Comcast Forging Packets To Filter Torrents

An anonymous reader writes "It's been widely reported by now that Comcast is throttling BitTorrent traffic. What has escaped attention is the fact that Comcast, like the Great Firewall of China uses forged TCP Reset (RST) packets to do the job. While the Chinese government can do what they want, it turns out that Comcast may actually be violating criminal impersonation statutes in states around the country. Simply put, while it's legal to block traffic on your network, forging data to and from customers is a big no-no."

Can you say "class action" ?

[unity100]

say it ! and add a "lawsuit" to the end. Such "companies" deserve it.

Re:

[Associate]

The question would be who could be a party to the lawsuit. Could someone that's not a customer but peered BT's to Comcast customers seek damages? All that would be needed for proof would be a peer's IP belonging to Comcast. Right?

Re:Can you say "class action" ?

[click2005]

There are a lot of legal bittorrent downloads. Most linux distros are available this way as well as a large number of public domain movies.

http://www.publicdomaintorrents.com/ [publicdomaintorrents.com]
http://www.starwreck.com/download.php [starwreck.com]
http://www.zeitgeistmovie.com/ [zeitgeistmovie.com]

Re:

[garylian]

I believe the WoW patcher uses a bittorrent model, as well.

Considering there are something like 2 million plus users in the U.S. alone, that would add up to a lot of traffic each patchday!

Re:Can you say "class action" ?

[quantum bit]

I believe the WoW patcher uses a bittorrent model, as well.

Not just a bittorrent model, it uses the standard bittorrent protocol. The downloader even complains it can't contact the tracker if your internet connection is down. Ummm, a friend told me that. :P

See the WP [wikipedia.org] for a list of a few things (including WoW updates) that use BitTorrent.

Re:

[Fizzlewhiff]

I haven't noticed decreased speeds when grabbing torrents and I use Comcast. I grabbed an Ubuntu ISO just last week and it was speedy quick. I wonder if they are only throttling those who are using obscene amounts of bandwidth.

Re:Can you say "class action" ?

[unity100]

and you should have told them they should have invested while they were overselling their lines. it doesnt matter what percentage of p2p is legal or not, the fact is they are not able to provide what they promised. the debate should be on that, not p2p's legality.

Oversubscription vs Keeping P2P Protocols Scalable

[billstewart]

First of all, there are different places in a network that can be oversubscribed, and of course they're different for cable, DSL, and other architectures. The two most important points are the Internet Backbone feeds and the neighborhood distribution networks. P2P has much different financial and technical effects in the two environments.

For cable modems and DSL, the local distribution transmission technologies are asymmetric, but the upstream media from the head end or DSLAM on up normally has more slack, so the technology tends to limit the amount of resources P2P can consume. It's obviously better if you're uploading material that's being downloaded by somebody on your local distribution network, but for general applications that's unlikely - too few people want too many different files. (Large Universities are a special case, where the bulk of the traffic is probably for relatively popular material, students have more shared tastes than random neighborhoods, and upstream is usually faster and often symmetric.)

The "backbone" bandwidth, which is what costs broadband companies money based on traffic levels, is going to be more affected financially than technically - it's a small number of locations, and broadband companies can monitor it fairly easily so they can keep up with growth. The scalability issues are really critical here - if people usually upload material to other users of the same carrier and in the same geographical area, they're not touching the backbone for high-volume media, only for tracker support, and since _everybody_ on the consumer broadband networks is primarily an information consumer, not producer, the traffic's more likely to stay local, and the traffic ratios which affect what the broadband company pays for traffic are very skewed and P2P balances them a bit rather than exacerbating them. Overall backbone downstream traffic can still increase, but carriers that care about that should be encouraging their customers to use protocols that download locally when possible, and can put up their own P2P caching servers (i.e. fast user machines) if they want to reduce imports from outside.

Napster had centralized databases tracking who was downloading what songs, so if they wanted to they could easily enough have made sure that users stayed within their local networks whenever possible, especially for universities that had scaling problems. BitTorrent trackers can provide somewhat the same capability, if they want to. The fancy way to do it is to look at BGP autonomous system numbers to determine who's sharing with whom, but even just trying to keep systems in the same /19 or /16 together is a good start. Most of the P2P protocols support a cruder approach - checking ping times or other TCP or UDP packet transmission latencies - and even these are a good start, because local stuff tends to stay local. You can do a bit better for scalability if you weight IP addresses or BGP ASNs as well - usually there's enough correlation that overall performance doesn't change much, and it helps your ISP a lot. There's some variance in that, such as that a fast university user who's networkily near one of the exchange points that your ISP uses may be more attactive than a user who's geographically farther away but on your carrier's network, but in general being crude and greedy isn't as bad as you'd expect.

Re:Can you say "class action" ?

[zippthorne]

While technically true, perhaps the best kind of true, if the companies cannot deliver their advertised rates, which are quite often !!10 mbps, unlimited*!!! (with all those extra exclamation points, even) then they either advertised falsely or planned poorly.

*Some restrictions apply, but you'll never know about them unless you have a high def TV, and happen to be watching a high def channel when the company's advertisement airs, assuming they bothered to film it in high definition itself.

Re:Can you say "class action" ?

[InvalidError]

This is slashdot, believe it!

Oversubscription is what makes it possible for ISPs to offer 10Mbps service under $80. Without it, the same service would cost closer to $200, with $50 of both amounts being the ISP's operating income for the service class. Many ISPs have "reasonable use" clauses in their otherwise "unlimited" service plans and this cap appears to be around 250GB in many cases, which would theoretically allow ISPs to fit roughly 3000 high-bandwidth 250GB/month customers per ~$30k/month OC48. The same OC48 can accommodate little more than 250 wire-burning, non-oversubscribed 10Mbps customers... that would be more than $100/month uplink cost per customer.

