If i alter packets going to someones computer, im doing so unauthorized and am in trouble, am i not?
Probably in violation of one, or another RFC, but not of any law that I am aware of. I am pretty sure that I thought i was the one paying a bill for bandwidth use.
If you are receiving packets from a corner of the Internet which requires transit through AT&T Worldnet Services, or Level 3 routers, Comcast has to pay them for that transit.If anyone is not using their Cable bandwidth at its fullest it is like paying 5 times what you would already be paying for the same meal down the road.
Most ISPs base their business model on residential consumers not running their connection at full peak bandwidth 24/7.If it were me i would get the cheaper same quality meal. And it looks like Comcast is gonna have a big change in their customer base if they dont stop making ridiculous changes in our service.
Comcast isn't changing. Customer expectations are changing.I have not had a full connection since they took over a few months ago. I have had numerous technicians out to look at our issue and they through their hands in the air and say they have no clue where the problem is. Take into consideration that these technicians are prior Adelphia employees so they might not be aware of any limitations on system, although i find it doubtful. I am glad to hear that i am not the only one in this takeover that is having issues of this type.
I expect that the changes caused by the Comcast buyout of financially troubled Adelphia have a lot to do with commitments for transit services. You could test that, if you had any trace routes from the Adelphia days. Trace route to the same points under Comcast as you did under Adelphia; see if they are still using the same transit routing to places like Google, or MSN, or Yahoo!.What i want to know is how much Comcast is actually saving while i am limited with my broadband usage when they are not giving me at any time i can testanywhere close to my 8MB connection.
Say i have a land line phone with BellSouth/AT&T, they tell me i have connection 24/7 365 but i can not use that line for more than so many hours of use per day otherwise it ties up the lines for everyone else.
Well, I know for a fact that none the ILECs If the ISP can not afford to offer 8MB connection to its customers at full bore 24/7 365 than they shouldnt do it. Because some of us out here in this world will use what we pay for. It is your choice whether or not you wish to do so. If i didnt want or need the 8MB connection i certainly wouldnt have upgraded.
This is the part where the customer expectations are changing, and the ISPs need to adjust. I suspect that some percentage of the people using the Internet still use it in a limited sense; but more are finding ways to use their bandwidth than the ISPs have counted on. I suspect that it is time to start charging for a base amount of data moved; say, $42.95 per month for up to 150GBytes, and charge extra, in a metered fashion, for data volume in excess of the base rate. Just as you pay per kilowatt hour for electricity, or per gallon for gasoline.I think its rather deceptive if what you are saying is the case. And i am certain that it will not take much time until most of the Customers that demand the most out of their bandwidth get fed up with the BS.
I honestly don't have a count on Comcast's high volume data movers; a Comcast insider seems to think it is on the order of 0.10%. That isn't enough to break any company.Same as the government so i suppose they would agree with Comcast or any other ISP that uses the same tactics. This is my opinion and i am sticking to it.
As I have said, ISPs base their business on the assumption that normal users aren't using their computers 24/7; even though they can access the Internet 24/7. Most people I know don't spend more than a couple of hours per day online; most don't download a lot of movies, music, porn videos, anime, etc.It is not my responsibility to make sure my ISP can give me the service i am paying for, it is their responsibility. My responsibility as far as they are concerned is to pay my bill a month in advance for service i have not received and assume it will be as described. I am not going to put money out month after month while they are scratching their heads about my connection issues.
What does the Comcast fine print say?This is false. When comcast and AT&T signs up at a public peering point, everyone and their uncle wants to peer with them. They have to pay for transit for a small fraction of their traffic. My source is the public peering database.
AFAIK, nobody signs up with Comcast to use their backbone for transit between non-Comcast endpoints. The only trace routes I have seen posted seem to support that; the Comcast backbone always appears to have one end at a Comcast POP.said by alucard_xi believe someone earlier in the thread noted how these RST packets had a reserved bit set that isn't usually used. perhaps this could be used?
this is a good idea, now the smart people just need to step up and try it out. :)
[/BQUOTE :if it is always set and only set in comcast forged packets then yeah it would super easy to spot and re forge only the packets that need to be reforged
legit RST's would get through then which would be great.
however, you could never count on that and comcast could change it easy also to be random etc... It makes be wonder what affect that bit has on all this. It may be just a simple way for comcast to quickly identify forged packets which then their routers would mark as low priority packets.
reply
funchords @ 20th Aug 08:03PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by DrCable :
Since you should be using a dedicated port for just bittorrent
True for incoming connections, not for outgoing.
reply
EG @ 20th Aug 08:17PM:Re: Comcast is using Sandvine to manage P2P ConnectionsResistance may be futile.
I would think that the Sandvine engineering team is doing its homework....
--
Let us never forget 9/11reply
dfxmatt @ 21st Aug 03:47AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI would like to know really. Can someone give me an email address to send an ethereal capture about 2mins long of attempted seeding (100% disconnects) to? I can't tell if comcast is resetting. What do I filter/ what do I specifically look for in these continual RST flags to determine if this is comcast's doing? (I'm on comcast and somewhat new to ethereal).
To explain, I don't know enough about networking so for me it is speculative, so I was wondering if someone could analyze these results (I do however know how to make ethereal listen to my port, just not what to filter/etc). And I don't want to assume improperly. So can someone explain these results and show me if they are the type that the OP was referencing?
I got a very aggressive technician when I called about this issue over the phone. I asked him how I was getting a reset flag about the issue and then he goes on saying how comcast can't be doing the resets and I provide him a comcast IP and he basically refuses to say anything. (I recorded the conversation; I will turn it into mp3s and add it)
I don't like it if comcast is preventing me from sharing a legitimate file with friends (A Japanese anime series that is not licensed in the US is fair game/legit sharing as far as I knew)
  resets 337,267 bytes
This was the log | test 1,356,494 bytes
2nd test with pingable lniksys router |
NormanS @ 21st Aug 05:04AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by dfxmatt :
I don't like it if comcast is preventing me from sharing a legitimate file with friends (A Japanese anime series that is not licensed in the US is fair game/legit sharing as far as I knew)
I suspect it has less to do with the legitimacy of the files (and anime
is protected by copyright law; if the Japanese companies owning the rights want to stop distribution through P2P channels, they have every right to), and more to do with "quality of service" for all Comcast users.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
anon @ 21st Aug 06:25AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :said by DrCable :
Since you should be using a dedicated port for just bittorrent
True for incoming connections, not for outgoing.
no true for both. All in and out are on the same port
if you use a decent client. All my torrent traffic
both in and out is all on the same port because Azureus
allows you to set it that way. it would be silly not
to use just 1 port when you do not have to.
reply
anon @ 21st Aug 06:37AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :said by DrCable :
Since you should be using a dedicated port for just bittorrent
True for incoming connections, not for outgoing.
BTW it is moot on out going since the packet will be forged by comcast before it reaches the peer. so no matter what and even with crappy clients you only need to sniff and re forge incoming traffic. it will be up to the others to sniff and re forge THEIR incoming traffic.
reply
anon @ 21st Aug 07:02AM:Re: Comcast is using Sandvine to manage P2P ConnectionsEveryone a HUGE part of this is if comcast is forging packets that are heading outside comcast net. I can see comcast doing it to all torrent packets coming in to you and all out going packets headed to other comcast users but doing it to packets headed outside comcast net is asking for trouble.
it would be very bad if they did since many ISP's world wide claim to be p2p friendly and I doubt they would look kindly to comcast sending sabotaged packets to their customers and then having to spend time and money explaining to their customers why things are fubar.
time will tell huh :D
reply
dfxmatt @ 21st Aug 08:17AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI will consider releasing the recorded conversation to the local news and see if they bite.
I agree with Dr. in that what they are doing is not only a big deal in terms of net neutrality (not getting what we paid for), and also in terms of we never received a communication stating "we will not allow you to share files on torrent applications". Yes they have the whole speech about how they can modify things at any time but if they don't notify you = not allowed. There was a lawsuit in regards to this: »
blogs.techrepublic.com.com/tech-news/?p=940 . This was not a new lawsuit. Says just because the contract is online doesn't mean that you can make changes without notification.
So tell me, when did you all receive a letter about torrent throttling? :)
reply
AthlGrond @ 21st Aug 10:29AM:Re: Comcast is using Sandvine to manage P2P ConnectionsA customer signed an agreement with AOL; AOL then sold its telephone services, then the new company changed terms without customer consent, or even notice, to hike prices, force arbitration, and bar class actions.
I'm going to guess that Comcast will see pricing changes and terms are different from blocking ports or throttling specific kinds of traffic when it comes to informing consumers. (Especially when you aren't bound to a long term contract in the latter case but are in the former.)
--
"It's like a Zen koan - if you say something stupid, and no one is there to hear it, are you still an idiot?" -Mike Krahulikreply
anon @ 21st Aug 11:36AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by EG :
Resistance may be futile.
“the Internet interprets censorship as damage and routes around it.”
John Gilmore, Co-founder, EFF Circa 1990
China may well disprove this, but ISPs are hardly China.
-Greg
reply
EG @ 21st Aug 11:50AM:Re: Comcast is using Sandvine to manage P2P Connections[disclaimer]
"May be"[/disclaimer]
;) :D
--
Let us never forget 9/11reply
NormanS @ 21st Aug 11:52AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by DrCable :
All in and out are on the same port
if you use a decent client.
Are you sure?
The first three "KOZUE" lines are outbound connections, the last an inbound connection for a current "Torrent" I am in. Using BitTornado. You would only ever be able to make a single connection out if you only used one port for the outbound connection.
BTW, I wonder what download speed that Comcast peer seems to be having trouble with this torrent, if I am read was seeing before he got to 100% complete. I am only at 20% complete, yet his upload appears to be choked. See the screen shot.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
Torrent peers. |
dfxmatt @ 21st Aug 12:03PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI was able to seed the people that I was downloading from before it finished, once it finished it would send a RST ACK to anyone I connected to after about 8 seconds
reply
funchords @ 21st Aug 12:20PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :
WHERE: On the boundaries, at the point where Comcast connects to other points of the Internet,
I'm going to have to modify this, as I'm now seeing RSTs being forged on paths that never leave Comcast.net space.
Comcast techies -- can you help me understand why? Also, is there a decoder ring for the prefixes "GE," "TE," "PO," and etc.?
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
funchords @ 21st Aug 12:23PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by DrCable :
well of course because those peers fully expect you to reply but you are not going to since you dropping the packet out right.
don't drop/deny the packet. un set the RST flag or find a way to ignore the RST flag so you can use the data in that packet to connect to that peer so they know you are there and will send you data.
You might be absolutely right about that. I haven't tried that approach.
(PS: I think this exercise is entertaining, but ultimately the solution is to get Comcast to implement this correctly AND support it, or remove it altogether.)
reply
Karl Bode @ 21st Aug 12:24PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI think you'll need to get them to acknowledge it actually exists, first.
I've yet to get an official comment confirming these measures in any markets.
reply
EG @ 21st Aug 12:47PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :
Comcast techies -- can you help me understand why? Also, is there a decoder ring for the prefixes "GE," "TE," "PO," and etc.?
ge = gigabit ethernet.
te = ten gigabit ethernet.
p, po, pos = Packet Over Sonet (an OC-3 or faster connection).
1-1, 1-2, 1-11, 6-1, 9-1, 2-2, etc. = slot and port.
ar01, cr01, ur01 = probably a router name ?
--
Let us never forget 9/11reply
funchords @ 21st Aug 01:07PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by dfxmatt :
I can't tell if comcast is resetting. What do I filter/ what do I specifically look for in these continual RST flags to determine if this is comcast's doing? (I'm on comcast and somewhat new to ethereal).
I looked at your 2-minute log "resets" (which the attached file is actually resets.zip and the capture file is inside) and only found two that might have been suspicious: they were entries #602 and #1050. However, it's hard to tell whether the connection was healthy as it appears there were some dropped packets. Applying the filters I suggest below should help keep the number of dropped packets down.
I'm a little worried about your configuration, because your local IP address (192.168.1.100) is also the IP address often used by cable modems. It may be fine, but it caught me by surprise.
For your capture filter, just use "tcp" and check "Limit each packet to 768 bytes (just enough to be able to tell what is going on)." Then start capturing.
For your display filter, you can leave it blank if your computer is fast enough (black lines with red letters usually means the data is coming faster than can be captured and you are dropping data). Colorize Packet List is on by default, and RST packets are red with yellow letters. Or, you can use the Conversation Filter "tcp.flags.reset == 1" which will only show the RST packets. When you see a suspicious one, right click on it and choose "Follow TCP stream" and a new Conversation Filter is created that allows you to see it. Click on the drop-down next to the conversation filter to go back to your previous conversation filter (if any) and click Apply, or just press Clear for no filter.
RSTs with a Seq=0 are usually legit. RSTs with a Seq= of something else means that you should investigate further (look at the conversation, what happened just before).
Unfortunately, I couldn't open "test" neither as a zip or as a capture file. But hopefully, this is enough info to get you going.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
funchords @ 21st Aug 01:13PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Karl Bode :
I think you'll need to get them to acknowledge it actually exists, first.
I've yet to get an official comment confirming these measures in any markets.
I don't think they'll officially acknowledge anything (consider the ongoing invisible caps saga). But we do have some members "in the know" that have said so:
Seen HERE on page 2...
said by Qumahlin :said by comtec5 :
we do indeed use sanvines on each cmts
While you are correct that sandvine is in use and has been for quite some time, it is not used "on" a CMTS. Sandvine works hand in hand with the PacketCable protocol and acts as an application gateway.
This thread is going to garner hate towards sandvine because everyone is basing one users experiences to how things will always work and assuming Sandvine is something installed specifically to block/throttle p2p...that is not the case as there FAR CHEAPER solutions to that issue, many already built into current CMTS's which would negate the need of ever having a Sandvine box and policy server.
Sandvine is an integral application used by quite a few providers that HELPS with bandwidth for P2P, gaming, VOIP, etc. Are there cases where it will cause you to get lower P2P speeds, yes, but there are also cases where it will help with your general latency and will IMPROVE your p2p download speeds.
Sandvine even has a profile for Xbox Live clients (whether this is in use widespread is not known to me, but I know it was used at one point in my area)
Sandvines use at Comcast is not primarily as a P2P blocker, anyone who tells you that is lying or uninformed.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
dfxmatt @ 21st Aug 02:05PM:Re: Comcast is using Sandvine to manage P2P ConnectionsThanks func, I'm just starting to get into this stuff....I still can't figure out why it kept dropping every person I was trying to seed to. I wasn't sure if it was just someone getting the piece of the torrent intended or just getting kicked off.
I have a new log from today where the same situation appeared to occur (people would get kicked/dc after grabbing 1 piece of the torrent if even that much)...I seeded for almost 10mins and had about 50 people try to connect and all disconnect.
Anyway, with the TCP filter and the packetsize one, here is the new log. Anything different? This time I was wired straight to cable modem, no router.
Also how do I export a log from ethereal into some more-usable format? when I define a file beforehand it seems to come with these filetypes and the export command tells me the file doesn't exist (do I need to export into a blank zip or something?)
reply
funchords @ 21st Aug 02:38PM:Re: Comcast is using Sandvine to manage P2P ConnectionsIt's been over 3 months since my original post, so I decided to see if the numbers or behaviors had changed.
The numbers did not change, much. In May, 39% of my BitTorrent connections were killed by the RST flag, but I was still able to seed a torrent at my preferred speed (16 KB/s). Today that number is 46% killed, and still able to seed a torrent at my preset upload limit speed (16 KB/s).
What did change is the behavior toward BitTorrent's standard DHE encrypted connections:
Surprisingly, none were dropped! It was only yesterday or the day before that I noted encrypted connections were still being killed by RST, so this is new behavior for me. This could be due to policy parameters such as time-of-day, level of global or individual use, or localized adjustments -- so your milage may vary.
The test method:
1. Start a BitTorrent client performing an upload (seeding) to an established swarm.
2. Wait 5 minutes to allow connections and speeds to stabilize.
3. Record the starting number of connections and resets reported by "netstat -s" or start the batch file (see »
How to test how many connections are being reset by RST pack for details).
4. Wait 5 minutes.
5. Record the ending number of connections and resets, and determine the amount that took place during the test (or obtain the numbers from the batch file).
I used the above method on the same small (25-30 peer, 4 seed) swarm, using uTorrent 1.7.2.
No encryption ... 34 out of 73 reset (46%)
Encryption enabled (with fallback) ... 5 out of 20 reset (25%)
Encryption forced (no fallback) ... 0 out of 17 reset ( 0%)
reply
funchords @ 21st Aug 03:23PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by dfxmatt :
Anyway, with the TCP filter and the packetsize one, here is the new log. Anything different? This time I was wired straight to cable modem, no router.
Something is wrong. Your output is full of duplicate ACKs and just lots of evidence that you and your peers are having trouble with the TCP/IP protocol.
While I see a lot of RSTs, most of them follow a TCP conversation that was clearly falling apart. These are likely legitimate RSTs.
Maybe you are saturating your upload? Try setting your upload speed limit to 20 KB/s.
said by dfxmatt :
Also how do I export a log from ethereal into some more-usable format? when I define a file beforehand it seems to come with these filetypes and the export command tells me the file doesn't exist (do I need to export into a blank zip or something?)
