Re: Comcast is using Sandvine to manage P2P Connections

Re: Comcast is using Sandvine to manage P2P Connections
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » Comcast » Comcast HSI » Comcast is using Sandvine to manage P2P Connections

funchords @ 24th Aug 07:55PM:
Re: Comcast is using Sandvine to manage P2P Connections

I found a patent application by Sandvine where they describe a proxy server between a network segment and the Internet.

Of extreme interest is the handling of the judgment of the Application Analysis device -- it is described on Page 19 of the PDF and shown on Page 4 of the PDF.

said by Sandvine Patent Application 20040006643-TCP proxy providing application layer modifications :
[0097] State machine 100 will on occasion need to generate segments, for example when:

•[0098] a) sending ACK segments to the sender to force the sender's rapid re-transmit algorithm to activate;

•[0099] b) sending ACK segments to the sender when entire segments are deleted by application layer analysis module 104; and

•[0100] c) sending RST segments in both directions when the flow is forcibly terminated by application layer analysis module 104.

[0101] This generation of segments is handled by segment generation module 106.

That describes exactly what I'm seeing!

The entire application makes great reading, but it's quite technical. It's literally a Master Class on how to successfully perform a man-in-the-middle attack -- not just using RST to tear down connections. It describes how to replace original data and forge the packets, checksums, fragmentation, ACKs, Sequence Numbers, and etcetera to make the replacement undetectable by the two peers that are exchanging the data!

Attached is a PDF, with my comments on Pages 4 and 19 (I really had trouble with the images US Patent Office's site - click HERE), so I made the PDF.

[att=1]

I'm feeling pretty vindicated right now. Someone in Comcast's PR department needs to get an education on what's really in their network!
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.
Sandvine Pat···6643.pdf
Sandvine Patent Application 20040006643-TCP proxy providing application layer modifications
reply
alucard_x @ 24th Aug 08:24PM:
Re: Comcast is using Sandvine to manage P2P Connections

interesting find.. perhaps we have enough pieces to figure out a solution.
reply
EG @ 24th Aug 08:58PM:
Re: Comcast is using Sandvine to manage P2P Connections

I have been following this thread from the beginning, and although I'm not affected by this (yet ?), but for what it is worth, I felt that I had to say that have really done your homework Mr. Funchords !

I've have found this thread to be very interesting reading and I'm certain that you have opened many eyes and enlightened many readers, and for that you deserve an A+ :)
reply

Thank you for using lo-fi dslreports.com - report bugs
© 99-2008 silver matrix LLC