Because the top ~5% of customers (ab)uses ~90% of the bandwidth, over-subscription reduces the ISPs' infrastructure costs for typical users by >90%. The recent stories about heavy users getting either kicked off or pushed onto higher-margin business/special service shows that ISPs are starting to push the extra operating costs down to the relevant customers. I have calculated that a fair price for true unlimited access would be ~$150/month: rent for ~1/300th of an OC48 + other operating/service costs and profit.

But none of that quite excuses ISPs from interfering with their customers' traffic unless the customer has specifically requested it.

Re:Can you say "class action" ?

[ubuwalker31]

Oversubscription is what makes it possible for ISPs to offer 10Mbps service under $80

Bullshit. The problem is that the US taxpayers have pumped Billions upon Billions of dollars into the internet/telephone/fiber optic infrastructure, and the telephone companies, cable companies and other large companies have wasted that money over the past 30 years, by not using the money as it was intended. Which is why it is cheaper overseas to have faster broadband than in the US.

Re:Can you say "class action" ?

[Curunir_wolf]

You are correct. I note that a number of phone company shills that have tried to discredit your statement, so I will respond here instead of trying to correct each one.

While it's true that it was not tax dollars that directly went to telecommunications companies, it was still taxpayers that paid the money. The telecoms made promises to invest hugely in infrastructure in return for rules that resulted in huge profit increases. They did not honor those commitments, but pocketed the money instead. They are now in fact threatening again not to build any more infrastructure unless they can get more favorable regulations.

I'm not sure why the shills keep repeating the "it's cheaper overseas due to higher population density". That has been discredited over and over again. I'll repeat the numbers here for completeness:

Country - Broadband Penetration - Population Density
Iceland 26.7 3.0

Korea 25.4 483.0

Netherlands 25.3 399.0

Denmark 25.0 125.0

Switzerland 23.1 179.0

Finland 22.5 15.0

Norway 21.9 14.0

Canada 21.0 3.0

Sweden 20.3 20.0

Belgium 18.3 341.0

Japan 17.6 338.0

United States 16.8 31.0

No correlation. Do not listen to the telecom shills.

Re:

[WindBourne]

I would think at around 1/2 of it is legal. About 1/2 or more of the music is probably legal. I would guess about 10% video is legal. And probably the vast majority of the software is legal. But does it matter? I think not.

Re:

[silverkniveshotmail.]

I would think at around 1/2 of it is legal. About 1/2 or more of the music is probably legal. I would guess about 10% video is legal. And probably the vast majority of the software is legal. But does it matter? I think not.

Where on earth do you get this number from!? this is completely made up. and it only has to be 1/10 of 1% for it to be wrong of them to do this.

Re:

[piojo]

Major ISP's in the US have told me in meetings that P2P makes up 70-80% of their total traffic. Do you really believe that the majority of this is legal content?

I wonder how much of it is legally grey? For example, anime that is not licensed for distribution (completely unavailable) in the US. Yes, it's still copyrighted, but that doesn't mean it's a copyright violation. Perhaps it's not even copyrighted in the US. I don't know international law that well. My point is that it's a legal grey area (unless I'm totally wrong), and a series of anime consumes a lot of bandwidth. One episode is typically 175-250 MB, and these episodes come out once per week (unless someo

Re:

[cortana]

I wonder how much of it is legally grey? For example, anime that is not licensed for distribution (completely unavailable) in the US. Yes, it's still copyrighted, but that doesn't mean it's a copyright violation.

Seems like a straightforward case of copyright infringement to me. If the copyright holder has not granted you permission to distribute their work then you simply are not allowed to do so!

Re:Can you say "class action" ?

[Ajehals]

Interesting thought.

If the copyright holder decides not to prosecute someone is it still a copyright violation? after all many people distribute copyright material they do not explicitly own. Surely a copyright violation can only be deemed to have happened once the rights holder decides to take action.

Re:

[PCM2]

I don't know international law that well.

The Berne Convention [wikipedia.org] is an international treaty that sets standard copyright terms and prohibitions and has been ratified by most of the countries you've heard of.

Re:

[HiThere]

Did the US ever ratify it? We've weaseled out of most international treaties.

Re:

[LarsG]

Did you even bother to read the wikipedia article? Yes, in 1989. Although when it comes to the Berne moral rights, the US is only compliant in name only.

Re:Can you say "class action" ?

[HiThere]

If the ISPs filter based on torrent source, then they cease to be common carriers, and lose common carrier protection. Then they immediately become liable for every case of copyright infringement that they are accessory to.

I don't think they'd like that choice.

If they are common carriers, then they are supposed to be indifferent to WHAT they are carrying, like the mail or the phones. If an extortion threat is transmitted by mail, you can't sue the post office. Not just because it's acting as an agent of the govt, but because it's a common carrier. (UPS is just as protected.) They aren't supposed to know or care what they're carrying. If they did, and demonstrated the capability of filtering it by filtering some of it, then they would lose their common carrier status, and become liable as accessories to extortion, e.g.

OTOH, I don't want them pretending to be me. Not at all. That should be grounds for a suit. It should also be grounds for criminal prosecution not only of those who implemented it, but of all of their supervisors, managers, etc. also. Including the boards of directors. It shouldn't have a particular onerous penalty...say 10 days for each separate offense. Cumulative. I'll be generous, and say 1 day per instance. I.e., 1 day per false packet.