I am using Wireshark, which is the new name for Etheral. You may want to see if your version is out of date.
On Wireshark, File - Export - File... allows you to choose TXT, CSV, etc..
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
funchords @ 21st Aug 04:43PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by NormanS :
BTW, I wonder what download speed that Comcast peer seems to be having trouble with this torrent, if I am read was seeing before he got to 100% complete. I am only at 20% complete, yet his upload appears to be choked. See the screen shot.
For most clients, that's normal. Most BitTorrent clients usually only unchoke 3-5 clients in their peer list at a time in order to keep the upload speed reasonable to each one. One exception is BitComet, which unchokes the majority of peers in its peer list, but might only upload at 0.5 KB/s to each.
The Download Rate column that you have circled means something else entirely. Basically, that is a rough calculation of how fast THEY are downloading (not uploading) based on the rate they report receiving new pieces to share. Since a seeder already has all the pieces, he never reports having new ones and so the rate is always 0.
reply
Karl Bode @ 21st Aug 05:51PM:Re: Comcast is using Sandvine to manage P2P ConnectionsFirst public denial that I've seen (and I've been trying to get a confirmation or denial for much of the week):
»
www.lightreading.com/document.as···d=132115 quote:
"We're not blocking access to any application, and we don't throttle any traffic," says Charlie Douglas, a Comcast spokesman.
Douglas didn't explicitly deny the use of deep packet inspection or traffic shaping products. "[Comcast] has a responsibility to manage our network to ensure our customers have the best service, and we use available technologies to do so."
Semantics I'm guessing. But this month I've seen other companies boldly lie about using traffic shaping, so who knows.
reply
funchords @ 21st Aug 07:24PM:Re: Comcast is using Sandvine to manage P2P Connections"We're not blocking access to any application, and we don't throttle any traffic," says Charlie Douglas, a Comcast spokesman
Both are true. BitTorrent isn't blocked, but some percentage of peer connections are being interrupted. It's not throttling, in the common way. Until this morning's Comcast-to-Comcast connection got reset (which may have been a fluke), I would say that it is more selective than that.
The Sandvine sales pitch to ISPs is that it's P2P product deflects or reroutes P2P traffic from more costly and congested routes to those less so, while preserving the customer experience. This behavior fits that description, except that there are problems that need to be addressed.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.PS: Karl, I just read your latest article. You covered my points quite well (even before I made them). :)
reply
Karl Bode @ 21st Aug 07:28PM:Re: Comcast is using Sandvine to manage P2P Connections quote:
Both are true. BitTorrent isn't blocked, but some percentage of peer connections are being interrupted. It's not throttling, in the common way. Until this morning's Comcast-to-Comcast connection got reset (which may have been a fluke), I would say that it is more selective than that
Yes, as noted, he's playing semantics and picking his words carefully. Note he doesn't deny that the company is limiting the ability of some users to seed fully. This is something RCN implemented but was far more
forthcoming about. The CEO even stopped by our forums to discuss it in full.
See our front page
reportreply
funchords @ 21st Aug 07:33PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI just read it. Great job!
reply
pokesph @ 21st Aug 07:57PM:Re: Comcast is using Sandvine to manage P2P Connectionsdid a test the other day.. watched the packets as i had a friend d/l a file from me using BT.. interesting results.. (BT uses port 61194 and this was a 2 min capture on a rather small torrent file.. just to see what would happen.)
screenshot of the 2 min packet capture BT test (one reset frame highlighted) |
anon @ 21st Aug 10:58PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI tried in utorrent 1.6.1, setting the Protocol Encryption: OUTGOING, as FORCED. And i noticed that a brazilian ip is downloading one of my linux isos. And the connection hasn't interrupted its been about 10 minutes straight. Maybe they are not able to knock down fully encrypted connections? If this is the solution, or part of it, i hope in the next utorrent releases and azureus releases the clients come with forced or enabled encryption as default.
reply
Diaboyos @ 22nd Aug 12:35AM:Re: Comcast is using Sandvine to manage P2P ConnectionsThis has just hit my area within the past few weeks. I noticed it really well about a week ago but haven't had time to look into it until now.
I noticed about a week ago that none of the peers I was trying to seed to would stay connected for more than a few seconds making it virtually impossible to seed anything.
It took me two entire days to seed a 38MB file! This should have been accomplished in about 15 minutes. Before you get the wrong idea about what I was seeding it was a very old film which is now in the public domain and is free to share. That is definitely one bad thing about the way they are handling this. By doing this the way they are doing it they are penalizing innocent people who use BT to share LEGAL files. P2P is NOT illegal. Only certain files shared on it are. To blanket the entire network with this aggressive throttling method is ludicrous.
Not to mention I actually pay more for their higher speed connection of 8Mb/80KB because I share my photography using BT. There are so many legal uses of the BT technology I can't believe it's legal for them to do this to their customers.
A few people said that using a VPN or SSH tunnel will stop their interfering. As well Azureus recommends an encryption of Level 2 and up for Comcast users and to enable the Lazy Bitfield option. I already had Level 2 encryption now I'm gonna try the Lazy Bitfield.
Azureus has already updated its Wiki page adding Comcast to it's list of bad ISPs because they block uploads.
reply
rseiler @ 22nd Aug 12:43AM:Re: Comcast is using Sandvine to manage P2P ConnectionsAnother non-denial denial here:
»
news.com.com/8301-10784_3-9763901-7.htmlAnd as a special bonus, we learn that it's not a good thing to send 13 million emails a month. I keep it to 12 million myself.
Meanwhile, 100Mbps Internet is $14/mo in Japan....
reply
NormanS @ 22nd Aug 02:06AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by rseiler :
Meanwhile, 100Mbps Internet is $14/mo in Japan....
Citation?
It looks like
Yahoo! BB 50M Revo (50.5M/12.5M ADSL) is $39.51 per month.
Going by the dollar-yen exchange rate at 11:05 PM (just before this posting).
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
rseiler @ 22nd Aug 02:12AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by NormanS :said by rseiler :
Meanwhile, 100Mbps Internet is $14/mo in Japan....
Citation?
I saw it here:
»
www.pbs.org/cringely/pulpit/2007···683.htmlreply
NormanS @ 22nd Aug 02:35AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI don't know who the author is, or what service he was getting, or how to verify his claim. I only know how to go to a Japanese web site and find the service by speed and price. SoftbankBB+Yahoo! offers 50.5Mbps/12.5Mbps for 4,521¥.
I also know that AT&T U-Verse requires the customer to be within 3,128 feet of a VRAD in order to get the product; not sure about bandwidth limits within that distance, other than 25Mbps divided between Internet (6Mbps max) and IPTV. So I would guess that getting 50Mbps Internet would require being right on top of the DSLAM.
I suppose a lot of people in Tokyo can get it; but I am wondering how many people in Sapporo, or Aomori can get it that fast and cheap? And how many Japanese, given the choice between $20 1.5Mbps and $40 50Mbps will choose cheap over fast?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
funchords @ 22nd Aug 10:43AM:Re: Comcast is using Sandvine to manage P2P ConnectionsMore story sightings:
Comcast (CMCSA): We Don't Throttle BitTorrent - Silicon Alley InsiderComcast Wrongfully Denies Interfering with BitTorrent - TorrentFreak--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
funchords @ 22nd Aug 12:46PM:Comcast P2P Mgmt: Wireshark BitTorrent ExampleThis is a typical example of the RST interference that I am seeing. In this case, the connection is not encrypted, and the interference occurs during the handshake.
My comments in "quotes" below:
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
funchords @ 22nd Aug 12:50PM:Comcast P2P Mgmt: Wireshark eMule ExampleSince WireShark's translator for eMule is pretty good at identifying what's going on, there's no need to show the Byte-by-Byte details as I did with BitTorrent.
I ran the eMule session for about an hour. Here are the results:
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
mrweirdo @ 22nd Aug 05:48PM:Re: Comcast P2P Mgmt: Wireshark eMule Examplehrm i wonder what would happen if everyone who did the iptables trick to drop RST packets instead rejected those very same packets. If enough people did it I bet it would create a bigger load on the network then what Comcast was hoping to save in the first place. It might give Comcast a little of their own medicine by crippling the network ;) j/k
reply
EG @ 22nd Aug 06:07PM:Re: Comcast P2P Mgmt: Wireshark eMule Examplesaid by mrweirdo :
It might give Comcast a little of their own medicine by crippling the network ;)
Great idea... Bite off nose to spite face... Let's all suffer :uhh:
reply
mrweirdo @ 22nd Aug 06:26PM:Re: Comcast P2P Mgmt: Wireshark eMule ExampleYeah not the best idea ;) but I'm sure there is people out there thinking of that. The bad part is its quite possible with the method Comcast uses.
Anyways I seemed to have found a workaround combination that works for me at least for now. I'm dropping the RST packets with my firewall, then have azureus set to use lazy bitfield, along with forced encrypted transport(RC4) and using cryptoport to prevent plain incoming connection attempts. Others out there might want to give it a try.
reply
anon @ 22nd Aug 06:57PM:Re: Comcast is using Sandvine to manage P2P ConnectionsMy personal favorite article in the comcast TOS is number 4:
(summarized) "We can do whatever the hell we want to your service and if you don't like it, vote with your dollars. Otherwise, tough shit."
Seriously... I have no problem with the changing the service to our benefit. But to restrict it and allow us to do less with our connections is ridiculous. In the long run it may provide faster speeds for all, but never once has comcast given me the full 6 mbps down / 3 up I pay for. Does anyone honestly believe that comcast
wants to deliver their advertised speeds? Think about it... a car company doesn't get to remove a cylinder from all the engines of cars they've sold just because some people are speeding. What right does that give comcast to change the product that we've payed for?
reply
NormanS @ 22nd Aug 07:24PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by teeray :
But to restrict it and allow us to do less with our connections is ridiculous.
Your connection? Did you get title from Comcast transferring their IP address to you? You don't own your Internet connection, you rent it from Comcast (as do I rent my connection from AT&T).
Think about it... a car company doesn't get to remove a cylinder from all the engines of cars they've sold just because some people are speeding. What right does that give comcast to change the product that we've payed for?
I have thought about it. I don't like car analogies, and this one isn't any better than any of the others. Comcast does have a responsibility, as do all ISPs, to manage their networks in a manner which minimizes the adverse impact of some one user on the whole network.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
anon @ 22nd Aug 08:04PM:Re: Comcast is using Sandvine to manage P2P ConnectionsNorman, his analogy may be bad, but he does have a point about Comcast (and probably most other cable providers) never providing what they promise. And by that, I mean, I've never hit the max download rate on Cable. Comcast can change the cap to 100 million TeraBYTES/second down, and in the end, it's just marketing weanies trying to get people to switch. I still find that the tend to top out at 2mb/s....maybe I'll hit 3 mb/s (rarely) for a second or 2.
IMO, they should be forced to provide MINIMUM rates. At least then we'd get something meaningful to go along with the marketing BS.
FWIW, I'm finding that a large percentage of the time my seeds are at 0%. Though right now, I'm shockingly getting 30KB/s....I'm sure they'll reset everything soon enough.
reply
NormanS @ 22nd Aug 08:21PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by KC At Bat :
Norman, his analogy may be bad, but he does have a point about Comcast (and probably most other cable providers) never providing what they promise. And by that, I mean, I've never hit the max download rate on Cable.
At least one Comcast user (in Hercules, California) has shown that he routinely hits his maximum advertised speed.
Now I have seen downloads which don't max my DSL connections speed; but I have also seen downloads which do. There are a number of variables outside of the control of the ISP which impact speed. I am currently running two BT downloads. One has finished downloading, but my share ratio is under 1.0 (currently showing 0.768), so I am letting it continue to seed. At near the maxi of my upload. The other is downloading slower than my max (it is currently hovering between 2KBps and 4KBps), but there are only 4 peers, and they are all residential connection; probably with asymmetric down/up speeds, and I could well be pulling the maximum that they are allowing (some people voluntarily throttle their upload to avoid bandwidth saturation).
I am disinclined to believe that you can't hit your Comcast maximum due to anything other than their use of Sandvine, or technical faults in your connection which should be addressed by a truck roll.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
funchords @ 22nd Aug 08:52PM:Re: Comcast is using Sandvine to manage P2P Connections quote:
I am disinclined to believe that you can't hit your Comcast maximum due to anything other than their use of Sandvine, or technical faults in your connection which should be addressed by a truck roll.
Based on my experience alone, I would be agreeing with you, here. My results today and yesterday are pretty similar to the results I had back in May when I started this Topic.
But something has happened, 3-4 weeks ago or so, that has affected a large number of other customers who now cannot seed at all. I've heard from quite a few of them due to the publicity over the past weekend.
Something is broken or mal-adjusted in their system (which they don't acknowledge having).
reply
funchords @ 22nd Aug 09:35PM:Re: Comcast is using Sandvine to manage P2P Connections ... Messages from another Topic ... from February '06 ... from the Adelphia forum ...
»
[Connectivity] Adephia Blocking P2P Packetssaid by pupurin :
quote:
Adelphia seems to be blocking bittorrent seeding. Regular bittorrent is fine, but when you complete/switch to seeding, the new incoming connections are forced close. Guess they're sniffing packets and seeing the file is completed header and then dropping.
...
Regular BT works fine, but they are blocking seeding. Most people wouldn't notice it in big torrent of like 100+ people, but on small 20 peer torrents, you notice peers drop out and not coming back. That's why your upload suffers because you have no one to connect to.
...
Jig try to seed a torrent from cold. By that I mean close your client, wait a couple of seconds, start it back up again to seed one torrent. You'll see that new peers will connect to you for a second and then get dropped.
Here's a quote from another user:
said by MikeMyers :
quote:
I have the same problem, uploads only, started about a week ago, and I'm in Southern California too. I seed Limewire all day and I hardly get any uploads any more. Yesterday in three hours I had 3 uploads. It should be more like 3 per minute based on previous results (these are small files, less than 200kb each). I get many connects, but most get dropped. I changed nothing on my system either, it just suddenly slowed drastically.
In uTorrent, I just tried seeding a poplular file from a cold start and that seems to be a problem too. On my system I've confirmed this problem with Limewire, uTorrent, BDCC, and Kazaa Lite Resurrection.
Sounds rather familiar!
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
alalper @ 22nd Aug 09:38PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :
Something is broken or mal-adjusted in their system (which they don't acknowledge having).
I don't really understand all this but, I'll offer one remote possibility. . . Maybe something from windows update (I don't update my torrent machine very often) changed the half-open connections and the system needs patching again? :uhh: I've got no problem here. :)
reply
war59312 @ 23rd Aug 02:25AM:Re: Comcast is using Sandvine to manage P2P ConnectionsMy firewall has started to pick up things like this but only when using bittorrent:
quote:
Date/Time :2007-08-23 02:16:27
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: 74.117.12.207:6881
Destination: XXX.XXX.XXX.XXX:2882
Reason: ACK FIN RST is an invalid TCP flag combination
Date/Time :2007-08-23 02:16:02
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: 189.11.46.22:6881
Destination: XXX.XXX.XXX.XXX:2846
Reason: ACK FIN RST is an invalid TCP flag combination
Date/Time :2007-08-23 02:15:47
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: 74.117.12.207:6881
Destination: XXX.XXX.XXX.XXX:2830
Reason: ACK FIN RST is an invalid TCP flag combination
Basically sending these RST packets less than every 30 seconds. Not sure if this is the same thing atm...
reply
funchords @ 23rd Aug 05:07AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by alalper :
Maybe something from windows update (I don't update my torrent machine very often) changed the half-open connections and the system needs patching again?
That's good thinking, except that the TCP half-open limit doesn't fail in that manner. Also, the results would be the same whether or not encryption was in use, and whether or not a VPN was in use.
reply
anon @ 23rd Aug 06:30AM:Re: Comcast is using Sandvine to manage P2P Connections Torrents are uploading this morning for the first time in weeks.I don't know what that means and I'll leave it to greater minds to speculate upon what it means.
What was not happening yesterday happens today.Comcast giveth..blah blah
reply
dfxmatt @ 23rd Aug 06:35PM:Re: Comcast is using Sandvine to manage P2P Connectionstime for a test of a seed off a previously downloaded document again....1minute to scrape, wireshark will be running.
same thing happens as before. Reset after reset after reset.
So....hmmm...and I have it on "encrypt when available" etc
reply
funchords @ 23rd Aug 07:27PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI just ran a test and found something interesting. When looking at the injected RST packets, check out the TTL!
During my test, I had 18 injected RSTs (not counting duplicates, since there are usually two). What was interesting is that
they all had a TTL of 123 -- a TTL that was several hops away either me or my peer! The perfect forgery is not so perfect!
So, let's find out what lives at TTL=123 (TTL is decremented before the facing side of each hop)
Now "123" is not a magic number. That means that I'm 5 (128 - 5 = 123) hops away from the device that is interfering with me.
I'm not sure this information is useful, but it sure is interesting!
Edit: Another user forwarded his Wireshark capture to me. The TTL phenomena doesn't hold true for him, unfortunately.--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
jig @ 23rd Aug 08:27PM:Re: Comcast is using Sandvine to manage P2P Connectionsit means you have something to filter against rather than just all rst packets
reply
anon @ 23rd Aug 09:31PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :said by DrCable :
well of course because those peers fully expect you to reply but you are not going to since you dropping the packet out right.
don't drop/deny the packet. un set the RST flag or find a way to ignore the RST flag so you can use the data in that packet to connect to that peer so they know you are there and will send you data.
