonation after about 10 seconds of seeding, and it seems to be courtesy of Sandvine. Gotta love lack of net neutrality here, although I am not in favor of extreme net neutrality, some would be, well, nice.

  • Actaul chat session dialog. (Score:5, Informative)

    by moseman (190361) on Tuesday September 04 2007, @05:59PM (#20470673)
    Christopher(Tue Sep 04 2007 17:54:47 GMT-0400 (Eastern Daylight Time))>

    Please provide me with a complete list of TCP/IP ports which Comcast actively blocks/filters/or limits traffic to users??

    analyst Tallilee.7304 has entered room

    Tallilee.7304(Tue Sep 04 2007 17:54:50 GMT-0400 (Eastern Daylight Time))>

    Hello Christopher_, Thank you for contacting Comcast Live Chat Support. My name is Tallilee.7304. Please give me one moment to review your information.

    Christopher_(Tue Sep 04 2007 17:55:23 GMT-0400 (Eastern Daylight Time))>

    Hi

    Tallilee.7304(Tue Sep 04 2007 17:55:18 GMT-0400 (Eastern Daylight Time))>

    The only ports that may be actively blocked on the Comcast network are 67, 68, 135, 137, 138, 139, 445, 512, 520, and 1080 at this time. Any ports that are blocked will not be unblocked. If the port you would like to use is on this list, please select another port to use with your software. There are over 10,000 ports available for use. Please be advised that Comcast reserves the entitlement to block any ports on the network without prior notice. We thank you for understanding this security policy.

    Christopher_(Tue Sep 04 2007 17:56:14 GMT-0400 (Eastern Daylight Time))>

    I have read that Comcast is now actively retarding bittorrent traffic.

    Tallilee.7304(Tue Sep 04 2007 17:56:09 GMT-0400 (Eastern Daylight Time))>

    That is not a true statement.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2008 SourceForge, Inc.