Re:Can you say "class action" ?

[binarybum]

hmm, this is interesting - I am not familiar with this arguement. Any lawyers out there that can verify this? Everyone knows that ISPs have been filtering the dickens out of traffic since the napster era, why haven't they been called out on this already? Also, the post office won't let me ship a can of gasoline to a friend who lives in small town with high gas prices - they consider this "hazardous." Could isps argue that certain traffic is hazardous to their infrastructure (i.e. clogs up the pipes) and refuse it on those grounds (assuming this whole common carrier thing really applies in the first place)?

Re:Can you say "class action" ?

[Fujisawa Sensei]

Major ISP's in the US have told me in meetings that P2P makes up 70-80% of their total traffic. Do you really believe that the majority of this is legal content?

That's not for the ISP to decide.

Re:Can you say "class action" ?

[bl8n8r]

Who said it was the ISP deciding?

Sincerely,
GW

Re:

[jmauro]

If people are using the legitimate network services for legitmate uses it's not a DDOS attack. It's a network with not enough bandwidth. There is a difference.

Re:Can you say "class action" ?

[Fujisawa Sensei]

There is no legitimate use of BitTorrent. Anything BitTorrent can do, FTP can do better.

There is not legitimate use of FTP. Anything FTP can do rsync can do better.

One word:

[burndive]

Bottlenecks.

Re:Can you say "class action" ?

[jafiwam]

"Legitimate" content and "Trusted" sources will get priority. The ISO of your favorite Linux distro is in. The unknown and likely pirated DiVX rip is out. This doesn't have to be BT as you know it. It could be an ISP administered P2P net.

This statement leads me to believe you don't even know how bit torrent works. You are aware, it downloads from peers that have also downloaded from their peers from an original source right? And that aside from a small few bits at the beginning, ALL of the downloads come from (what is going to be essentially from the ISP's point of view) random locations right?

How is it you think they are going to "source" the download? Download it first, then put it on a list?

As someone who has downloaded lots of music illegally, I have NEVER had to resort to bittorrent to get it. It's always some person I know sharing an entire hard drive full or whatever. (Not public sources.) Heck, you can put certain phrases in Google and get the default "directory listing allowed" for common web server software and find TONS of music shared on web servers.

Since it came out, I have probably downloaded 150 gigs of various game patchs, game mods, Linux versions, etc. all of which the users I got them from had a right to distribute and I for which I had a right to download. ZERO percent of my torrent use has been illegal downloading.

Limiting traffic is one thing (just throttle ALL of the heavy users traffic, email, web, games, etc.), saying all torrent downloads are illegal is plain flat out incorrect.

Re:

[Original Replica]

Are these the same ISPs who also claim that YouTube and iPlayer are clogging the bandwidth? http://techdigest.tv/2007/08/uk_isps_send_bb.html [techdigest.tv] It sounds like the ISPs have promised everyone "blazing fast internet" and can't make good on that promise because they misspent $200 billion that should have been building up internet infrastructure. http://www.pbs.org/cringely/pulpit/2007/pulpit_200 70810_002683.html [pbs.org] Now they are just making excuses instead of product.

Re:

[ajs]

If they attack any and all Torrents this way, then their users should build a case based on the blocking of major Linux distribution downloads from Fedora, SuSE and Ubuntu and make a class action out of it, certainly! This is a clear violation of their ToS, at least as I read it a few years ago when I was a customer. If it has changed, then perhaps someone could post the relevant quote from it here? Please, not the whole thing.

Re:

[Karzz1]

The problem is, as I see it, that their ToS is "fluid". In other words, the ToS can be changed at any time by the company. Whether or not this is in fact legal remains to be seen, but I suspect that it probably is (at least in the U.S. which is where I assume we are referring).

Re:

[ajs]

The problem is, as I see it, that their ToS is "fluid". In other words, the ToS can be changed at any time by the company. Whether or not this is in fact legal remains to be seen, but I suspect that it probably is (at least in the U.S. which is where I assume we are referring).

Recent decisions [consumerist.com] have changed the playing-field for revisions to contracts over the Web. Unless Comcast sent their updates out to customers, I'm not sure the updates will hold up.

Re:

[tlhIngan]

The problem is, as I see it, that their ToS is "fluid". In other words, the ToS can be changed at any time by the company. Whether or not this is in fact legal remains to be seen, but I suspect that it probably is (at least in the U.S. which is where I assume we are referring).

Recent decisions have changed the playing-field for revisions to contracts over the Web. Unless Comcast sent their updates out to customers, I'm not sure the updates will hold up.

Two different issues, actually. The ToS terms are very

What's it used for?

[imstanny]

Is it just for throttling bit torrent traffic? Can't it also be used to report on potentially illegal bit torrent transfers, as well as legal ones?

Re:What's it used for?

[Penguinisto]

Is it just for throttling bit torrent traffic? Can't it also be used to report on potentially illegal bit torrent transfers, as well as legal ones?

If any ISP did, it would kiss away any hope of a DMCA safe-harbor claim. As an ISP or other such party, if you know about it, you're supposed to stop it, not throttle it. Not stopping it immediately upon discovery and confirmation IIRC constitutes complicity.

/P

Suure... legal action is possible...

[Creepy Crawler]

But when these huge companies work with other huge companies AND government agencies like the FBI and CIA, do you think you even have a chance in Hell?

Like many have said before me, we need to go pure encrypted communications to prevent this kind of violation. TOR, WASTE, and Linux based encryption techniques allows us these kind of tools to defend against attackers: our very providers of bandwidth.