You might be absolutely right about that. I haven't tried that approach.
(PS: I think this exercise is entertaining, but ultimately the solution is to get Comcast to implement this correctly AND support it, or remove it altogether.)
i totally agree.
IMHO comcast should simply just let a customer do whatever until they reach a monthly max Gig limit. I do see comcast's side of things so I'm ok with monthly total bandwidth usage limit. I'm just not ok with comcast telling me how i can or can not use my bandwidth (within reason of course) prior to reaching that limit.
reply
anon @ 23rd Aug 11:39PM:Re: Comcast is using Sandvine to manage P2P ConnectionsInteresting that in TTL=123 (12.118.177.49) is an ATT Ip Adress. "AT&T WorldNet Services ATT". Isn't Comcast and ATT merged as far as the net? Funchords how did you see that your RST packets had a TTL of 123, i have wireshark installed.
reply
NormanS @ 24th Aug 12:29AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Kandango :
Interesting that in TTL=123 (12.118.177.49) is an ATT Ip Adress. "AT&T WorldNet Services ATT". Isn't Comcast and ATT merged as far as the net? Funchords how did you see that your RST packets had a TTL of 123, i have wireshark installed.
AT&T Worldnet Services is not the same thing as the old AT&T Broadband Internet. ATTBI was spun off from the AT&T mothership, and became Comcast[1]. But AT&T Worldnet Services was part of the old AT&T, and remained independent of Comcast. In fact, AT&T Worldnet Services was part of the AT&T which was bought by SBC in 2006; and is currently still called AT&T.
[1] Somewhere I got the idea that ATTBI bought Comcast.
»
www.corp.att.com/news/2002/11/18-11087--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
war59312 @ 24th Aug 12:49AM:Re: Comcast is using Sandvine to manage P2P Connectionsnever mind
reply
funchords @ 24th Aug 02:42PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Kandango :
Funchords how did you see that your RST packets had a TTL of 123, i have wireshark installed.
Expand the "IP" section (above the TCP section), the TTL appears there.
reply
funchords @ 24th Aug 02:49PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Kandango :
Interesting that in TTL=123 (12.118.177.49) is an ATT Ip Adress. "AT&T WorldNet Services ATT".
That's not necessarily where the box is, but it could be.
If it's not a router, it shouldn't decrement TTL. So TTL=123 includes the non-facing side of the router with a TTL=124, the facing side of the router with a TTL=123, and anything in between.
As a practical matter, it also includes any added technology at either router, such as a
Sandvine P2P Policy Management (PPE 8200).--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
elvey @ 24th Aug 04:03PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Bomper :
Torrents are uploading this morning for the first time in weeks.
Not here. 0 bps.
reply
Nougat @ 24th Aug 04:23PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI may have found something. I applied QoS to the port I'm using for bittorrent - and hey, look, I can upload again, for the first time in a week.
»
digg.com/software/Possible_solut···rottlingMy theory is that if they're prioritizing their voice traffic, then they're not pumping QoS traffic through Sandvine because that would screw it up.
reply
anon @ 24th Aug 05:34PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by elvey :said by Bomper :
Torrents are uploading this morning for the first time in weeks.
Not here. 0 bps.
They stopped again this morning.The same torrents that were uploading yesterday stopped.
reply
funchords @ 24th Aug 07:55PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI found a patent application by Sandvine where they describe a proxy server between a network segment and the Internet.
Of extreme interest is the handling of the judgment of the Application Analysis device -- it is described on Page 19 of the PDF and shown on Page 4 of the PDF.
said by Sandvine Patent Application 20040006643-TCP proxy providing application layer modifications :
[0097] State machine 100 will on occasion need to generate segments, for example when:
•[0098] a) sending ACK segments to the sender to force the sender's rapid re-transmit algorithm to activate;
•[0099] b) sending ACK segments to the sender when entire segments are deleted by application layer analysis module 104; and
•[0100] c) sending RST segments in both directions when the flow is forcibly terminated by application layer analysis module 104.
[0101] This generation of segments is handled by segment generation module 106.
That describes exactly what I'm seeing!
The entire application makes great reading, but it's quite technical. It's literally a Master Class on how to successfully perform a man-in-the-middle attack -- not just using RST to tear down connections.
It describes how to replace original data and forge the packets, checksums, fragmentation, ACKs, Sequence Numbers, and etcetera to make the replacement undetectable by the two peers that are exchanging the data!Attached is a PDF, with my comments on Pages 4 and 19 (I really had trouble with the images US Patent Office's site -
click HERE), so I made the PDF.
[att=1]
I'm feeling pretty vindicated right now. Someone in Comcast's PR department needs to get an education on what's really in their network!
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
alucard_x @ 24th Aug 08:24PM:Re: Comcast is using Sandvine to manage P2P Connectionsinteresting find.. perhaps we have enough pieces to figure out a solution.
reply
EG @ 24th Aug 08:58PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI have been following this thread from the beginning, and although I'm not affected by this (yet ?), but for what it is worth, I felt that I had to say that have really done your homework Mr. Funchords !
I've have found this thread to be very interesting reading and I'm certain that you have opened many eyes and enlightened many readers, and for that you deserve an
A+ :)
reply
macguy @ 24th Aug 10:30PM:Re: How to test how many connections are being reset by RST packAnyway I could test this in the os X terminal? I tried, but entering netstat -s find "rest connections" didn't give me any data that said anything about active opens or passive opens or anything else that your post said to look for.
reply
funchords @ 24th Aug 11:35PM:Re: How to test how many connections are being reset by RST packsaid by macguy :
Anyway I could test this in the os X terminal? I tried, but entering netstat -s find "rest connections" didn't give me any data that said anything about active opens or passive opens or anything else that your post said to look for.
Try
netstat -s | grep "connection resets received"If that doesn't work, it's because I got the string "connection resets received" wrong. Just do a
netstat -s and look for something like:
Tcp:
79600 active connections openings
35524 passive connection openings
12573 failed connection attempts
5257 connection resets received
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
NormanS @ 24th Aug 11:44PM:Re: How to test how many connections are being reset by RST packTwo torrents running. AT&T is not (AFAIK) running Sandvine (or Ellacoya):
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
funchords @ 25th Aug 12:00AM:Re: How to test how many connections are being reset by RST packThose are some really, really, really strange numbers. :o
You've had 1,737,538 successful connections.
3% Incoming, 97% Outgoing
95% were terminated by the RST flag (instead of FIN).
What the heck are you doing that makes 1.7 million outgoing connection attempts? How many years since the last reboot? :p
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
NormanS @ 25th Aug 02:06AM:Re: How to test how many connections are being reset by RST packAnime fansub "H2" has been running for the last 38 hrs., 10 mins. Only 67.3% complete. Connected to 22 peers, 4 seeds. Running at 23KBps down.
Anime fansub "Zombie Loan" is complete, but share ratio is at .886. Took 1 hr., 13 mins. to download 171.49 MBytes. Currently connected to 33 peers.
In that same 38 hour period I have downloaded probably 6, or 7 other shows at ~171MBytes each. Two, or three completed in under 20 minutes.
The box was rebooted some time before I started downloading "H2", which is a 41 episode series; 9,488.64 MBytes for the whole shebang.
The combined upload is roughly 43KBps; which, I think, is about right for a 512kbps DSL upload (512*.85/8?) The SpeedStream 4100 reportedly has a built-in QoS priority for outbound ACK packets, so saturating the upload has minimal impact on download.
I have no idea why so many resets.
Not counting stuff happening on the LAN, of course. A mail server running on another computer, with twice daily access from this one. Web surfing. Email testing to off-site servers for helping poster in Usenet groups. Downloading Usenet headers...
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
war59312 @ 25th Aug 03:24PM:Re: Comcast is using Sandvine to manage P2P ConnectionsThere is an odd bug in the script by the way...
quote:
results will begin to be reported shortly,
please wait or use Ctrl-c to quit...
0:10 - 0 out of -10 connections reset (0%) [Ctrl-c quit]
0:20 - 0 out of -5 connections reset (0%) [Ctrl-c quit]
Divide by zero error.
0:30 - 1 out of 0 connections reset (0%) [Ctrl-c quit]
0:40 - 1 out of 1 connections reset (100%) [Ctrl-c quit]
0:50 - 1 out of 27 connections reset (3%) [Ctrl-c quit]
1:00 - 1 out of 42 connections reset (2%) [Ctrl-c quit]
1:10 - 1 out of 72 connections reset (1%) [Ctrl-c quit]
1:20 - 1 out of 76 connections reset (1%) [Ctrl-c quit]
1:30 - 2 out of 84 connections reset (2%) [Ctrl-c quit]
1:40 - 4 out of 90 connections reset (4%) [Ctrl-c quit]
1:50 - 4 out of 91 connections reset (4%) [Ctrl-c quit]
2:00 - 4 out of 96 connections reset (4%) [Ctrl-c quit]
2:10 - 4 out of 99 connections reset (4%) [Ctrl-c quit]
2:20 - 5 out of 109 connections reset (4%) [Ctrl-c quit]
2:30 - 6 out of 107 connections reset (5%) [Ctrl-c quit]
--
GOD BLESS THE U.S.Areply
funchords @ 25th Aug 03:37PM:Re: Comcast is using Sandvine to manage P2P ConnectionsYep, it happens if you start the script while the system has half-open connections. Ugly but harmless.
reply
anon @ 25th Aug 05:07PM:Re: Comcast is using Sandvine to manage P2P ConnectionsWhat is unfortunate here is that we agreed to the TOS.
Whether or not the changing/forging of packets is ethical or not is like beauty (in the eye of beholder).
What would be nice however, is the truth from Comcast.
I doubt that will happen.
reply
anon @ 26th Aug 09:49AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI have a quick question: I recently downloaded WoW (which uses bittorrent), and my upload speeds were fine. In fact, they were very good. Is this considered seeding? Or does the disconnecting happen once you have finished downloading a torrent and continue to share it?
reply
funchords @ 26th Aug 01:01PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Jforsyth :
I have a quick question: I recently downloaded WoW (which uses bittorrent), and my upload speeds were fine. In fact, they were very good. Is this considered seeding?
Not for the purposes of this Topic. When I talk about seeding or uploading in this topic, I'm talking about sending the payload data in an outbound direction only.
said by Jforsyth :
Or does the disconnecting happen once you have finished downloading a torrent and continue to share it?
Yes, you've got it.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
anon @ 26th Aug 07:37PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :said by Jforsyth :
I have a quick question: I recently downloaded WoW (which uses bittorrent), and my upload speeds were fine. In fact, they were very good. Is this considered seeding?
Not for the purposes of this Topic. When I talk about seeding or uploading in this topic, I'm talking about sending the payload data in an outbound direction only.
said by Jforsyth :
Or does the disconnecting happen once you have finished downloading a torrent and continue to share it?
Yes, you've got it.
yeah seeding only is totally hosed. I can't get any UL on a huge peer rich torrent in todays testing when i seed only. I can't stay connect to ANY peers. deny RST like I figured didn't help since you need that data in that packet to connect to peers.
Anyway, the sabotaged packet has to have the correct source port, destination port, sequence Number etc... else your firewall would think it was under a spoofing type tcp reset attack. Basically that info needs to be correct else you would just drop that packet anyway. i.e. it has to look like the other computer TOLD/SENT a legit reset packet. It also appears 2 RST's are sent because the first might be missed since it is cached and delayed on most systems and the second forces it to be looked at immediately and also higher % of it not being missed completely which does happen if a legit back and forth comes in quickly enough before the RST is seen at which time the rst will be dropped.
So i guess I'm stuck reforging packets.
(one problem though is comcast appears to be sending the RST to both sides, so both sides would need to reforge. This IMHO crossing the line if comcast is sending RST to users outside their own network. We need to set up a small test torrent with a couple people on comcast and couple not and all sniff packets to see if RST are for sure being sent outside of comcast.net)
Comcast is so penny wise, pound foolish. sigh...
reply
ztmike @ 27th Aug 03:31PM:Re: Comcast is using Sandvine to manage P2P ConnectionsStill seeding at my max upload....a whopping 35.00 ;)
Feels like im still living in 1999 with that upload speed..
Note* I set my upload to 384, instead of maxing out my hole upload speed, so i can still surf the interwebs.
reply
funchords @ 27th Aug 03:40PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by ztmike :
Still seeding at my max upload....a whopping 35.00 ;)
The issue that I'm reporting is noted when only uploading. Try this again after you are 100% complete with your download.
Note: I can also reach 100% of my desired speed, it just takes more time. Watch the peer list and see how often users arrive just to drop off a few seconds later.
said by ztmike :
Feels like im still living in 1999 with that upload speed..
Note* I set my upload to 384, instead of maxing out my whole upload speed, so i can still surf the interwebs.
You're smarter than the average bear!
uTorrent's forum has a whole section for people who can't figure that out. They ignore the SpeedGuide and set upload HIGHER than their subscribed upload speed, and then wonder why they can't surf!
Makes me want to give some users a fire hose and say, "Hey, suck on this!"
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
NormanS @ 27th Aug 04:36PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :
You're smarter than the average bear!
uTorrent's forum has a whole section for people who can't figure that out. They ignore the SpeedGuide and set upload HIGHER than their subscribed upload speed, and then wonder why they can't surf!
Makes me want to give some users a fire hose and say, "Hey, suck on this!"
When I was using a Westell WireSpeed B90-36R516 DSL modem (dumb bridge), I had to throttle my upload to around 66% of rated capacity to avoid saturation related surfing problems.
When I changed to a SpeedStream 4100 DSL modem (routed device), I had left it at that level until I encountered a post describing how the SS4100 automatically prioritized outbound ACK packets. So I relented, and set the upload to the maximum. Surfing is no problem with a saturated BT upload.
If you have QoS capability on the modem, I guess you don't have to worry about upload saturation.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
ztmike @ 27th Aug 05:32PM:Re: Comcast is using Sandvine to manage P2P Connections.
reply
modemslayer @ 27th Aug 08:48PM:Re: Comcast is using Sandvine to manage P2P Connections...so if everyone just ran everything through a third party PPTP tunnel, what could any ISP do? No traffic shaping, no blocked outbound ports, no "deep packet inspection". You might lose some of the benefits of QoS, but all in all, it sounds like the perfect solution!
I'm not a TCP/IP guru (although TCP/IP Illustrated sits on my shelf) but methinks that ISPs will rue the day when everyone is running a VPN.
Which leads me to my next point. Why shouldn't I just be able to pay comcast ten bucks a month extra to bypass that sandvine box? It makes sense since it's possible to subvert it by other means.
reply
hobgoblin @ 27th Aug 08:56PM:Re: Comcast is using Sandvine to manage P2P Connections"Which leads me to my next point. Why shouldn't I just be able to pay comcast ten bucks a month extra to bypass that sandvine box? It makes sense since it's possible to subvert it by other means."
Or pay by the Gig for every Gig uploaded or downloaded over say 75?
That would be better.
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
modemslayer @ 27th Aug 09:42PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by hobgoblin :
"Which leads me to my next point. Why shouldn't I just be able to pay comcast ten bucks a month extra to bypass that sandvine box? It makes sense since it's possible to subvert it by other means."
Or pay by the Gig for every Gig uploaded or downloaded over say 75?
That would be better.
Hob
If they do away with traffic shaping? I'd go for that, and it would be a good solution to those invisible caps too. There's so many things that ISPs could be doing. Since it usually comes down to money, I should be able to pay for value added services such as "de-throttled" access, detailed usage reports, on-demand metered bandwidth, etc.
Certainly I don't think the current model of "let's pretend you have unlimited, unfettered internet access" is working. There's lots of different usage paradigms people have, so lets see subscription plans that reflect that.
reply
funchords @ 27th Aug 10:00PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by modemslayer :
...so if everyone just ran everything through a third party PPTP tunnel, what could any ISP do?
The users of rogers.ca have some experience with this. They found that VPNs were throttled, for a while at least.
Rogers this week decided to shape all encrypted traffic, preventing any encrypted transfers from reaching optimal speed, in short, crippling anything you are trying to do online that is secure, illegal or not. -- http://www.jamieplucinski.com/blog/?p=64
The answer is not more "cat-and-mouse," either by the P2P community or the ISPs.
Many of us use traffic-shaping in our homes, or we pause our file transfers so we can play an online game or watch a You Tube video without too much trouble.
It shouldn't surprise anyone that our ISP manages their bandwidth in a similar way. As I've said many times, I don't mind that fact. But it does need to be supported, and since Comcast doesn't even admit it, they certainly cannot support it.
said by modemslayer :
Why shouldn't I just be able to pay comcast ten bucks a month extra to bypass that sandvine box? It makes sense since it's possible to subvert it by other means.
That's actually the problem we're having, now. We subscribed to Cable Internet because it's faster! Many of us could pay our telephone companies half of what we're paying now for "slower" DSL.
But is Comcast really faster? Consider this...
With Comcast, I get 8 Mbps down, but if 4 others in my neighborhood also start downloading at that rate -- the bandwidth for the entire neighborhood is tapped out. From that point on, everything else slows down. Each node on Cable Internet -- 100 to 200 residences each -- divides 38 Mbps between them.