Re:Suure... legal action is possible...

[Spy der Mann]

do you think you even have a chance in Hell?

Then again, Rosa Parks [wikipedia.org] had no legal right to keep her bus seat from a white guy. And yet, she did.

If you don't stand up and fight for your rights, who else will?

Re:

[nuzak]

There are legal torrents. Comcast is certainly screwing you. That said:

I may not have known Rosa Parks, Rosa Parks wasn't a friend of mine, but I can say with pretty god damn clear certainty that you are no Rosa Parks.

Why do you say that?

[WindBourne]

First, Spyder was not saying that he was Rosa, but even ignoring that, why do you say with certainty that this is not the same? This is standing up to a MUCH bigger bulley who is trying to take what is not theirs. It was no different than when the geek stood up to a circuit city store and then the police. That is a case that may make a difference, as might this (keeping our rights from those that would gladly steal them). You can bet that at the time of Rosa, the locals just thought it was a silly disturbance.

Re:

[PCM2]

This is standing up to a MUCH bigger bulley who is trying to take what is not theirs.

You mean like your right to vote; your right to go to school, even to learn to read; your right to use the same public facilities as people of different races than you; your right not to be strung up on a tree by your neck until dead and then have your body burnt in effigy -- is that that kind of thing these big, bad bully cable companies are taking from you?

Or is it more like you buying a car with a spedometer that go

Re:Why do you say that?

[Ant P.]

More like buying a car with a speedometer that goes up to 120 only to find out that your tyres have been slashed by the car dealer a week later because he doesn't approve of the roads you drive home from work on as he stalks you every night.

Re:

[ajs]

But when these huge companies work with other huge companies AND government agencies like the FBI and CIA, do you think you even have a chance in Hell?

Cases are won against the Federal Government on a regular basis. The question is, what kind of service should these users expect? They are sold a service that says they get fast downloads, and so they try to download something and it's not only fast, but blocked. I see no reason that Comcast, even if assisted by the Federal Government, could justify that.

Re:

[budgenator]

My SELinux Torrent should trump both the FBI and the FBI, the NSA is way more l33t and spookier than those CIA lamers, NSA RULEZ!

I bet their vendor did not tell them this...

[tgatliff]

I am thinking that the vendor of their routers probably didnt disclose this bit of information.... Opps...

Technical merit?

[WPIDalamar]

Legal questions aside, is there some technical merit to sending a RST instead of just blocking the packets? Is it less expensive to the ISP or something? I don't understand why they're doing it.

Re:Technical merit?

[bagboy]

Blocking bittorrent causes the client to find other open ports (if you are using port-based blocking). As an ISP, by throttling it way back to almost nil, but keeping it as an established connection, you have a better chance at keeping bittorrent traffic from overcoming your own upstream/downstream connection to your provider.

Re:

[click2005]

Why they're doing it... because linux can get around this??

http://yro.slashdot.org/comments.pl?sid=273419&cid =20275301? [slashdot.org]

It's better than single-packet blocking.

[Kadin2048]

Yeah, it works better. Sending a RST packet closes the TCP connection. Just eating the packet would cause the computer to resend it, creating more traffic on the network. The forged-RST attack is "fire and forget." You identify a TCP connection that has bad traffic in it, and then you target the connection. It doesn't require matching every packet, you can instead look for patterns of packets that indicate types of traffic you dislike, and then just terminate it, and move on to the next connection. It may use deep-packet inspection, but it's not a 'packet blocking' attack. It's better, because it avoids having the computers retransmit packets that just contribute to the traffic you need to screen.

It's a fairly insidious way to block traffic, which is why the Chinese do it. Frankly it's a fundamental weakness of TCP: it wasn't really designed to cope with hostile intermediate nodes. (Flaky ones, sure, but not hostile ones.) You could configure your computer to reject RST packets, but then you'd end up leaving connections open all over the place and cause all sorts of other problems. It's not something that you can trivially work around.

Re:It's better than single-packet blocking.

[Vellmont]

You could configure your computer to reject RST packets, but then you'd end up leaving connections open all over the place and cause all sorts of other problems. It's not something that you can trivially work around.


How about just wait until some specified timeout and see if you receive any other packets? If someone sends RST, but you receive a bunch more packets, there's a very good chance the RST was faked. Better yet, wait for timeout1, then wait timeout2 for any more packets. (Since packets can be received out of order). Then if you receive more packets during timeout2, ignore the RST. I'd say that's pretty trivial. It could even be implemented on a NAT router so you wouldn't even have to modify your OS.

Both ends

[Anonymous Coward]

They send the RST to both ends. It's no good unless both do it.

Then again, if anyone figures out a way to stop it, they could advertise that they're plagued by that curse as part of the BT protocol and only bother conversing with those who can handle it. It should still be obvious that someone is sending data to a connection that should've been reset.

Then again, NATs and things like that in between could go crazy, because the 2nd packet could be lost long before it ever gets to your computer...

Re:

[pe1chl]

No. A TCP connection does not put load on routers.
The reason is that to block a packet you need a device that passes-through packets and could get overwhelmed or be broken, while with the RST method you just need to examine pass-by traffic and send an occasional RST. When your device gets overloaded, it will just miss part of the traffic but the traffic itself will not be hindered.

Forged RST packets

[ACMENEWSLLC]

We use a popular web content filter. The way it works is by doing the same thing. So when we are blocking traffic, we block it by issuing a forged RST. It's either do this, or place the content filter inline ACTIVE. Right now it is passive It does packet capturing and RST to block. If it's down, then traffic still flows. If it were active, we could simply drop the traffic and not forge the RST. But performance and uptime are horrible on many products when these are inline.

Initially this sounded a lot worse to me.

Re:Forged RST packets

[Opportunist]

The difference is most likely that you're the endpoint of the traffic. When traffic comes to me, it's my business what I send in reply. A RST, nothing or a "thanks for sexual services".

Comcast is the carrier. They have no business sending RST packages. Their business is to transfer packets to and from you. If you allow them to manipulate your packets (which this essentially is, injection of packets is by no means different from altering them, it changes the data stream and the information transmitted), you can never be sure that what you sent is what arrived on the other end.

Re:

[mzs]

You realize that they can send the RST to both ends right? You realize that unless you are using something like RAW sockets your app won't have a chance to see the RST? Do you really want to re-create a TCP IP stack in your bit torrent client?

Re:

[Kadin2048]

No, they won't, and it's not as easy to filter out RST packets as you seem to think it is. TCP RST packets are handled by the network stack, which is part (usually) of the OS kernel, not userland applications. So to block them, you'd need to change things at fairly low levels of the system, and you'd have to change them at both ends of the connection -- the client requesting the content and also the server supplying it (in the case of web traffic that you're trying to block).

And you really do not want to st

Evidence is already out there

[poetmatt]

take a look at http://www.dslreports.com/forum/comcast [dslreports.com] and you will note that plenty of examples of this impersonation exist. They disconnect by impersonation after about 10 seconds of seeding, and it seems to be courtesy of Sandvine. Gotta love lack of net neutrality here, although I am not in favor of extreme net neutrality, some would be, well, nice.

Re:

[MobyDisk]

Just curious, but what is extreme network neutrality?

EXTREME Neutrality

[Kadin2048]

Just curious, but what is extreme network neutrality?

Network neutrality, enforced by roving bands of ninjas.

Re:

[poetmatt]

wait though....this is like microscopic/hacking, so wouldn't it be minjas? [youtube.com]

Re:

[Ahnteis]

I can understand limiting certain protocols. I don't like it, but I can understand it. Network neutrality though, as I understand it, is more about not promoting traffic to or from certain destinations. It's common practice to put certain types of information (as you mentioned) at higher priority. The problem is when NBC gets higher priority the Small News Channel because NBC paid off Comcast.

It didn't escape attention on Slashdot!

[Cheesey]

Last time this piece of news was discussed [slashdot.org], someone helpfully posted a solution [slashdot.org] for your Linux firewall.

read the rest of that thread

[Kadin2048]

That solution as written doesn't work [slashdot.org], and even if it did, might still screw up the connection [slashdot.org] (because you want to un-set the RST flag, not throw away the whole packet). Also, some people have indicated that Comcast is doing more than just forging RSTs, they are also eating packets along the way [slashdot.org], so it's not a silver bullet.

It's Not A Crime....

[asphaltjesus]

If no one prosecutes.

This one stands an extremely low probability of actually improving comcast's service from a consumer-geek perspective. Quick and dirty reasons why:

1. Comcast is in up to their necks with municipal politicians. They need campaign contributions from Comcast.
2. Comcast is in up to their necks with state politicians too.
3. What's the penalty here? Certainly not meaningful enough to warrant the expense of a trial.
4. Since when do consumers Comcast's terms of service? They'll spew the usu

Re:

[WindBourne]

I am amazed that more lawyers are not here on /. looking for such cases. Many legal issues to weird things get started here. If I were a lawyer, it would seem like a good place to chance an ambulance (and even have the case started).

But, this is awsome

[iONiUM]

I'm so glad I live in Canada.

Re:But, this is awsome

[QCompson]

I'm so glad I live in Canada.

Why, because of the weather? It can't be because of your traffic-throttling happy ISPs:
http://torrentfreak.com/rogers-fighting-bittorrent -by-throttling-all-encrypted-transfers/ [torrentfreak.com]

Good heavens...

[Otter]

...forging data to and from customers is a big no-no...

I realize that to the nerdish mind falsifying the sender of an IP packet is equivalent to "impersonating another", but no sane prosecutor would ever make such a case.

MOD PARENT UP

[Bryan Ischo]

I agree. This is exactly what I thought when I read the article submitter's summary. If I had mod points I would mod you up.

Re:

[Opportunist]

Show me a prosecutor who knows a thing about TCP/IP and isn't just listening to the first person talking to him and we'll talk.

Re:

[KiahZero]

Why not? Comcast is, by sending out fraudulent packets, sending information which states, "The computer you're connected to has terminated the TCP connection."

To analogize, A and B are two people, with a significant geographical distance between them. They send a truly ridiculous amount of letters back and forth, and the postal carriers don't want to carry them. Thus, a postal carrier sends a letter to A, in all ways looking as if it came from B, telling A that B never wanted to speak with A again. Is it an

Re:

[Bryan Ischo]

Even if it *is* impersonation (and I don't agree that it is, because the packets in question are part of a networking protocol and not messages being sent by one person to another), it's impersonation of one computer by another computer. I don't think it necessarily follows that this can be construed as impersonation of an individual, especially when the mechanism for this supposed impersonation is a low-level networking protocol packet, not a user-generated message.

Pro-consumer madness!

[Yath]

New York, a state notorious for its aggressive pro-consumer office of the Attorney General, makes it a crime for someone to "[impersonate] another and [do] an act in such assumed character with intent to obtain a benefit or to injure or defraud another."

Crazy. Almost makes me want to move to New York.