Now, my telco's Central Office probably serves 10,000-20,000 residences -- 100x more. If 5 -- or 500 -- of us start downloading at our maximum, perhaps nobody suffers. As long as the telco can get the additional bandwidth at the CO, it's quite a bit easier for the telco to deal with bandwidth demands and adjust to deliver on them than it is for CATV. With CATV, the physical ceiling is rather low.
On an individual basis, it's a lot easier for a individual DSL subscriber to "max out" his line than it is for a cable subscriber. But on a neighborhood basis, it's a lot easier to "max-out" cable.
reply
hobgoblin @ 27th Aug 10:00PM:Re: Comcast is using Sandvine to manage P2P Connections"Since it usually comes down to money, I should be able to pay for value added services such as "de-throttled" access, detailed usage reports, on-demand metered bandwidth, etc."
Don't mistake what you and the members of this forum want with what is commercially viable.
Most people don't care about packet filtering, caps, BT and everything else this forum whines about.
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
anon @ 27th Aug 10:11PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by hobgoblin :
"Which leads me to my next point. Why shouldn't I just be able to pay comcast ten bucks a month extra to bypass that sandvine box? It makes sense since it's possible to subvert it by other means."
Or pay by the Gig for every Gig uploaded or downloaded over say 75?
That would be better.
Hob
Wow. When users are begging for per-byte billing, you know the isps are onto something.
reply
hobgoblin @ 27th Aug 10:15PM:Re: Comcast is using Sandvine to manage P2P Connections"Wow. When users are begging for per-byte billing, you know the isps are onto something."
If the average customer understood what per byte billing was, they would all love it.
The Hogs would hate it....so would would this forum...and everyone in here would think it was the norm.
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
Movieman420 @ 28th Aug 06:42PM:Re: Comcast is using Sandvine to manage P2P ConnectionsUp until today I couldn't seed crap after completing a d/l. Today I am seeding (not quite as fast as usual) but..seeding nonetheless. Maybe CC is trying to tweak things for the better. (And no...my only peers aren't comcast too..lol).
I'd rather use a vpn. D/led Hamachi, set it up..is shows as a working network. But I'm a noob to networking...anyone know how to force uTorrent or Azureus to use the vpn and not my standard connection? Thanx...Mm
reply
anon @ 29th Aug 02:28AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by ztmike :
.
ZTMIKE close the app wait 10 minutes then re open it and seed fresh. if you just cross over you will have a lot of peer data cached and will still be able to connect some peers.
(at least this is what I see here)
Also not ALL comcast net is being stopped. Though it will be as they add more and more black boxes at main router choke points. :)
reply
anon @ 29th Aug 02:52AM:Re: Comcast is using Sandvine to manage P2P ConnectionsJust a note about that script of yours - it won't work on a PC with IPv6 installed. The FOR loops return IPv4 stats first (the number you want) followed by the IPv6 number (almost always 0) ... this then gives the repeated 'Divide by Zero' and '0 of 0 connections' messages. It has been tested and repeatable on my home PC.
Is there a way to tell a FOR loop to return only the first match? Or perhaps telling Find to only return the first one?
EDIT: Seems that it is easier than that. "Find all lines containing 'Active Opens' and not containing '= 0' ... example here:
FOR /F "usebackq tokens=2 delims==" %%i IN (`netstat -s ^| find "Active Opens"
^| find /V "= 0"`) DO set /A CESTABL1=%%i
reply
anon @ 29th Aug 03:00AM:Re: Comcast is using Sandvine to manage P2P ConnectionsFull modified script below - no lost functionality AFAICT.
The poster that was having the repeated Divide 0 erorrs earlier might want to try this one.
Enjoy. :)
reply
anon @ 29th Aug 03:02AM:Re: Comcast is using Sandvine to manage P2P Connections(Apologies for the triple post - can't seem to edit anon posts. This post is so I can set a watch on the topic)
reply
anon @ 29th Aug 03:04AM:Re: Comcast is using Sandvine to manage P2P ConnectionsThis Comcast (sandvine) throttling is starting to cross the line. If I pay for my 6mbps internet I should be able to use it for anything I want. None of this throttling junk or anything. Instead of spending money on Sandvine hardware maybe they should spend money on IMPROVING INFASTRUCTURE! To make it worse they don't even inform customers of it and install it invisibly.
Oh and @Jye this is true and can i get a revised script that will work in Vista with IPv6 enabled. The script is returning to me Divide by Zero error every time even though I keep getting more RST connections
Support Net Neutrality and the
EFF!!
reply
Diaboyos @ 29th Aug 03:50AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Kelex :
This Comcast (sandvine) throttling is starting to cross the line. If I pay for my 6mbps internet I should be able to use it for anything I want. None of this throttling junk or anything. Instead of spending money on Sandvine hardware maybe they should spend money on IMPROVING INFASTRUCTURE! To make it worse they don't even inform customers of it and install it invisibly.
That's exactly how I feel. I pay for the 8mbps line to have a faster upload speed since I use BitTorrent to help distribute my work (photographer). I created and own the files I am uploading. Comcast's restricting my legal right to distribute my work where I want after I have paid them for the bandwidth to do so is not only wrong, it should be illegal.
I could see if there were nothing but illegal files shared on the BT network but that's not the case. There are many individuals and businesses that use the BT network for completely LEGAL reasons (myself included) and for them to be denied accessibility is beyond wrong. They need to specify concrete caps, no more invisible caps that you're unaware of until you cross them, and if they're so concerned with bandwidth consumption then target the users that use the most and not blanket the entire BT network with this ludicrous Sandvine method.
Comcast needs to provide the bandwidth they quoted upon sign-up and nothing else. We need Net Neutrality NOW.
reply
anon @ 29th Aug 04:23AM:Re: Comcast is using Sandvine to manage P2P Connectionsthanks for the bat script Jye!
We need net neutrality bad... I live in Utah and I've sent multiple letters to my congressman and senators and I hope that soon we can see a breaking point so we will not be stuck between this stalemate of government/ISP/Consumer.
reply
anon @ 29th Aug 04:39AM:Re: Comcast is using Sandvine to manage P2P Connections
I activated all my torrents and this should be enough proof to show that sandvine is enabled and working the Utah region.
reply
Cabal @ 29th Aug 07:09AM:Re: Comcast is using Sandvine to manage P2P ConnectionsThis has nothing to do with net neutrality. Net neutrality doesn't mean unmanaged, unQoS'd bandwidth everywhere, which will never happen when paying to use someone else's network. Please don't use the term incorrectly, doing so dilutes its importance.
--
Anonymous posts are ignored. If you wish to be heard, speak for yourself.
Interested in open source engine management for your Subaru?reply
alucard_x @ 29th Aug 10:13AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Jye :
Full modified script below - no lost functionality AFAICT.
The poster that was having the repeated Divide 0 erorrs earlier might want to try this one.
Enjoy. :)
thanks, this is exactly the problem, though i haven't tested yet.
I knew it was something with IPv6 since that table reports another Reset connection entries and was throwing the script off. Just haven't had time to get in this forum.
On another note, by going into uTorrent and changing Encryption to Forced (allow legacy connections still checked) I'm able to keep an upload going on *some* torrents. It's not a full solution, but it has helped on a few torrents so I can keep my ratio up if I get lucky and it works on that torrent.
I'm not sure how the feature works, I believe when it's on Forced the other end has to support it or have it enabled as well.
reply
NormanS @ 29th Aug 10:16AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Diaboyos :said by Kelex :
This Comcast (sandvine) throttling is starting to cross the line. If I pay for my 6mbps internet I should be able to use it for anything I want...
That's exactly how I feel...
I hate to rain on your parade, but you don't own your Internet connection, you rent it from Comcast. As with any rental, you use it within the limitations set by the owner; which, in this case, is Comcast.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
NormanS @ 29th Aug 10:21AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Kelex :
We need net neutrality bad... I live in Utah and I've sent multiple letters to my congressman and senators and I hope that soon we can see a breaking point so we will not be stuck between this stalemate of government/ISP/Consumer.
Be careful what you wish for...
I really don't think that you want "Net Neutrality". Such would play havoc with tiered service. What you want is tiered service, where advanced uses can pay "per GB" down/uploaded. You want to down/upload more GB, you pay more money. Comcast uses the additional revenue to add network capacity to support the additional traffic.
Either that, or tax you to high heaven; let the government take your money straight from your paycheck to buy the additional capacity. Nice for the handful of you who uses lots of bandwidth; but for the rest of us who don't, a pain in the pocket book.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
funchords @ 29th Aug 11:16AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Kelex :
This Comcast (sandvine) throttling is starting to cross the line. If I pay for my 6mbps internet I should be able to use it for anything I want.
You pay for the ability to reach 6 Mbps, and that's realistic when you're downloading a few songs off of a website. But the reality is that you are sharing the network with your neighbors -- 38 Mbps, in fact. So if 6-7 of your neighbors simultaneously start to download from sources that can top-out your speed,
then the whole neighborhood will slow down. It's just like turning on all the faucets and flushing all the toilets reduces the water pressure and suddenly changes the temperature of your shower.
It's not the customer's fault for misunderstanding this. Comcast does not make this clear except in the mouseprint of AUPs and TOSs that they know nobody reads.
Sharing the bandwidth is a reality everywhere, to some degree -- the entire internet is a shared service. There is a maximum capacity to any gateway, and everyone behind that gateway shares it.
said by Kelex :
Instead of spending money on Sandvine hardware maybe they should spend money on IMPROVING INFASTRUCTURE!
In some cases, yes, spending money can help.
1. Comcast needs to stop the perception that people are buying bandwidth to download at 6 Mbps or upload at 350 Kbps full-time. They only make it clear if you break their invisible caps.
2. Comcast needs to build its network so that the demands of a wide array of customers is met. AFAICT, they're doing this. Sandvine is not an evil tool, but...
said by Kelex :
To make it worse they don't even inform customers of it and install it invisibly.
... that's exactly the problem.
Comcast: Tell us what it does, where it does it, and how to get support if it's screwing up the system. reply
funchords @ 29th Aug 11:19AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Jye :
Just a note about that script of yours - it won't work on a PC with IPv6 installed.
::: FOREHEAD SLAP :::
Thanks, Jye! That's excellent!
reply
hobgoblin @ 29th Aug 11:20AM:Re: Comcast is using Sandvine to manage P2P Connections"... that's exactly the problem. Comcast: Tell us what it does, where it does it, and how to get support if it's screwing up the system. "
I see your point.
Your an intelligent man,
HOW would you write the informational document for the customer base that EVERYONE would understand and not get the wrong idea.
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
funchords @ 29th Aug 11:29AM:UPDATE Re Comcast is using Sandvine to manage P2P ConnectionJust an update -- it's been 3 months since my original post, which I tried to make as accurately as possible. Naturally, I've learned a few things since then.
HOWEVER --
please still see the first post and my commentary that follows it. All the proof is here, and it is easily testable and reproducible -- that it is happening is non-disputable. Unless my testing is somehow flawed,
These are facts.
However, you will have to decide for yourself whether it is done in an acceptable way or at an acceptable level.
Those issues are opinions.
Here are some developments, just in case you haven't been keeping up with the thread...What is working for me:
•Encrypted tunnels to a point outside the Comcast network (VPN, SSH tunnel, etc.)
•Forcing encryption (works for me, but not for many others who have tried it)
•When downloading, make sure that the user has met his uploading goal by the time that the download completes. The easiest way to accomplish this is to set a download rate slower than the uploading rate.
•Tolerating the up to 40% rate RSTs when using BitTorrent to upload a file and not forcing encryption. Even at that seemingly high rate, I can still reach my preferred 16 KB/s (256 Kbps) upload limit.
What is not working for me:
•Setting your firewall to drop RST packets. Since the RST is confirmed to be sent in both directions, ignoring the RST on only one side creates a useless half-open connection.
•Lazy Bitfield
•Reporting the issue to Technical Support
•Gnutella uploads -- almost always blocked (nearly 100%).
•Tolerating RSTs when using ED2K to share files. Although some uploads go through, way too many fail. Additionally, the ED2K anti-abuse routines in most clients will ban users who accept requests and then later fail to upload when a request is made for parts of files that I have. This means that I cannot download from them, and they are holding parts I need of these same files. The ED2K implementation of Sandvine at Comcast is very broken!
Significant reports I've read but can't confirm:
•Seeding is "impossible" -- numerous reports, it just doesn't happen to me.
•Forced Encryption does not help in many reported cases.
•Cannot upload 2 GB of data without a reset, using FTP or Lotus Notes -- I haven't tried it.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
ztmike @ 29th Aug 01:51PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI thought All Comcast upload speeds were at 384 for their lowest offering, how is it that you have (256 kbps) 16 KB/s ?
To the person that said to quit utorrent and restart the program and to seed...i did and it still uploaded at my max. (See 2nd picture.)
reply
funchords @ 29th Aug 02:25PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by ztmike :
I thought All Comcast upload speeds were at 384 for their lowest offering, how is it that you have (256 kbps) 16 KB/s ?
256 KB/s is my preferred max -- my setting for "Upload Limit" on my BitTorrent client. I have 768 KB/s up (more or less, depending on the test), some of that I also use for eMule but the majority of it I leave free for me and my housemates.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
anon @ 29th Aug 03:38PM:Re: Comcast is using Sandvine to manage P2P ConnectionsDoes Verizon cap any bittorrent or throttle it in any way on their FIOS lines? If not, as soon as that gets to town I'm jumping the 'pirate' ship comcast is and adding to my cell plan a FIOS plan.
reply
anon @ 29th Aug 03:50PM:Re: UPDATE Re Comcast is using Sandvine to manage P2P ConnectionForced encryption is working better than leaving it off but its still not the same as before. Harder to keep my ratios up on private trackers now. I usually get to around 40% RST connections when using the .bat file also.
Going to test on the p2p application that pushes patches through on World of Warcraft next time a big patch comes out and see what kind of outcome it has in store.
reply
ztmike @ 29th Aug 04:12PM:Re: Comcast is using Sandvine to manage P2P ConnectionsFIOS doesnt cap your speeds, or no caps on how much you can send/receive
You could seed till you bleed on fios or hell even Cablevision internet with Boost.
reply
Battousai1 @ 29th Aug 04:15PM:Re: Comcast is using Sandvine to manage P2P ConnectionsHas anyone else tried the QoS theory posted by Nougat on page 13? It's been working pretty darn well for me the past couple of days.
reply
anon @ 29th Aug 04:17PM:Re: UPDATE Re Comcast is using Sandvine to manage P2P ConnectionI tested my Utah comcast connection last night, seeded about 10GB to approx 20 peers maxed at 220KB per second upload the entire time. I didn't download any part of the torrent, it was a 3.5GB file i already had. So far in the last couple weeks I've been able to seed around 35GB of data on various torrents/trackers
I don't have encryption forced so i cant comment on whether all the connections were encrypted or not.
I guess what I'm saying is that i don't notice anything unusual (yet).
reply
anon @ 29th Aug 04:31PM:Re: Comcast is using Sandvine to manage P2P ConnectionsForced encryption is not working at all for me. (Then again, I'm initially-seeding at best possible upload speed.)
reply
anon @ 29th Aug 05:40PM:Re: Comcast is using Sandvine to manage P2P Connections quote:
WHY: To reduce costs associated with P2P bandwidth growth
Wrong; that's just propaganda. The real reason for this is to KILL bittorrent by preventing the seeding of torrents. Unseeded torrents = dead torrents = dead Bittorrent.
Simple as that.
reply
Roundboy @ 29th Aug 06:38PM:Re: UPDATE Re Comcast is using Sandvine to manage P2P ConnectionYou know, when I first read your post & followups I haven't used any torrent traffic at all.... but i did need to pull a few large files.
i did notice that my upload topped out at 0-3kB/s.. i don't know the reconnect rate, as the script wasn't working for me in Vista.
I just read THIS post, and was set to try it again with all suggestions... and as i set down to try it 'stock' to get a baseline.. i notice that now my torrents are running along just like normal..
Currently 527 kB/s down and > 20kB /s up ... ZERO connections reset.
5 minutes in, I am now looking at a wildly fluctuating upload at 2 - 12 kB/s . still zero resets. I'll begin my testing now..
Edit: With still nothing enabled.. I see that the total for all my current uploading files (currently 4) is pretty strong at > 50 kB/s .. so maybe its just that file..
--
$fontbg Steve the pirate DIES! $Fontbgreply
alucard_x @ 29th Aug 06:44PM:Script in Vista still not workingI tested the previous users fix for boxes that have both IPv4 and v6.
It got rid of the divide by zero error, but now i have something else, the total connections increases into the negatives:
etc.. it just keeps going.
here's my output for netstat -s
reply
tshirt @ 29th Aug 10:18PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Mike18xx : quote:
WHY: To reduce costs associated with P2P bandwidth growth
Wrong; that's just propaganda. The real reason for this is to KILL bittorrent by preventing the seeding of torrents. Unseeded torrents = dead torrents = dead Bittorrent.
Simple as that.
And why do YOU believe Comcast spent many million'$ just to kill BT?
reply
anon @ 29th Aug 11:03PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI can easily fathom many reasons. Hollywood and HBO, for instance, would certainly love to see all those aXXo and Deadwood torrents disappear, and they certainly have had no compunction throwing money at the problem.
Given the massive bandwidth consumption of High-Def (which the major providers are agog over), I find bandwidth arguments concerning bittorrent more than slightly ridiculous. In fact, it's total hokum. Most people would scratch their heads and go "Huh? What's that?" if you walked up to them and whispered "Bittorrent!" in their ears, but 99% of those people are going to go home and watch HOURS AND HOURS AND HOURS OF STREAMING VIDEO called "television". What's BT traffic compared to that?
If it really were a bandwidth rather than ulterior-motive problem, they'd either charge more for bandwidth-intensive usage, or lower their present 44kbps cap down to, say, 20kbps.
No, this Sandvine implementation is expressly intended to kill torrents by depriving them of seeds.
reply
hobgoblin @ 29th Aug 11:13PM:Re: Comcast is using Sandvine to manage P2P Connections"but 99% of those people are going to go home and watch HOURS AND HOURS AND HOURS OF STREAMING VIDEO called "television". What's BT traffic compared to that?"
You are comparing apples to ferrets.
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
macguy @ 29th Aug 11:52PM:Re: UPDATE Re Comcast is using Sandvine to manage P2P ConnectionEven with forcing encryption I'm still getting disconnected. I can seed to a peer for maybe a minute, and then I lose them.
So, apparently, comcast is still preventing seeding in my area.
reply
NormanS @ 30th Aug 12:34AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Mike18xx : quote:
WHY: To reduce costs associated with P2P bandwidth growth
Wrong; that's just propaganda. The real reason for this is to KILL bittorrent by preventing the seeding of torrents. Unseeded torrents = dead torrents = dead Bittorrent.
Simple as that.
And why must they kill BitTorrent? And what about the ISPs which aren't trying to kill BitTorrent. AT&T is in bed with the entertainment industry; but I am seeding BT just fine.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
anon @ 30th Aug 12:43AM:Re: Comcast is using Sandvine to manage P2P Connections quote:
You are comparing apples to ferrets.
Rubbish; data is data, and it's all managed by a single Comcast box for a "Triple Play" subscriber. Comcast doesn't have a problem finding the bandwidth for HD, or permitting users to browse YouTube all day long, or IRC monstrous files to each other -- yet a measely throttled 44kbps capped upload speed is
now somehow suddenly WAY too much for Comcast's bandwidth to handle, and so a technology specifically tailored to croak bittorrent seeding (as opposed to just dropping the cap) is introduced?
The "limited bandwidth" excuse does not wash.
reply
anon @ 30th Aug 12:52AM:Re: Comcast is using Sandvine to manage P2P Connections quote:
AT&T is in bed with the entertainment industry; but I am seeding BT just fine.
My nearly exact words, about three days ago in a uTorrent forum, were, "I hope I don't jinx myself, but I'm not having any problems with Comcast." Well, I did jinx myself.
Sandvine is a very recent development, and it and similar "traffic shaping" is spreading quickly throughout ISPs, particularly those granted legal regional monopolies (to say nothing of direct government-run ISPs, as is the case in many countries). Rogers (of Canada) was the camel's nose in the tent; Comcast is the camel's head in the tent. If one more US regional monopoly "triple play" ISP adopts sandvining before new tunneling mechanisms are invented and deployed "default = 'on'" by BT clients, there's a very real possibility that thousands of formerly well-seeded torrents will croak within weeks if not days.
reply
macguy @ 30th Aug 12:54AM:Re: Comcast is using Sandvine to manage P2P ConnectionsForced encryption isn't working here either. I can connect for a maybe a minute or two and then the peer disconnects from me.
Oh well.
reply
hobgoblin @ 30th Aug 01:03AM:Re: Comcast is using Sandvine to manage P2P Connections"Rubbish; data is data, and it's all managed by a single Comcast box for a "Triple Play" subscriber. Comcast doesn't have a problem finding the bandwidth for HD, or permitting users to browse YouTube all day long, or IRC monstrous files to each other -- yet a measely throttled 44kbps capped upload speed is now somehow suddenly WAY too much for Comcast's bandwidth to handle, and so a technology specifically tailored to croak bittorrent seeding (as opposed to just dropping the cap) is introduced?
The "limited bandwidth" excuse does not wash."
I think if you understood how a cable plant was set up then you might have a clue why Upstream bandwidth is at a premium.
What single "box" are you rambling on about?
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
tshirt @ 30th Aug 01:49AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Honeyko :
Rubbish; data is data, and it's all managed by a single Comcast box for a "Triple Play" subscriber. Comcast doesn't have a problem finding the bandwidth for HD, or permitting users to browse YouTube all day long, or IRC monstrous files to each other -- yet a measely throttled 44kbps capped upload speed
The "limited bandwidth" excuse does not wash.
That HD channel while huge in comparison, streams out to 10's of thousands, maybe millions of viewers, more users do not increase the bandwidth used, and each channel generates considerable monthly income. (via ads, ,premium channel fees, and PPV) it also can by allowed for in the plant design well in advance of demand.
compare that to tens of thousands/millions of different small files transferring by torrent may quickly exceed the data volume of all the HD channels combined, and generate no more income then the same number of "light duty" users.
As Hob said/implied cable by design has massively more downstream capacity then upload, with HSI you may have noticed speeds offer are always around a 12:1 - 8:1 ratio
and most likely will always be in that range, it is a limitation of the technology. Notice that even DSL and fiber offerings, which very easily could be symmetric, are 5:1 or more on the download side.
ComCast could be afraid of legal action from the XXaa's or want to protect future television revenue streams, but I doubt the xxaa's have enough clout/cash on hand to influeance any large ISP away from their best interest keeping the most customers happy and using as many services as possible.
in the long run Hollywood revenues will pale compared to the steady monthly income of the winning triple play providers.
reply
b1gdr3 @ 30th Aug 07:14AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by ztmike :
FIOS doesnt cap your speeds, or no caps on how much you can send/receive
You could seed till you bleed on fios or hell even Cablevision internet with Boost.
Before you say that fios doesn't cap anything I'd read :
»
www2.verizon.net/policies/acceptable_use.aspspecifically, letters I, N, and probably Z.
--
I wasn't born with enough middle fingers.reply
Movieman420 @ 30th Aug 10:21AM:Re: Comcast is using Sandvine to manage P2P ConnectionsAs I posted on pg 15, I'm able to seed now...and at normal speeds (for me) up to 120k! Never figured out how to force uT to use the VPN I set up (I'm not network savy..lol) so I just enabled the lazy bit field and turned on crypto and 2 days later I was seeding again. Doubt setting the LBF and crypto had much to do with it tho. Not sure what to think. I had it out with a CC tech over the phone when this started..basicaly pinned him down..lol.
Hope other CC peeps see the same happen to them. ;)
Deets:
Live in WV...my connection ultimately comes from Pittsburgh, PA
I pay for the 8Mb connect. My avg. max sustained d/l speeds are between 1 and 2MB/s and my avg max sustained up is ~120kBp/s. These speeds are rather high unless I was just speaking of a power boost 'surge' (I hit 20Mb down and 2500kb up on the flash speed test with boost)..otherwise these are my everyday speeds tho...I live in a semi rural area, maybe my node is actually 'undersold'?? Rofl...
reply
NormanS @ 30th Aug 10:42AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Honeyko :
Sandvine is a very recent development...
If you consider something that was deployed prior to June, 2005 "recent".
I don't see any evidence that traffic shaping is spreading rapidly; unless the "Slowskis" are your idea of rapid.
I see no evidence of telco use of Sandvine (even checked the Bell Sympatico (Canada) forum; nothing definitive). I see no evidence of Rogers style choking with Comcast. At least Funchords is demonstrating that Comcast is doing this more to mange bandwidth than to kill BitTorrent.
If AT&T were truly at the "beck and call" of the *IAA, they would have rolled over (when they were called, "SBC") for the DMCA subpoenas, instead of refusing to honor them.
And, while it is unclear to me whether SBC joined with Verizon in appealing a court decision in favor of the *IAA, Verizon did appeal, and the *IAA got their heads handed to them by a U.S. Appellate court.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
jbob @ 30th Aug 10:49AM:Re: Comcast is using Sandvine to manage P2P ConnectionsJust for a report, I had downloaded a few files yesterday using Shareaza. When it was done I let Shareaza run the rest of the day until late last night. It was seeding files from some previous downloads over the last 2 months. During the night I noticed it was uploading at over 600K. Comcast Gold subscriber, 768K. I'm not big into P2P so wouldn't consider myself all that knowledgeable in all the nuances but that seemed very fast to me. FWIW
reply
funchords @ 30th Aug 01:35PM:Re: Comcast is using Sandvine to manage P2P ConnectionsNice article --
Comcast killing BitTorrent upload connections (Verified)reply
reelbigfish @ 30th Aug 01:58PM:Re: Comcast is using Sandvine to manage P2P ConnectionsCurrently I am uploading between 24 KB/s and 88 KB/s. It seems like they are throttling the speeds but not killing the connection completely. I don't think this is so bad as it is keeping the network up and running but still allowing me to seed files.
reply
johnmwilson7 @ 30th Aug 09:13PM:Re: How to test how many connections are being reset by RST packFunChords,
Your script was passed on to me by a friend and I learned a lot from it.
Anyway, here is Version 3, it tracks current reset percent, average reset percent and displays a histogram. The histogram shows where the majority of your reset activity is occurring.
Perhaps it is overkill, but I had fun testing it.
Thanks,
John M. Wilson
------CUT HERE ------
@ECHO OFF
REM
REM Title: NetStat Check Reset V3
REM
REM Description: Extract summary data from Netstat and display percentage of current, average and a histogram of connection resets.
REM
REM CURRENT percentages are the difference between the previous (20 seconds ago) and current Netstat results.
REM AVERAGE percentages are the running total of the current percentages.
REM HISTOGRAM is a ranking of the number of current percentages that occurred. This shows the distribution of resets from 1-99 percent.
REM
REM So while the Average percentage may be 35%, the Histogram may show the majority of Current percentages are in the 20% range
REM with some spikes in the 40% or 50% range. This would indicate normal reset activity to be in the 20% range and the focus would be
REM in resolving the spikes.
REM
SETLOCAL
TITLE NetStat Check Reset V3
CLS
ECHO NetStat Check Reset Batch V3 [Ctrl-c quit]
REM Initialize variables
:init
REM Histogram values
SET HST00=0
SET HST10=0
SET HST20=0
SET HST30=0
SET HST40=0
SET HST50=0
SET HST60=0
SET HST70=0
SET HST80=0
SET HST90=0
REM Histogram print strings
SET PST00=___
SET PST10=___
SET PST20=___
SET PST30=___
SET PST40=___
SET PST50=___
SET PST60=___
SET PST70=___
SET PST80=___
SET PST90=___
REM Loop counter for header print
SET /A TESTCYCLE=-1
REM run Netstat summary page, find line and save 2nd field value
FOR /F "usebackq tokens=2 delims==" %%i IN (`netstat -s ^| find "Active Opens"`) DO SET /A PRVACTI=%%i
FOR /F "usebackq tokens=2 delims==" %%i IN (`netstat -s ^| find "Passive Opens"`) DO SET /A PRVPASS=%%i
FOR /F "usebackq tokens=2 delims==" %%i IN (`netstat -s ^| find "Failed Connection Attempts"`) DO SET /A PRVFAIL=%%i
FOR /F "usebackq tokens=2 delims==" %%i IN (`netstat -s ^| find "Reset Connections"`) DO SET /A PRVRESE=%%i
REM Begin loop section
:begin
REM Increment test cycles
SET /A TESTCYCLE=%TESTCYCLE%+1
IF %TESTCYCLE% GEQ 10 SET /A TESTCYCLE=0
REM Ping to nul used as timer
REM Each ping approximately 1 second delay
REM Value of 20 used as minimum wait time for connection activity.
REM
ping -n 20 localhost >nul
REM run Netstat summary page, find line and save 2nd field value
FOR /F "usebackq tokens=2 delims==" %%i IN (`netstat -s ^| find "Active Opens"`) DO SET /A NXTACTI=%%i
FOR /F "usebackq tokens=2 delims==" %%i IN (`netstat -s ^| find "Passive Opens"`) DO SET /A NXTPASS=%%i
FOR /F "usebackq tokens=2 delims==" %%i IN (`netstat -s ^| find "Failed Connection Attempts"`) DO SET /A NXTFAIL=%%i
FOR /F "usebackq tokens=2 delims==" %%i IN (`netstat -s ^| find "Reset Connections"`) DO SET /A NXTRESE=%%i
REM Subtract Previous from Next to get Current
SET /A CURACTI=%NXTACTI%-%PRVACTI%
SET /A CURPASS=%NXTPASS%-%PRVPASS%
SET /A CURFAIL=%NXTFAIL%-%PRVFAIL%
SET /A CURRESE=%NXTRESE%-%PRVRESE%
REM Accumulate the totals for averaging
SET /A CUMACTI=%CUMACTI%+%CURACTI%
SET /A CUMPASS=%CUMPASS%+%CURPASS%
SET /A CUMFAIL=%CUMFAIL%+%CURFAIL%
SET /A CUMRESE=%CUMRESE%+%CURRESE%
REM Add Active and Passive connections then subtract Failed connections
REM Calculate Percentage of Resets
SET /A CURESTA=(%CURACTI%+%CURPASS%)-%CURFAIL%
REM Bypass divide by zero errors
SET /A CURPRCT=0
IF %CURESTA% NEQ 0 SET /A CURPRCT=(%CURRESE%*100)/%CURESTA%
REM Accumulate current results for session average
SET /A CUMESTA=(%CUMACTI%+%CUMPASS%)-%CUMFAIL%
REM Bypass divide by zero errors
SET /A CUMPRCT=0
IF %CUMESTA% NEQ 0 SET /A CUMPRCT=(%CUMRESE%*100)/%CUMESTA%
REM Load histogram with current percentages in the range of 1-99%
IF %CURPRCT% LEQ 0 GOTO display
:break00
IF %CURPRCT% GEQ 10 GOTO break10
SET /A HST00=%HST00%+1
SET PST00=%HST00%
IF %HST00% LSS 10 SET PST00=_%PST00%
IF %HST00% LSS 100 SET PST00=_%PST00%
GOTO display
:break10
IF %CURPRCT% GEQ 20 GOTO break20
SET /A HST10=%HST10%+1
SET PST10=%HST10%
IF %HST10% LSS 10 SET PST10=_%PST10%
IF %HST10% LSS 100 SET PST10=_%PST10%
GOTO display
:break20
IF %CURPRCT% GEQ 30 GOTO break30
SET /A HST20=%HST20%+1
SET PST20=%HST20%
IF %HST20% LSS 10 SET PST20=_%PST20%
IF %HST20% LSS 100 SET PST20=_%PST20%
GOTO display
:break30
IF %CURPRCT% GEQ 40 GOTO break40
SET /A HST30=%HST30%+1
SET PST30=%HST30%
IF %HST30% LSS 10 SET PST30=_%PST30%
IF %HST30% LSS 100 SET PST30=_%PST30%
GOTO display
:break40
IF %CURPRCT% GEQ 50 GOTO break50
SET /A HST40=%HST40%+1
SET PST40=%HST40%
IF %HST40% LSS 10 SET PST40=_%PST40%
IF %HST40% LSS 100 SET PST40=_%PST40%
GOTO display
:break50
IF %CURPRCT% GEQ 60 GOTO break60
SET /A HST50=%HST50%+1
SET PST50=%HST50%
IF %HST50% LSS 10 SET PST50=_%PST50%
IF %HST50% LSS 100 SET PST50=_%PST50%
GOTO display
:break60
IF %CURPRCT% GEQ 70 GOTO break70
SET /A HST60=%HST60%+1
SET PST60=%HST60%
IF %HST60% LSS 10 SET PST60=_%PST60%
IF %HST60% LSS 100 SET PST60=_%PST60%
GOTO display
:break70
IF %CURPRCT% GEQ 80 GOTO break80
SET /A HST70=%HST70%+1
SET PST70=%HST70%
IF %HST70% LSS 10 SET PST70=_%PST70%
IF %HST70% LSS 100 SET PST70=_%PST70%
GOTO display
:break80
IF %CURPRCT% GEQ 90 GOTO break90
SET /A HST80=%HST80%+1
SET PST80=%HST80%
IF %HST80% LSS 10 SET PST80=_%PST80%
IF %HST80% LSS 100 SET PST80=_%PST80%
GOTO display
:break90
IF %CURPRCT% GEQ 100 GOTO break100
SET /A HST90=%HST90%+1
SET PST90=%HST90%
IF %HST90% LSS 10 SET PST90=_%PST90%
IF %HST90% LSS 100 SET PST90=_%PST90%
GOTO display
:break100
REM Final formatting and print
:display
REM Assign values to print strings
SET PCUMESTA=%CUMESTA%
SET PCUMRESE=%CUMRESE%
SET PCUMPRCT=%CUMPRCT%
SET PCURESTA=%CURESTA%
SET PCURRESE=%CURRESE%
SET PCURPRCT=%CURPRCT%
REM Skip leading zero for negative numbers
IF %CUMESTA% LSS 0 GOTO dbreak1
IF %CUMESTA% LSS 10 SET PCUMESTA=0%CUMESTA%
:dbreak1
IF %CUMRESE% LSS 0 GOTO dbreak2
IF %CUMRESE% LSS 10 SET PCUMRESE=0%CUMRESE%
:dbreak2
IF %CURESTA% LSS 0 GOTO dbreak3
IF %CURESTA% LSS 10 SET PCURESTA=0%CURESTA%
:dbreak3
IF %CURRESE% LSS 0 GOTO dbreak4
IF %CURRESE% LSS 10 SET PCURRESE=0%CURRESE%
:dbreak4
REM Print line break and header every 10 cycles
IF %TESTCYCLE% EQU 0 ECHO .