Re:

[Dachannien]

Forget it. Eliot Spitzer has too much ambition to stay where he's needed most.

Why?

[timeOday]

Technical question: why does Comcast do it this way? Why not do flow control the normal TCP way - drop packets on the floor?

Re:

[Opportunist]

Probably because then they'd have to peek into every single packet going through them and deciding whether to forward or drop it. This way, they don't have to see every packet, they just have to take a sample every now and then (read: a few times per second) and if it's found to be for a torrent, they just tell you to drag the connection down and discard all further packets coming for this connection.

Not unexpected activity

[SmoothTom]

Comcast, like most large companies, tend to do things they wish to do assuming they are right unless they are slapped down.

IANAL, but I hope that Comcast IS running afoul of the law, and that one or more AG offices will bring it to their attention and force them to stop.

(No, I'm not a Torrent user, I just don't like companies assuming they are above the law.)

I won't hold my breath, though - I don't like turning blue and falling to the floor...

--
Tomas

Standard Approach

[madsheep]

This method is how most content filters do their jobs. Why not just drop the traffic you ask? Well here's why.. if you don't reset the connections, both sides will just continue trying to communicate with one another by retransmitting the packets. That's why it's TCP and not UDP.. the whole trying to guarantee the delivery thing. Now, they're not just blocking on IP addresses. If that was the case they could just drop the traffic altogether and not need to "forge" anything. However, since it's discovering the traffic is P2P related later on, it does it in such a fashion.

Now the other thing is that the IP addresses being used are owned by the ISP. I am not so sure this is really forging something on behalf of the customer that's breaking laws. The customer doesn't own that IP. On top of that (and I am ASS-U-MING HERE) they are probably breaking the acceptable use policy for the ISP. If they don't allow P2P stuff, you're in violation. They could do a lot worse stuff to be a PITA than just reset your connections. :)

Re:

[SmoothTom]

Some companies use torrent aas a distribution method for their legal, legitimate software and movie distributions.

The originating IPs do NOT belong to Comcast.

By impersonating those originating IPs to terminate the connections is Comcast breaking either the law or contracts?

I believe that is the question.

--
Tomas

Actaul chat session dialog.

[moseman]

Christopher(Tue Sep 04 2007 17:54:47 GMT-0400 (Eastern Daylight Time))>

Please provide me with a complete list of TCP/IP ports which Comcast actively blocks/filters/or limits traffic to users??

analyst Tallilee.7304 has entered room

Tallilee.7304(Tue Sep 04 2007 17:54:50 GMT-0400 (Eastern Daylight Time))>

Hello Christopher_, Thank you for contacting Comcast Live Chat Support. My name is Tallilee.7304. Please give me one moment to review your information.

Christopher_(Tue Sep 04 2007 17:55:23 GMT-0400 (Eastern Daylight Time))>

Hi

Tallilee.7304(Tue Sep 04 2007 17:55:18 GMT-0400 (Eastern Daylight Time))>

The only ports that may be actively blocked on the Comcast network are 67, 68, 135, 137, 138, 139, 445, 512, 520, and 1080 at this time. Any ports that are blocked will not be unblocked. If the port you would like to use is on this list, please select another port to use with your software. There are over 10,000 ports available for use. Please be advised that Comcast reserves the entitlement to block any ports on the network without prior notice. We thank you for understanding this security policy.

Christopher_(Tue Sep 04 2007 17:56:14 GMT-0400 (Eastern Daylight Time))>

I have read that Comcast is now actively retarding bittorrent traffic.

Tallilee.7304(Tue Sep 04 2007 17:56:09 GMT-0400 (Eastern Daylight Time))>

That is not a true statement.

Check this out...

[xquark]

Have a look at the method on line 22330
http://cvs.opensolaris.org/source/xref/onnv/onnv-g ate/usr/src/uts/common/inet/tcp/tcp.c [opensolaris.org]

"it's legal to block traffic on your network"

[roystgnr]

It shouldn't be. These companies are advertising access to the internet, there are decades old standards that describe how the internet is supposed to work, and "dropping packets because an router owner might not like the contents" isn't in any of the RFCs. There's a reason why Prodigy, AOL, MSN, Compuserve, and all the old proprietary networks had to become ISPs or become bankrupt, and that's because consumers demanded unrestricted networks. Giving us restricted networks but just calling them "internet access" is fraud.

Block Comcast Customer From Everything

[DynaSoar]

Slap a filter on all your web sites and torrent trackers that keep Comcast customers out.

Give the reasons that all the bogus resets cause wasted connections and time and deny legitimate users from using the service effectively.

That's just the technical end. No effective net changing strategy will work on only that basis. It requires social fixes also.

Notify Comacst customers what's happening and why. Tell them the action is against Comcast, not them, that you're sorry for them, but have no other choice due to Comcast's actions. Tell them to contact Comcast to tell them to either remove the block or they'll change services or call a class action suit.

The Comcast users become collateral damage. It's a sad thing, but it's what happens sometimes. If it's presented to them in the right way, they'll become and loyal and effective allies.

It's worked before. Against Worldcom/UUNet, PSINet, the pipe into India via their country's long distance, network and satellite company affecting 90% of India, and others. It was called the Usenet Death Penalty. Look it up. It made news stories all over the world. The biggest, against Worldcom, was launched on a Friday evening so they couldn't react until Monday, and by Thursday afternoon John Sidgemore made them change their corporate policy to cut off their downstreams that were major spam sources (which was the reason all these were done). In all cases I/we got many emails from effected customers decrying the need for this, but supporting the action and us, most of them promising to step up complaints against the company involved.