IF %TESTCYCLE% EQU 0 ECHO %TIME% - CURRENT AVERAGE I 00%% I 10%% I 20%% I 30%% I 40%% I 50%% I 60%% I 70%% I 80%% I 90%% I
REM Print Current percentage, Average Percentage and Histogram
ECHO %TIME% - %PCURPRCT%%% (%PCURRESE%/%PCURESTA%) %PCUMPRCT%%% (%PCUMRESE%/%PCUMESTA%) I %PST00% I %PST10% I %PST20% I %PST30% I %PST40% I %PST50% I %PST60% I %PST70% I %PST80% I %PST90% I
REM Save values into Previous
SET /A PRVACTI=%NXTACTI%
SET /A PRVPASS=%NXTPASS%
SET /A PRVFAIL=%NXTFAIL%
SET /A PRVRESE=%NXTRESE%
REM Loop again
GOTO begin
------CUT HERE ------
reply
Movieman420 @ 31st Aug 08:54AM:Re: How to test how many connections are being reset by RST packSince script JW. I went from being unable to seed at all a week ago...set up a vpn but couldn't get Az or uT to use it..lol. As of 2 days ago I'm seeding like normal (see above post).
Just used the script above...after 5 cycles (sets) my rst rate is almost exactly 20%.
Q to JW...does this script count all rst's or just the forged sandvine rsts??
Dunno wat I did to regain seeding ability (except a rather heated one sided convo with a CC tech bout traffic shaping..rofl) but I'm glad to be 'back'.
reply
funchords @ 31st Aug 06:21PM:Re: How to test how many connections are being reset by RST packsaid by Movieman420 :
Q to JW...does this script count all rst's or just the forged sandvine rsts??
The script counts them all, but on a "clean" (non-Sandvine) line, there should be very, very few (0% to 1%?). The RST is designed to close improperly half-open TCP connections. They generally only occur when one side or the other has closed the connection without going through the "FIN" final handshake. (This usually only happens when one side or the other spontaneously reboots).
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
johnmwilson7 @ 31st Aug 08:10PM:Re: How to test how many connections are being reset by RST packFunChords,
My next step will be to install WireShark and view the traffic to see what I can see. I am used to using Ethereal on my Linux box, but I can run WireShark on Windows. Other than the standard filtering options, any tips on sourcing the resets with this tool?
Sincerely,
John M. Wilson
reply
funchords @ 31st Aug 08:36PM:Re: How to test how many connections are being reset by RST packsaid by johnmwilson7 :
Other than the standard filtering options, any tips on sourcing the resets with this tool?
RST's with a sequence number seq=0 are probably not injected. Everything else is a "maybe" so you have to look at what was happening in the conversation and decide. RST's right on the tail of a bunch of data that was not problematic are very suspicious.
My last interesting discovery is that the injected RSTs had a TTL (in the IP header) of 123. The norm TTL from my computer was 128, and my peer was often in the 110s or 100s TTL. If my peer was coming in TTL=109 but the RSTs were TTL=123, that is surely injected.
HOWEVER, someone on the east coast sent me his capture file, and his RSTs that were seemingly injected all had the right TTL for his peer. :( I don't have enough data -- so look out for that for me.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
johnmwilson7 @ 31st Aug 09:33PM:Re: How to test how many connections are being reset by RST packFunChords,
Pardon my obvious question. I got WireShark installed and running. However, I could not figure out how to build a filter string for the RSET commands. I want to see all resets, so the filter should be simple.
By the way, cool website, I like the view from your house.
P.S. I found your other post detailing how to view the resets, so I am good.
»
Comcast is using Sandvine to manage P2P ConnectionsSincerely,
John M. Wilson
reply
johnmwilson7 @ 31st Aug 10:26PM:Re: How to test how many connections are being reset by RST packFunChords,
Using the following filter string
"(ip.src != your.ip.addr.ess) and (tcp.flags.reset == 1)"I was able to get a steady display of incoming resets. Of course most would be normal. However looking at the list, which ones should I consider to be suspect?
Sincerely,
John M. Wilson
reply
funchords @ 31st Aug 11:28PM:Re: How to test how many connections are being reset by RST packThe ones where Seq>1 and Ack>1 in the display (generally this means that data has already passed both ways, even if it was just a handshake).
reply
johnmwilson7 @ 1st Sep 08:40AM:Re: How to test how many connections are being reset by RST packFunChords,
Great, that will help. I have updated my filter string as shown below;
"( ip.src != your.ip.addr.ess ) and ( tcp.flags.reset == 1) and (tcp.seq > 1) and ( tcp.ack > 1)and (tcp.dstport == yourport)"With name resolution turned on, many of the connection sources are identified. So it is easy for me to recognize the packets from my network provider.
So my question is, are the forged resets spoofed as well? Or will they have the same name as my network provider?
Thanks for taking the time to walk me thru this. Hopefully others will find it useful as well.
Sincerely,
John M. Wilson
reply
funchords @ 1st Sep 12:09PM:Re: How to test how many connections are being reset by RST packIt looks like you're ready -- right click on one of those red lines and choose "Follow TCP Stream"
The RSTs are forged to appear to come from your Peer. They sometimes come at the end of stream of data, but more often they come right after a peer makes a request or after bitfields are exchanged.
An example is here: »
torrentfreak.com/images/comcast-rst1.txtMany of the RSTs you'll see will be clear cases of injected (forged) RST. Get to know those patterns.
When you look at the TCP Stream, one possibility is that the connection was shaky -- you'll see lots of retransmits and the RSTs that come won't fit the pattern of ones that are positively injected. These RSTs may or may not be legitimate, and when I'm not sure, I discount it.
Hope that helps!
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
anon @ 1st Sep 01:08PM:Re: UPDATE Re Comcast is using Sandvine to manage P2P ConnectionRobb,
I've notice my bit torrent share ratios have dropped over the past few months. My seeding stops after the download completes. Where do I change the setting to forced encryption? On my bit torrent client? On my lynksys router? I'm technology challenged but can follow directions.
Thanks
Kevin
Kreilly (at) aol.com
reply
funchords @ 1st Sep 04:05PM:Re: UPDATE Re Comcast is using Sandvine to manage P2P ConnectionHi Kevin!
Set it in your BitTorrent client. (You'll need to make sure that your client supports it.)
Here is a list that is somewhat current:
»
en.wikipedia.org/wiki/BitTorrent···versionsreply
villain106 @ 1st Sep 05:59PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by NormanS :said by Honeyko :
Sandvine is a very recent development...
If you consider something that was deployed prior to June, 2005 "recent".
I see no evidence of telco use of Sandvine (even checked the Bell Sympatico (Canada) forum; nothing definitive). I see no evidence of Rogers style choking with Comcast. At least Funchords is demonstrating that Comcast is doing this more to mange bandwidth than to kill BitTorrent.
Bell is DSL, Sandvine is primary focused on Cable ISP. Rogers uses a company called P-cube.
reply
Kelex @ 1st Sep 10:00PM:Re: Script in Vista still not workingsaid by alucard_x :
I tested the previous users fix for boxes that have both IPv4 and v6.
It got rid of the divide by zero error, but now i have something else, the total connections increases into the negatives:
etc.. it just keeps going.
I am having the same problem... the version 2 script is returning all negative data now. The Version 3 is showing zero's across the board. Any Suggestions?
reply
Movieman420 @ 1st Sep 10:11PM:Re: How to test how many connections are being reset by RST packsaid by funchords :
It looks like you're ready -- right click on one of those red lines and choose "Follow TCP Stream"
:o eegads..waaay to deep for me..lol.
reply
funchords @ 1st Sep 10:50PM:Re: How to test how many connections are being reset by RST pack158 kB/s upload is insanely fast! Is this one of those 16Mb/2Mb tiers of service?
Remember, all things in moderation. Even though you have 16M/2M, your neighborhood is still sharing the same pipe. Be a kind sharer. :)
reply
johnmwilson7 @ 2nd Sep 10:54AM:Re: How to test how many connections are being reset by RST packFunChords,
Thank you for your kind assistance. I have summarized your explanations on a new post with credit to you.
»
[Speed] There are good resets and there are bad resets...Sincerely,
John M. Wilson
reply
funchords @ 2nd Sep 11:31AM:Re: How to test how many connections are being reset by RST packsaid by johnmwilson7 :
Regarding Resets, there are good resets and there are bad resets.
Good and bad are subjective assessments. How about Expected and Unexpected, or perhaps Genuine and Forged
said by johnmwilson7 :
Along with the received SEQuence is included a command to be executed, such as SYNchronize at the beginning and reset (RST) at the end. Normal network transactions finish with a reset (RST) command.
Each received SEQuence may include a command to be executed, such as SYNchronize at the beginning and Final (FIN) at the end. Normal network transactions finish with a Final (FIN) command. »
tools.ietf.org/html/rfc793#section-3.5One command in a sequence may be Abort (RST). Abort is sent by an endpoint when a received SEQuence is not expected or allowed, such as attempting to connect to a closed port, or attempting to send data to an endpoint without first going through the SYN process.
It is not unusual to see an RST being sent at the very end of a properly-ended connection (using the FIN commands). These packets are a result of a stateful firewall at one endpoint or another which has closed the connection but then receives the final acknowledgment ("FIN,ACK") packet. While these RST responses are not necessary, they are harmless.
said by johnmwilson7 :
and then a second reset (RST) with an out of sequence number is also sent.
Yeah, I don't know what this second one is about. It is superfluous. There is no reason to send it.
said by johnmwilson7 :
Understand that you cannot easily verify the source of these resets: They can come from anyone who can view and transmit on the network. If they are forged, they can be made to look like anyone, even you. Some sources can be low-end traffic shapers, network blocking programs, hacker programs, or the actual sender may have a problem with their client.
It's key to understand that an idle attacker cannot easily accomplish this. This needs to be done by someone/something that it "in-line," that can read both sides of the conversation, and inject or forge a packet with exactly the correct sequence numbers.
Forging TCP packets is exceedingly difficult unless you are "the man in the middle."
said by johnmwilson7 :
Some solutions, in order of difficulty;
These are all generally fine suggestions.
One thing I don't see here is anything about tolerating it or "complaining" about it.
The ISP is not necessarily an evil entity. You got 3 resets in 10 minutes, and you're okay with that. I got a lot more and, still, I'm okay with that (for BitTorrent, anyway.)
However, Gnutella is broken for me. One option that I should explore is calling (or writing, with evidence provided) into Support and asking for the problem to be investigated and fixed.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
anon @ 2nd Sep 11:41AM:Re: How to test how many connections are being reset by RST packThe problem though is whatever Comcast is doing to monitor P2P is resulting in serious latency crud for some of the rest of us who don't use or even have BitTorrent. 3 days straight I have had my cable modem here in the MD/VA/DC area literally bombarded with 6881 incoming port traffic (the log is long and glorious) - a reverse lookup on those IPs reveal cable modems from both comcast.net as well as other cable/dsl providers and our routes are toasted as a result. Comcast Tech Support knows about it and calls it "network maintenance" If they're going to use to such software and monitoring tools, perhaps they should at least configure it correctly.
reply
anon @ 2nd Sep 12:43PM:Re: Comcast is using Sandvine to manage P2P ConnectionsSheesh! If you all don't like Comcast's terms, go get a 45 Mb DS3. They can be had for ~$15,000/mo.
Too spendy for ya? Maybe you could find 5 neighbors to split the tab, you each would have 7Mb pipes to suck on 24/7/365. You'd be in file pirate's heaven! No restrictions!
reply
funchords @ 2nd Sep 01:21PM:Re: How to test how many connections are being reset by RST packsaid by dontask2much :
The problem though is whatever Comcast is doing to monitor P2P is resulting in serious latency crud for some of the rest of us who don't use or even have BitTorrent.
I read your whole message. I'm 100% sure this is not related to Sandvine or BitTorrent monitoring.
What you are seeing sounds like "P2P Afterglow." »
Re: Dangers of P2P filesharing networks?Your firewall should be ignoring these packets. If they are causing latency, it probably is due to the number of CPU cycles that the router has to spend to evaluate or log them. It doesn't take any CPU cycles to drop them.
But if they really are causing problems, you can change your IP: »
Comcast High Speed Internet FAQ »
How do I get a different IP address?--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
NormanS @ 2nd Sep 02:48PM:Re: How to test how many connections are being reset by RST packsaid by dontask2much :
3 days straight I have had my cable modem here in the MD/VA/DC area literally bombarded with 6881 incoming port traffic...
Such connection attempts have never been a problem for me. And I often see them after I close a torrent. It sound more like your equipment can't handle the probes than that the Comcast network is suffering.
Also, I don't see how Sandvine can be a part of the problem. You shouldn't see so many BT connection attempts if you never use it. The peers only attempt to connect to a client which was part of torrent.
If I were a guessing person, I'd guess you have a wireless LAN, and an uninvited hitch hiker using your WLAN for their torrent sessions.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
Movieman420 @ 2nd Sep 05:42PM:Re: How to test how many connections are being reset by RST packHeh..this will blow your mind...Blast! isn't available in my area (WV..go figure...lol)! I signed up for the premium tier..the 8Mb line..when I asked what the upload bw was, I couldn't get an answer from the comcast person I talked to...I just figured it couldn't be any worse than my previous RoadRunner 9Mb line w/ 512kbps up, ~60k max u/l. My local computer guru who is also on comcast (formerly adephia like my area) told me of his speeds (he's in a semi-rural area)..thought it was a fluke. But I was wrong :)...I can maintain ~1,500k down (1.5MB) and between 80 and 160k up...u/l fluctuates. My only guess is my node is way undersold (I'm in a semi-rural area as well)..or it has something to do with the comcast/time warner buyout of Adelphia cable and my 'limits' got lost in the shuffle..I dunno but I love it..lol. On the flash bw test I hit 20+ down and usually 1.5Mb up but thats powerboost involved.
My last few tests:
»
/archive/comca···t=SearchAny way...a quick thought (for wat it's worth..lol)..Some clients do not show as a seed to other peers when in superseed mode...wonder if this mode could somehow be modified/used/employed to help 'fool' the sandvine box into thinking your not 'seeding'. I may be p!issin in the wind..just thought I'd mention it tho.
reply
funchords @ 2nd Sep 07:00PM:Re: How to test how many connections are being reset by RST packI hate you and everything that you stand for! ;)
said by Movieman420 :
Any way...a quick thought (for wat it's worth..lol)..Some clients do not show as a seed to other peers when in superseed mode...wonder if this mode could somehow be modified/used/employed to help 'fool' the sandvine box into thinking your not 'seeding'.
Lazy Bitfield does about the same thing, but I think your suggestion is worth a test.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
funchords @ 3rd Sep 07:09PM:Optimize BitTorrent To Outwit Traffic Shaping ISPssaid by funchords :said by Movieman420 :Some clients do not show as a seed to other peers when in superseed mode...wonder if this mode could somehow be modified/used/employed to help 'fool' the sandvine box into thinking your not 'seeding'.
Lazy Bitfield does about the same thing, but I think your suggestion is worth a test.
I tried it both ways today, no joy. But very good thinking on your part! :)
On a related note, here's something from Wired's HOW-TO Wiki. I am not the original author, but since I provided the last revisions, some displays (like the RSS) have listed me as the author. I don't deserve the credit:
Optimize BitTorrent To Outwit Traffic Shaping ISPs--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
Movieman420 @ 3rd Sep 07:25PM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPsA somewhat dark ending in that article...let's just hope the developers of Az and uT are getting busy with something. As the two most popular clients it'd be nice if they came up with a joint strategy together. One can only hope... :hmm:
reply
deblin @ 3rd Sep 10:18PM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPsDoesn't enabling (forcing) encryption have a similar effect, though? At least until it catches on, this means less peers (both up and down) if you enable and force encryption. Perhaps not as detrimental to the upstream side, but then the downstream side suffers, too.
--
"The Dude abides."reply
jig @ 3rd Sep 11:47PM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPsthe major reason to care about seeding is for ratio purposes, and there are two ways to fix that....
reply
StuartA67 @ 4th Sep 12:39PM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPsI'm a little technically challenged. What would I be looking for to see if the rst's are being sent. I have a network sniffer and saw quite a bit of action coming from Comcast and going to the port I have opened for bittorrent. Just not sure what it means exactly and I don't see rst in those.
reply
Movieman420 @ 4th Sep 04:14PM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPsThu a vpn or ssh tunnel (works for now at least) ...or spend a little money and get a host for a seed box. :)
reply
Selenia @ 4th Sep 07:51PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI have looked at Sandvine out of curiousity and possibly for proposing it for a certain municipal network. I can say it is an awesome tool. There are many tools in computers these days that can be used to do great things, but also terrible things. Sandvine is one such tool, It is very configurable and can redirect traffic relatively transparently, keeping backbone traffic and network load down, yet helping out many ping dependent games and applications all the while speeding up plenty of P2P downloads, It can also be configured to pretty well kill a protocol in such a way that it does not point to ISP blocking(shame on any ISP that does this). Its filters can be set in an advanced manner but it sounds like there are some primitive users. Some tools are only as good as their users. I can say with confidence that Sandvine can be a very good thing. I am just not sure how good it would be in huge greedy corporate hands like Comcast.
reply
funchords @ 4th Sep 08:34PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Selenia :
Its filters can be set in an advanced manner but it sounds like there are some primitive users. Some tools are only as good as their users.
Sandvine (the Company) has a very strong interest in seeing Comcast and its customers succeed with Sandvine (the P2P Policy Product). If Comcast needs help, I'm positive it is just a telephone call away.
PS: I know that this topic is being regularly read by Comcast and Sandvine insiders -- you guys really should pick up the phone and talk to one another.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
Roundboy @ 4th Sep 08:48PM:Re: Comcast is using Sandvine to manage P2P Connectionsis it possible to selectively drop RST packets?
one packet is not a false packet, but many over a period of time are fake..
can we filter one packet, and after a small period of time (milliseconds) allow it though if its the only one, or keep filtering if its repeated ?
--
[spoiler]Steve the pirate DIES![/spoiler]reply
Maarvin @ 4th Sep 09:48PM:Re: Comcast is using Sandvine to manage P2P ConnectionsIt has taken me a few days to read through this whole thread. I took interest in it as Azureus has been acting up badly within the last month or so. I don't do very much P2P, but I find it useful at times.
I first noticed things acting strange after a problem free download. The seed displayed that I was firewalled even though a test of the port showed that it was open. Nothing I could do would get me to seed. I just gave up.
Recently, Azureus updated to 3.0.2.0, so using the CheckRST.bat file (that I am grateful for) I ran another test with logging on and with the following conditions set to on:
- Require Encrypted Transport
- Minimum Encryption level to RC4
- Use Lazy Bitfield
And for the heck of it:
- Allow multiple connections from same IP
- Prioritize first and last pieces of file(s)
This worked. Although the RSTs received were averaging about 25%. The download completed normally as did seeding. It continues as I write this.
Edit: P.S. QoS for the port was enabled at the router as well.
--
The first rule of fiber optics: you do not talk about fiber optics, ever!
reply
dfxmatt @ 4th Sep 10:55PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :said by Selenia :
Its filters can be set in an advanced manner but it sounds like there are some primitive users. Some tools are only as good as their users.
Sandvine (the Company) has a very strong interest in seeing Comcast and its customers succeed with Sandvine (the P2P Policy Product). If Comcast needs help, I'm positive it is just a telephone call away.
PS: I know that this topic is being regularly read by Comcast and Sandvine insiders -- you guys really should pick up the phone and talk to one another.
Last time I talked to them on the phone (comcast), I was treated very aggressively, almost threatened by the techs. So I don't know what to say.
For those who call comcast, please record your calls. Do remember that when they say "these calls may be recorded for quality assurance" is the neccessary notification to record them as well. I can't find the exact link but here is an Example: »
www.voiceprintonline.com/news_fu···le_id=51reply
anon @ 5th Sep 07:29PM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPssaid by Movieman420 :
Thu a vpn or ssh tunnel (works for now at least) ...or spend a little money and get a host for a seed box. :)
Can you give a little more direction, even in the form of a link with info. Several posters above have said they haven't had success with this method (I'm not able to get it working either with SecureIx).
Thanks
reply
Presage @ 6th Sep 08:33PM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPsUse PuTTy and a shell to use SSH and tunnel your bittorrent traffic. Info here: »
whalesalad.com/2006/08/27/tunnel···/#eberthI recommend checking freeshells.info for shells.
reply
koitsu @ 7th Sep 03:10AM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPsAnd I recommend talking to your shell provider before doing this. It's considered "rude" to blindly siphon network traffic through a shell host like this, since now you're not only using up large amounts of bandwidth yourself, but on your shell providers' uplink as well.
I can tell you that as a hosting provider that offers SSH, if our users started doing that with their shell accounts, I'd be *livid*.
reply
anon @ 7th Sep 04:40AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI just moved to Seattle and I am now having problems related to BT with Comcast, which I wasn't having before. Utorrent is constantly dropping the connection, which seems in line with what is being discussed here, but it is not doing it with every tracker.
Is this something tracker related or something Comcast is doing? I can upload elsewhere at the 90 kb/s rate that I get with the 8mbps package.
Seems strange that it is only shaping traffic in regards to particular trackers.
reply
anon @ 7th Sep 10:48AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI'm not having the problem descibed, but is this the magic bullet for those that are?
»
redhatcat.blogspot.com/2007_09_0···ive.htmlreply
funchords @ 7th Sep 04:02PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Rom :
Utorrent is constantly dropping the connection,
What you will see is, looking at the peer list, is that peers will appear for up to 30 seconds, then disappear. This will happen over and over.
It has nothing to do with the Tracker or your connection with the tracker. It affects the connections with your peers.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
funchords @ 7th Sep 04:04PM:Re: Comcast is using Sandvine to manage P2P ConnectionsNo. The RST packet is sent in both directions -- so even if you ignore the RST, your peer is still going to obey it -- leaving a half-open connection.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
NormanS @ 7th Sep 04:51PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :No. The RST packet is sent in both directions -- so even if you ignore the RST, your peer is still going to obey it -- leaving a half-open connection.
You have gone to a depth that surpasses my understanding of the way things work...I think. Still, what if I checked on my end (at&t Yahoo! HSI customer) for forged RST packet from Comcast. If I ignored them
and the Comcast user ignored them, what would happen?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
koitsu @ 7th Sep 05:16PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by NormanS :
You have gone to a depth that surpasses my understanding of the way things work...I think. Still, what if I checked on my end (at&t Yahoo! HSI customer) for forged RST packet from Comcast. If I ignored them and the Comcast user ignored them, what would happen?
Two things -- both bad -- could happen:
1) You'd have a TCP session that was in an unknown/invalid state. Such can happen in the case of latent networks, or where part of the SYN/SYN+ACK handshake fails. TCP RST is quite valid under normal operation (and happens more often than one thinks), so it's important to respect that.
2) You'd have a TCP session that would never get torn down. What decides how the connection is torn down? Essentially it's up to the application to decide how they want to handle an error condition on recv(3) (I'm talking UNIX here; no idea how Windows' TCP stack works on this).
A fairly ugly/vague explanation is here:
»
www.flukenetworks.com/fnet/en-us···pert.htmA better analysis is here:
»
pages.cpsc.ucalgary.ca/~carey/pa···sets.pdfYour question got me thinking, though:
It *is* possible to write a program that makes some assumptions about the TCP state (that is to say, two programs both written to essentially never induce TCP RST). This means that it *is* possible for someone to write/modify a BitTorrent client to simply ignore RST (by handling the error condition differently), and continue on blindly. However, this situation would have to be negotiated in some way between client/peer and server/seed because you couldn't just blindly assume the TCP session was flawless -- it isn't, which is why TCP is stateful!
Thus brings me to another conclusion:
Why not just use UDP? It's stateless (thus faster than TCP), but has the downside of not having send/receive guaranteed like TCP does. UDP is used by most FPS online games, because if you lose a single packet (due to whatever), that pretty much amounts to a lost bullet, lost step/movement to the right, or whatever else. Chances are less than 1ms later, the client will be sending another one of those anyway (especially in regards to movement), so the lost packet is not a big deal.
If you're an old BBS user, you can consider UDP synonymous with Ymodem-G (known for blazing speeds, but absolutely no data validation, so you took a risk in the case that your modem didn't have EC (or the remote end lacked EC)).
Using UDP datagrams, the clients would have to essentially emulate TCP over UDP (that is to say, do some sort of handshake where one sends a large UDP packet, performs a checksum validation of it, asks the server/seed "is this right?" and have it reply "yes it is" and continue on).
Using this method would work around the Sandvine's interceptor. You might be wondering, "So how could Comcast circumvent *that*?" They'd have to rate-limit or downright block UDP packets altogether -- or, because the Sandvine can do packet analysis, somehow code up an analysis of the stateful-like UDP packets and monitor those, injecting refusals of checksums or whatever else they could do to severe the connection.
Meaning: it would be a matter of time before Sandvine and Comcast worked out a way to deal with using UDP instead of TCP.
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.reply
funchords @ 7th Sep 08:06PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by NormanS :
You have gone to a depth that surpasses my understanding of the way things work...I think. Still, what if I checked on my end (at&t Yahoo! HSI customer) for forged RST packet from Comcast. If I ignored them and the Comcast user ignored them, what would happen?
Nothing, the connection would happily continue.
But there is a mildly-bad side effect -- if something happened on one end or another that interrupted your connection before it was properly closed, the loss of the RST flag means that you wouldn't be able to quickly detect and fix it. You'd have to wait for a timeout either from your application or the network stack. Meanwhile, you have no idea why things just died -- you appear to be connected, but you're not.
There are other, less bad, side effects. For example, "Connection Refused" wouldn't be detected anymore, but the timeouts in that state are generally a lot shorter.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
anon @ 8th Sep 06:20AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :
Nothing, the connection would happily continue.
But there is a mildly-bad side effect -- if something happened on one end or another that interrupted your connection before it was properly closed, the loss of the RST flag means that you wouldn't be able to quickly detect and fix it. You'd have to wait for a timeout either from your application or the network stack. Meanwhile, you have no idea why things just died -- you appear to be connected, but you're not.
There are other, less bad, side effects. For example, "Connection Refused" wouldn't be detected anymore, but the timeouts in that state are generally a lot shorter.
Also not all RST set packets have zero length data. Many have data we need because they are actually sabotaging needed packets and not just inserting standalone RST packets into the stream thus increasing packet count.
In my testing just blocking on both sides works only so so. it is much better to re forge (unset the RST flag) packets that are NOT zero length data, then let them through. So if zero length data just block it. if NOT zero length data unset the RST flag and let it through.
Another thing that could be tried is to just delay your response action to RST and then watch to see if any legit peer packets come in right behind it. If they do then odds are that RST was BOGUS and did not come from the peer. What to do next is obvious :)
reply
ztmike @ 8th Sep 06:52AM:Re: Comcast is using Sandvine to manage P2P ConnectionsWell it looks like my ride is over for seeding as well.
Im currently trying to seed but its seeding around 3.0 to 5.5kb/s and then sometimes it jumps higher..i don't know if its just nobody is downloading or what.
Kinda weird though.. i got an email from some myspace guy that lives in Valpo (A town not far from me) asking if my bit torrent seeding speed has dropped to nothing. I told him no and gave him the link to this topic, after i sent that back to him my seeding speed dropped..
I'll update later if this "Sandvine" is really in effect.
reply
anon @ 8th Sep 10:10AM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPs"What would I be looking for to see if the rst's are being sent. I have a network sniffer and saw quite a bit of action coming from Comcast and going to the port I have opened for bittorrent"
I didn't have my port open, don't use or even have BitTorrent and I saw the same thing you did. Someone posted in reply to me last weekend that I either had someone on my wireless router (sorry, there's no joy there, it's WEP and MAC filtered/restricted for that very reason) and I was seeing P2P afterglow and alas too, not the case. Instead, this was loop back traffic from a specific network router locally affected in conjunction with Comcast's filtering implementation in this area - they cleared it up this past Sunday night and I no longer have any of the issues that I had before. I might also mention that when calling Comcast last weekend, I was told by the 3 folks to whom I spoke that the call center's own network was intermittently degraded or completely down while this work was taking place.
It is no surprise that Comcast (or any other ISP/broadband provider for that matter) would be attempting to throttle excessive bandwidth consumption based on their published TOS and advertised service packages you can purchase. Sorry folks, I can also say that since this all took place, my service is better than it ever has been before - and I am glad.
To the poster who mentioned UDP - good luck. UDP is notoriously unreliable even though it's lighter and quicker and my bet is you'll have the same issues you are now and perhaps worse. Especially on Comcast's network - at least in my area, my employer wanted us use UDP as the default protocol for VPN into their network and I tested it for them from both Cox and Comcast connections. It was so bad (frequent drops, hanging out there in the ether) that the UDP "standard" idea was abandoned after 3 weeks of testing.
reply
StuartA67 @ 8th Sep 11:02AM:Re: Optimize BitTorrent To Outwit Traffic Shaping ISPsI just heard (from an undisclosed source) that Comcast is not throttling as much those on the higher speed package (8mbs). Not sure if this is a fact or not but curious to know if others are noticing this distinction.
S
reply
funchords @ 8th Sep 03:57PM:Tests and Results-RSTs are set in both directionsRegarding these Posts and similar:
»
redhatcat.blogspot.com/2007/09/b···pfw.html»
redhatcat.blogspot.com/2007/09/b···les.htmlSeveral have mentioned that it is possible to defeat the injected/forged RST packets by ignoring them at a firewall. I tested that theory earlier »
Re: Comcast is using Sandvine to manage P2P Connections but the rumor persists. "Redhatcat" claims first-hand knowledge that a forged RST is not sent from the Comcast network.
»
digg.com/linux_unix/Linux_iptabl···_Killing quote:
Comcast does not kill non-Comcast connections. I only know from personal experience.
I believe they choose to not do this to avoid lawsuits from other ISPs, as that behavior could be seen as a DoS attack on their customers/networks. That's not to say what they are doing to their customers now is not a DoS attack, but they are less afraid of lawsuits from individuals than other ISPs most likely.
Unfortunately, he is incorrect.
The following are two Wireshark copies of the same TCP conversation -- one from a Comcast system that is seeding a BitTorrent file, one from a Non-Comcast system that is trying to download it. The connection is torn down by forged RST packets about 30 seconds after it starts:
Conclusion: The RST is sent to both the Comcast and Non-Comcast sides of the connection.
If only one side respects the RST flag, the connection will be left in a half-open state. To one side, the TCP connection will appear to be valid and open. To the other, the TCP connection will have been ended. A half-open TCP connection is useless for exchanging data.
Comcast users should not modify their firewalls to drop RST packets as it is not an effective defense against the injected RST packets.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
ztmike @ 8th Sep 04:08PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI have a question..Will this Sandvine affect xbox 360 users who try to host a game?
I don't have a 360 but was thinking about picking one up later on down the road.
reply
koitsu @ 8th Sep 04:16PM:Re: Comcast is using Sandvine to manage P2P ConnectionsAt this time, no, it shouldn't affected game hosting on a 360 or otherwise. It appears specific to BitTorrent traffic. No 360 games (AFAIK) use BT. Most use UDP, from what I've seen (I sniffed Two Worlds' traffic, to see if the claims of "servers being in Germany" was true or not. Private games appear to be peer-to-peer, and use UDP only.)
reply
ztmike @ 8th Sep 04:20PM:Re: Comcast is using Sandvine to manage P2P ConnectionsCan anyone confirm this? That has actually tried it..and has this crap Sandvine on their line?
reply
koitsu @ 8th Sep 07:25PM:Re: Comcast is using Sandvine to manage P2P ConnectionsYes -- ME!
reply
anon @ 8th Sep 11:10PM:msg deleteddeleted by a moderatorreply
ztmike @ 9th Sep 12:33PM:Re: Comcast is using Sandvine to manage P2P ConnectionsStrange..my upload speed is back on utorrent, currently pegging my 384upload on torrent that has been done for awhile now.
reply
funchords @ 9th Sep 01:44PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by ztmike :
Strange..my upload speed is back on utorrent, currently pegging my 384upload on torrent that has been done for awhile now.
yeah, they're messing with things. My test results differ one day to the next.
They are also closely monitoring this forum (both Sandvine and Comcast). A few insiders have contacted me (robb at funchords dot com) -- I'll never disclose who. But clearly, this matter is getting some "underground" attention.
I'm not sure if the day-by-day changes are a result of the feedback we're getting, or if they're tuning, or what. But, I agree with you -- it behaves strangely.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
ztmike @ 9th Sep 02:19PM:Re: Comcast is using Sandvine to manage P2P ConnectionsWhat feedback?
As far as Comcast watching this thread, I have one thing to say to them, kiss my white ass.
This "Sandvine" should be reported to a news agency say..CNN or MSNBC, its obvious Comcast is doing this and should get coverage, Since Comcast failed at telling their own paying customers a lie, And if its against some laws in states im surpised their still expanding the coverage of sandvine.
Comcast as far as big companys go are now worse than Microsoft in my book.
reply
hobgoblin @ 9th Sep 06:00PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by ztmike :
Comcast as far as big companys go are now worse than Microsoft in my book.
cancel your service.
Goodbye
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
EG @ 9th Sep 09:47PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by ztmike :
What feedback?
As far as Comcast watching this thread, I have one thing to say to them, kiss my white ass.
This "Sandvine" should be reported to a news agency say..CNN or MSNBC, its obvious Comcast is doing this and should get coverage, Since Comcast failed at telling their own paying customers a lie, And if its against some laws in states im surpised their still expanding the coverage of sandvine.
Comcast as far as big companys go are now worse than Microsoft in my book.
Do you really think that they would invest money in an app such as Sandvine without having first done their homework ??
reply
Selenia @ 9th Sep 10:03PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by hobgoblin :said by ztmike :
Comcast as far as big companys go are now worse than Microsoft in my book.
cancel your service.