A key is to get individuals participating in doing this based on a publicized suggestions from someone who doesn't participate. That makes the people doing it a temporary autonomous group, not an official body or organized group with a membership or leadership. The result of that is each individual has to be pursued one by one, and they can just drop off if and when they need to, and come back on at another point. Best way is to set aside a few people who aren't participating themselvess, but are holding forth the whys and wherefores, and acting as contacts for the affected users, the press, and inevitably the company.

It works, oh my yes. Combine technical and social tactics, and you'll have them by the nadgers. As big and bullying and rich and litigious as the companies are, they all rely on a user base. When that base threatens to jump ship, they listen and things get done.

The 70% to 80% figure doesn't hold water. The same was said about the increase in traffic on usenet binaries groups, and that was fought off in some cases and gave rise to companies advertising specifically to provide them in others. There's nothing in their TOS that says what sort of programs the users can and can't use, just as when they decided to start dropping and blocking alt.binaries.*. There's stuff about illegal activities which is good and for a good reason, but it's up to the company to prove that's going on. If they don't, forcing their customers to drop P2P connections regardless of content is denial of service, and that's illegal. Since their doing it to people who are paying them to provide the service their denying, it's also fraud. With those points made to the media prior to and during the action, and with some affected but supporting Comcast members having their word in, it'd be damn hard for Comcast to defend itself without looking like thugs, and if they don't defend themselves they look like hypocritical and greedy thieves.

I'm serious. This works a charm. Set up and laid out properly, its the perfect media fodder to garner support -- the little guys inside and out fighting the awful corporate ogre to take back the net. And, it stirs up righteousness more of the affected users, bring them on board, and it's enormous fun for those doing the actual fighting against the suits.

Not planned and executed properly, it falls apart when the press is able to make the action look like a blackmail attempt. P

Re:

[Nimey]

Do you want to work for Slashdot?

Re:

[Surt]

... If so you're out of luck, because they aren't hiring.

Re:Typo

[BronsCon]

Obviously not, he edits.

Re:Typo

[Tribbin]

You made an spelling error last January 22nd:

"un-realisically"

http://slashdot.org/comments.pl?sid=218196&cid=177 12652 [slashdot.org]

You are welcome.

Re:Typo

[DieByWire]

You made an spelling error last January 22nd:

You made a spelling (or grammar) error today.

You're welcome.

Re:Typo

[Anonymous Coward]

You made a spelling (or grammar) error today.

You're welcome.

I found no errors in your post. You must be new hear.

Re:Typo

[mazarin5]

That's a realisic explanation and I believe you :)

I don't know

[everphilski]

Maybe they are kinky and really into violating statues ...

Re:

[toddhisattva]

I was forming such a clear mental picture of a comcast violating a statue. Too bad I can't draw.

Does it mater to you that you are wrong?

[SmoothTom]

MANY legitimate downloads of software and movies are via torrent.

Blocking the legal and legitimate downloads is NOT what the users are paying their provider (Comcast) to do...

--
Tomas

Re:

[garylian]

They did when I played. Though at this point, probably half their players get it from FilePlanet.

I think Blizzard got a cut from all FilePlanet subscriptions that happened 3+ months after WoW launched.

Re:

[zakezuke]

So now we get to read all the self-important posts from people who download copyrighted movies games and software complaining because what someone else is doing may break the law?

pot kettle etc.

Nobody who is downloading copyrighted stuff has any right to complain about this. As a content provider, I'm glad this ISP is taking a stand on behalf of people who actually create new content.

There is a commercial aspect to P2P... for example AOL (in2tv) offers free media downloads using BitTorrent. In fact, it's been a great boom to push older content which has little commercial value yet a nitch market. As for new content, BT is a great system of distribution with a low in cost.

If you are truly a content provider, you should respect the rights of other content providers in choosing how they wish their material to be distributed.

Re:

[iggymanz]

no, it's just criminal. I use p2p for dvd and cd of open source software, and the download rates I get are 20 to 50 kbs. nothing the ISP would even notice. I'm paying for connectivity, not censorship based on on a suspicion I might be pirate. I'm glad I don't have comcast anymore, now I'm paying 1/3 the price for adsl.

Re:

[Danse]

Sending a RST packet is a perfectly legitimate way to close an unallowed TCP connection.

Is there any reason that someone couldn't configure their machine to ignore the reset packets?

Wherefore art thou mod points?!

[Ahnteis]

Yes, yes I did laugh. :)

Re:

[StrongAxe]

However, I also have no problem with Comcast restricting the type of traffic that comes across their network.

This is all well and fine, if they actually said in their TOS that bittorrent traffic is not permitted. But they don't, do they?

Let's not pretend that most torrent traffic is legitimate...we all know it isn't. That's like suggesting legalization pot for everyone because it may help with some the side effects of chemo (there is no glaucoma benefit, btw). That argument has nothing to do with the g

Forged RST is a perfectly valid firewall technique

[Jimithing DMB]

Huh? Have you ever even set up a firewall? Assume you do a real one where the firewall system sits in the middle of all connections. There's various ways to handle the blocking of ports. One way is to outright block the port. Another way is to send something like an ICMP service unavailable (in response to UDP) or a TCP reset (in response to TCP). Either way, the firewall basically must forge the source address of the packet.

When I set up a firewall I often outright drop anything coming in from the internet destined for windows file sharing ports (135, 137, 138, 139, and 445 among others). The traffic simply never passes the firewall and just goes into a black hole. However, if the traffic came from the network I am firewalling (the "inside" so to speak) then I'll usually configure the firewall to respond with a TCP RST. Why? Because if you respond with a TCP RST then the Windows client will immediately recognize that it can't connect rather than waiting for 60 seconds or longer. If I accidently mistype an IP of some machine I really don't want to have to wait 60 seconds while Windows Explorer completely HANGS because there is basically no way to cancel a request.

By your logic, I should now be brought up on charges because I forged a TCP RST.

Now, in this case their firewalls aren't in the middle but are merely snooping on traffic. When they want to drop a TCP connection they simply send a RST to both ends which does the job nicely without having to have the firewall pass all traffic. If it drops a packet, it's not that big of a deal. If it goes down there's simply no longer a firewall.

What most people seem to be mad about is that Comcast is using a firewall on their traffic. But ask yourself what would you do if you were in Comcast's position. There is no way in hell they could afford to provide the full advertised downstream and upstream bandwidth 24/7. That's why your cable modem costs a whole lot less than a bandwidth-guaranteed T1. And it's not just for consumers. Businesses who just want an internet connection are now able to get cable modems as well and it's a huge money saver over a T1 because it means you get to burst at much faster speeds and aren't paying for the full bandwidth all the way to an internet backbone which you aren't even using anyway.

BitTorrent is by design a very greedy protocol. It is fully intended to suck up every last drop of available bandwidth. Comcast has a number of customers to serve with its limited uplink bandwidth. What it does have is pretty amazing but it's still nowhere near capable of saturating every subscriber's line simultaneously. When you got your cable modem service you agreed to this. That's what the whole "speeds may vary" footnote that accompanies cable and DSL advertisements is for.

Comcast is not in fact outright blocking BitTorrent traffic. It seems instead that they send a RST to both ends of BitTorrent TCP connections to force them to close. BitTorrent will turn around and make another connection with different peers. My guess is that they aren't killing all connections, just a random subset of them. This has the effect of throttling BitTorrent down without actually preventing anyone from using BitTorrent, just preventing BitTorrent from taking up all available network bandwidth.

What would you suggest that Comcast do? Not throttle anything? They'd have to increase their uplink bandwidth considerably. Do you suggest the government force them not to firewall anything? Now what.. who do you think is going to pay the added cost? It sure as hell isn't going to be Comcast, they'd sooner exit the business entirely, as would any other sensible business person.

The bottom line is that it really makes no difference what BitTorrent is being used for. Even if you're using it only to download the latest ISO of your favorite Linux distribution it still costs Comcast a lot of bandwidth. A lot more than if you were to just find a fast mirror with the ISO you want. I am pretty

Re:Forged RST is a perfectly valid firewall techni

[bm_luethke]

I'm skipping the TCP RST as I mostly agree with what you are saying, though I would say that comcast doing it is MUCH more irritating than myself doing it. I agree with many posters above that it should call into question their common carrier status if they are only doing it to file sharing protocols. You can't have it both ways.

"But ask yourself what would you do if you were in Comcast's position. There is no way in hell they could afford to provide the full advertised downstream and upstream bandwidth 24/7. That's why your cable modem costs a whole lot less than a bandwidth-guaranteed T1. And it's not just for consumers. Businesses who just want an internet connection are now able to get cable modems as well and it's a huge money saver over a T1 because it means you get to burst at much faster speeds and aren't paying for the full bandwidth all the way to an internet backbone which you aren't even using anyway."

Therein lies the problem - at least where I live Comcast runs tons of commercials showing people cheering about the money saved with no loss going with them. Were I in Comcast's shoes and I were not able to provide that I wouldn't advertise it as such - especially if it was something I was artificially throttling through TCP resets (MUCH harder to defend in a lawsuit). Had they sold their service under a different idea then yea, I would fully agree. But at is they heavily commercial one thing, have their service contract vaguely say something else, and finally do something totally different from both and hope people bend over and take it because "what else are they to do - it costs too much money".

There is no reason to quote the rest of your stuff as I agree - Bittorrent is a bandwidth hog and Comcast has WAY oversold what their bandwidth can service. But then, that is their fault for advertising things they can not hope to even come close to covering. There is no other consumer market where that is acceptable. Lets face it, if Denny's ran commercials with normal ingredients as caviar, swallows nest, sea bass, truffles, and other high end items, put a small note in the bottom "ingredients may differ", and then you got spam, American cheese, and old lettuce there would be a VERY strong legal case against them. No difference here - they shouldn't commercial what they will not give and the small print isn't going to save them. With them also heavily commercialing their home service for streaming videos this is only going to get worse.

That being said - I use Comcast and have had no real issues. In fact, I'm constantly surprised what I do doesn't get any note sent to me. This month I have over 70 gigs down and an unknown amount upstream and not a peep from them, this was not really a heavy or light month and I've been a customer for about 6 years now (and there have been months where I have gone WAY over that). I've had their service technicians be as courteous as can be expected (though since I generally knew what the issue was I just pretended to do what they wanted until I got to who I needed to talk too, I understand why the lower level people wouldn't just move me on and stayed very polite) and I even had my cable modem replaced at no charge or questions when I told them it "quit working" (I spilled a bottle of soda in it).

But, if I had the above happen to me I would be quite irritated - they sold me a service and I expect the service they advertised to be provided. I can pay the same price to the local DSL provider and have *none* of those issues though their advertised bandwidth is less you *do* actually get all of it (and it is greater than what many are reporting). That type of little finger to mouth rationalization doesn't work in almost any other field and I suspect it will not work if this type of thing goes to court. My guess is that I live in a fairly rural area and they do not have bandwidth issues so I get to hog all I want.