Goodbye
Hob
It might be reasonable advice if they have decent alternatives. Some areas don't. I seen you make apathetic comments to this effect before. While one of them is true that "they have the right to manage their networks" leaving out the "as they see fit" part because as they see fit could literally mean anything, these people have the right to bitch. The ISP has gone beyond managing their network and to infringing rights in 2 ways. 1) They don't seem to limit sharing files with who you choose, they seem to outright kill it! and 2) This is the big one. They have NO RIGHT to lie to their customers. That's just false advertising and they could be sued for it if they can prove this Sandvine shaping and record calls with Comcast denying it. Comcast by denying it, in effect, is telling you that you will have an uninhibited connection, provided you do not violate the excessive bandwidth clause, which is fuzzy in itself and could result in legal action someday making them disclose what the customer is getting for limits. This in itself, denies the consumer the right to make an educated choice about their service.
If you're wondering why I'm standing up for these people, it's because this kind of hits home. It took alot of effort to get Rogers to admit what they are doing, but they came out much quicker than Comcast seems to want to. It's also about net neutrality and peoples' right to choose. Would you like it if Comcast blocked dslreports in favor of a competitive site? Well them and other ISPs are playing that same game, only with protocols.
reply
hobgoblin @ 9th Sep 10:12PM:Re: Comcast is using Sandvine to manage P2P ConnectionsThis has nothing to do with Net Neutrality, nothing.
The customer has a right to choose. He can choose to use the service..or not to.
Define decent alternatives?
"Would you like it if Comcast blocked dslreports in favor of a competitive site? Well them and other ISPs are playing that same game, only with protocols."
Unfortunately that is complete bollocks. That is not what is happening. They are not discriminating, according to this thread its all network impacting traffic.
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
Selenia @ 9th Sep 10:18PM:Re: Comcast is using Sandvine to manage P2P ConnectionsThis is all about neutrality because many programs and such are distributed using these specific protocols from developers with little money but maybe a great mind, which includes those who put together open source projects. Meanwhile, Microsoft has no issue with buying all these huge http servers and distributing things that way. Obviously Mr. small torrent-app-distributer who can't afford these servers is very hurt by this but companies like Microsoft aren't. How do you figure that being neutral?
reply
CableConvert @ 10th Sep 12:20AM:Re: Comcast is using Sandvine to manage P2P Connectionsactually...that is whats happening. They are specificly going after torrent traffic, thus the protocol argument is valid. It is their network as well to do with as they please. If they want to block or use QOS type traffic shaping, it is their right to do so over their network. I have a problem with them sending you rst packets masked as someone else's and falsely severing a connection between two willing peers. I'm sorry, that is fraud, and it is illegal. Look it up in websters dictionary...its quite plainly there. Not sure what the hell 'bollocks' is but my guess is you are full of it
reply
NormanS @ 10th Sep 12:38AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by CableConvert :
I have a problem with them sending you rst packets masked as someone else's and falsely severing a connection between two willing peers. I'm sorry, that is fraud, and it is illegal. Look it up in websters dictionary...its quite plainly there.
So file charges against Comcast. All you need do is take the evidence presented in this thread to your DA, or AG and make the complaint.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
espaeth @ 10th Sep 12:52AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by Selenia :
This is all about neutrality because many programs and such are distributed using these specific protocols from developers with little money but maybe a great mind, which includes those who put together open source projects. Meanwhile, Microsoft has no issue with buying all these huge http servers and distributing things that way. Obviously Mr. small torrent-app-distributer who can't afford these servers is very hurt by this but companies like Microsoft aren't.
That would be a better argument if web hosting wasn't cheap as hell. For $4/mo or even cheaper you can get a few GB of web hosting space and several GB of transfer. The more popularity a project gains (ie, Linux distros) the more donated hardware and bandwidth get thrown at a project. P2P is definitely a viable option for distribution of such projects, but it is clearly not the only option.
I'm sure Comcast is looking at this from a protocol/abuse complaints ratio. They've done this with TCP port 25 blocks to mitigate spam complaints as most people don't need outbound port 25 access. Now I'm sure they're looking at how many DMCA notices they have to deal with, how much of it is P2P related, and how much P2P traffic screws with their oversubscription ratios that make providing service at these prices feasible.
-Eric
reply
espaeth @ 10th Sep 12:55AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by NormanS :said by CableConvert :
I have a problem with them sending you rst packets masked as someone else's and falsely severing a connection between two willing peers. I'm sorry, that is fraud, and it is illegal. Look it up in websters dictionary...its quite plainly there.
So file charges against Comcast. All you need do is take the evidence presented in this thread to your DA, or AG and make the complaint.
Make sure you provide a list of legal content it prevented you from obtaining at the same time. ;-)
-Eric
reply
deblin @ 10th Sep 01:50AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by espaeth :
Make sure you provide a list of legal content it prevented you from obtaining at the same time. ;-)
-Eric
Zing! I guess in this case, it's affecting all torrents, so hopefully one would be smart enough to collect data for a legal torrent such as a Linux distro or something ;)
--
"The Dude abides."reply
Movieman420 @ 10th Sep 06:21AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI believe comcast IS 'tuning' sandvine. As of a week or so ago, I went from the FORGED rsts preventing me from seeding at all to being able to seed once again.
The RST counting script in this thread now consistently shows me at EXACTLY 20% resets...no matter when I test...
BUT...as stated earlier by CableConvert...
*****************************
I have a problem with them sending you rst packets masked as someone else's and falsely severing a connection between two willing peers. I'm sorry, that is fraud, and it is illegal. Look it up in websters dictionary...its quite plainly there.
*****************************
btw...comcast is forging resets BOTH ways! Sending them to you AND your peers..each appearing to come from the other!
The least they could do is stop LYING to their customers about using sandvine...that would be a start..honesty, imagine that. I doubt comcast will ever admit to sandvine...then they would have to deal with possible legal proceedings related to this flavor of fraud and deception.
Comcast....is your network, your pipes..true enuff. BUT you went about this whole traffic shaping thing terribly wrong. You should have openly declared it and furnished support for those customers having excessive trouble cuz YOU didn't implement sandvine properly (meaning you having done your homework AND testing before shaking the faith of scores of your customers..most of whom pay extra for the premium connection!!)
/rant
reply
ztmike @ 10th Sep 07:17AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI have a question, For those people that have Blast tiers, is Comcast adding sandvine to their connection also? My guess..is no because if they did most of them would probably drop comcast like a hot potato if they have the FiOS option..and comcast knows that. Just curious though..
O and i also sent this link about sandvine to NBC 5 in Chicago and ill also be sending it to other big name news station, its worth a try i guess. ;)
reply
Roundboy @ 10th Sep 08:49AM:Re: Comcast is using Sandvine to manage P2P ConnectionsYes and no according to the info in this thread.
Yes, as in I can't seed anything, and I see connections start off strong and then blink out. downloading is just fine though.
No, as in according to the output of the batch file on my Vista 64 system... I am dropping exactly ZERO connections. I just never took the time to see if its using the proper lines in my netstat output.
--
[spoiler]Steve the pirate DIES![/spoiler]reply
funchords @ 10th Sep 03:10PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by ztmike :
I have a question, For those people that have Blast tiers, is Comcast adding sandvine to their connection also?
Someone with Blast! will have to answer that.
I did come up with a marketing name for Comcast's implementation of Sandvine's P2P Application:
Comcast PowerBoot!eh? :D
said by ztmike :
O and i also sent this link about sandvine to NBC 5 in Chicago and ill also be sending it to other big name news station, its worth a try i guess. ;)
It's going to be hard to explain this one to the masses in the 45 seconds a TV story allows. It might be possible.
It might be an idea to call up a newspaper reporter who has written about Comcast before (on a somewhat technical thing like NetNoot or Invisible Caps) who can sift through this and pull out the interesting story.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
kcblack @ 10th Sep 04:55PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI still think this packet forging is a violation of the ECPA(Electronic Communications Privacy Act). I'm not a lawyer, but it seems to violate both the letter and the intent for the law.
It is specifically an interception of a lawful communication, which a linux distro, is for example.
There are pretty specific penalties and since it could be considered that they are "profiting" from the interception, looks like they could be in trouble if someone reports them to DOJ (Department of Justice).
--Edited to expand acronyms for those who have been living under a rock for the last twenty years or the comcast trolls.--
--
"Because we've invested over $4 billion in building our MegaBand network so you can enjoy the internet the way it was intended to be: fast and uncapped." (RCN marketing Promo)reply
koitsu @ 10th Sep 05:53PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by kcblack :
I still think this packet forging is a violation of the ECPA. I'm not a lawyer, but it seems to violate both the letter and the intent for the law.
I have the same opinion as you, but I have no idea what I can actually *do* about it. Changing ISPs is the most logical option, but as already I've mentioned in this thread, changing ISPs sometimes isn't an option (ex. only two choices and the competitor is worse).
I'll again point out that I'd rather Comcast do what ISPs are supposed to do -- provide unaltered transit -- but if they absolutely
must throttle torrent seeding somehow, I'd rather they use Sandvine to rate-limit and not inject falsified packets.
As someone fairly technical, I just happen to have a lot of concerns over a "governing body" (in this case an ISP) tinkering with a stateful protocol like TCP.
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.reply
ztmike @ 10th Sep 05:58PM:Re: Comcast is using Sandvine to manage P2P ConnectionsWhats the DOJ?
reply
Movieman420 @ 10th Sep 06:26PM:Re: Comcast is using Sandvine to manage P2P ConnectionsUnited States Dept of Justice...
reply
NormanS @ 10th Sep 11:19PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by kcblack :
I still think this packet forging is a violation of the ECPA...
Evangelical Christian Publishers Association?
European Crop Protection Association?
Okay. I just refined my search and scanned four links before finding the, "Electronic Communications Privacy Act". I am good, now.
There are pretty specific penalties and since it could be considered that they are "profiting" from the interception, looks like they could be in trouble if someone reports them to DOJ.
Well, you have the evidence, what's holding you back?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
dfxmatt @ 11th Sep 12:57AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI would love to work on this in illinois as it is a fraud case and other news sites have shown it, but where am I supposed to find funding? I'd suggest someone goes to the EFF if they haven't already (I will tonight).
reply
espaeth @ 11th Sep 03:02AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI don't think the legal argument is quite the slam dunk people seem to be implying. Go lookup your IP address at ARIN and see who the legal owner of the space is. (hint: it's not you) Your use of the service is governed by the Terms of Use and Acceptable Use Policy documents. Those documents have all sorts of fun provisions like this one (Paragraph 2 under Violoation of Acceptable Use Policy):
Comcast prefers to advise customers of inappropriate behavior and any necessary corrective action. However, if the Service is used in a way that Comcast or its suppliers, in their sole discretion, believe violate this AUP, Comcast or its suppliers may take any responsive actions they deem appropriate. These actions include, but are not limited to, temporary or permanent removal of content, cancellation of newsgroup posts, filtering of Internet transmissions, and the immediate suspension or termination of all or any portion of the Service. Neither Comcast nor its affiliates, suppliers, or agents will have any liability for any these responsive actions. These actions are not Comcast's exclusive remedies and Comcast may take any other legal or technical action it deems appropriate.
Everybody here who has Comcast service agreed to these provisions when they signed up.
-Eric
reply
kcblack @ 11th Sep 10:25AM:Re: Comcast is using Sandvine to manage P2P ConnectionsNorman:
I'm not a comcast customer. If I was, I'd be one of the first on a Class action suit if it impacted my upload/download abilities. I have RCN cable modem service and they do throttle, but they don't falsify packets to do it...There are many workarounds for the way they throttle so its not worth my while..if they did it the same way comcast did it, I'd be one of the first reporting their activities to the DOJ. I'm reasonably satisfied since I get 20MB down/2 MB up.
I was just pointing out the possible ECPA violations. Comcast customers feel free to investigate :0
Kevin
--
"Because we’ve invested over $4 billion in building our MegaBand network so you can enjoy the internet the way it was intended to be – fast and uncapped." (RCN marketing Promo)reply
kcblack @ 11th Sep 10:32AM:Re: Comcast is using Sandvine to manage P2P ConnectionsFederal law trumps any TOS and Comcast can say that they don't have any legal liability all day if they want...doesn't make it true :)
Ask any company who has been on the receiving end of a federal lawsuit or class action suit.
As far as ownership of IP space goes...Comcast doesn't even own the IP space they use, so thats sort of an moot point.
Kevin
--
"Because we’ve invested over $4 billion in building our MegaBand network so you can enjoy the internet the way it was intended to be – fast and uncapped." (RCN marketing Promo)reply
kcblack @ 11th Sep 10:38AM:Re: Comcast is using Sandvine to manage P2P ConnectionsYou could file a complaint (for free) with the DOJ (Department of Justice) and see if they would bite.
Kevin
reply
anon @ 11th Sep 10:48AM:Re: Comcast is using Sandvine to manage P2P ConnectionsI have a question..if RCN cable is offering 20/2 speeds in Chicago..why isn't comcast offering anything near that?
reply
dfxmatt @ 11th Sep 10:57AM:Re: Comcast is using Sandvine to manage P2P Connectionsbecause you can't get RCN where you can get comcast. Viva le monopoly.
Anytime I look for RCN for available services where I have lived in and near chicago, it always points me to comcast.
reply
kcblack @ 11th Sep 11:35AM:Re: Comcast is using Sandvine to manage P2P ConnectionsActually, I can get both, but I'm in a cherry picking neighborhood...
Kevin
reply
ztmike @ 11th Sep 11:49AM:Re: Comcast is using Sandvine to manage P2P ConnectionsGot an email today from NBC 5 in Chicago
Hi Michael, Thank you for sharing this information with us, and we will continue to do research into the matter, as well as complaints we receive regarding comcast. We will contact you should we need more information.
Thank you,
Marcy FarreyTarget 5 Researcher
reply
ajax25 @ 11th Sep 12:33PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by espaeth :I don't think the legal argument is quite the slam dunk people seem to be implying. Go lookup your IP address at ARIN and see who the legal owner of the space is. (hint: it's not you) Your use of the service is governed by the Terms of Use and Acceptable Use Policy documents. Those documents have all sorts of fun provisions like this one (Paragraph 2 under Violoation of Acceptable Use Policy):
Comcast prefers to advise customers of inappropriate behavior and any necessary corrective action. However, if the Service is used in a way that Comcast or its suppliers, in their sole discretion, believe violate this AUP, Comcast or its suppliers may take any responsive actions they deem appropriate. These actions include, but are not limited to, temporary or permanent removal of content, cancellation of newsgroup posts, filtering of Internet transmissions, and the immediate suspension or termination of all or any portion of the Service. Neither Comcast nor its affiliates, suppliers, or agents will have any liability for any these responsive actions. These actions are not Comcast's exclusive remedies and Comcast may take any other legal or technical action it deems appropriate.
Everybody here who has Comcast service agreed to these provisions when they signed up.
-Eric
Comcast is also sending forged packets to parties who do not have Comcast as an ISP and who did not agree to the Comcast service agreement.
reply
dfxmatt @ 11th Sep 02:54PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI have spoken to EFF, and received their okay to re-post the email I got from them. I showed them this thread, the news thread on dslreports.com, and also the news sites talking about the illegal nature of things. Filtering is one thing, but this is more along the nature of false impersonation/fraud. We agree to filtering, they can DO that (aka block bittorrent completely). Simply blocking upload I would assume they can do as well. But saying "I am dfxmatt, I reset this connection", and also saying "I am the person dfxmatt is uploading to, I reset my connection to dfxmatt", is impersonation and illegal.
This was what the EFF said to me verbatim:
Hi Matthew,
Thanks for contacting EFF. My name is Richard and I am the referral
coordinator for the Electronic Frontier Foundation. We're certainly
keeping an eye on this issue. At this point, we've noted that on the
non-technical front, Comcast has denied that BitTorrent is being
blocked, but we're certainly looking further into the technical aspects
of the issue. Your links should help give us some additional context to
what we're investigating.
If we do discover something significant or unique, we will likely make a
post about it on the Deep Link portion of our site. You can stay tuned
there for news if we find anything. Thanks again for letting us know
some additional information about the Comcast issue.
Regards,
Richard
(signature truncated/removed to prevent bot-spam).
reply
espaeth @ 11th Sep 03:27PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by kcblack :
As far as ownership of IP space goes...Comcast doesn't even own the IP space they use, so thats sort of an moot point.
Validation of netblock ownership through ARIN is one of the requirements for having your address range permitted to be advertised into a carrier network.
The argument on packet manipulation being fraud is extremely weak; these are actions being taken to mitigate "abusive" traffic using standard constructs of the TCP protocol. For P2P you originate the connection to the tracker and then the machines deal with brokering the data flow connections. The connections being shutdown are created without direct human intervention. Splitting hairs? Perhaps, but not more than the premise of the argument. Inserting reset packets to restrict "abusive" traffic is no less dishonest than a NAT gateway performing packet manipulation to create the appearance of an entire network originating from a single IP.
Using the argument of "Linux Distributions" as a justification of P2P use is also ill conceived. There are more HTTP / FTP mirrors for Linux distributions than just about any other software out there. P2P is *a* mechanism for distributing content, not *the* mechanism.
Residential broadband networks are based around massive oversubscription and the concept that there will be a sufficient number of people using small amounts of bandwidth that a few "power users" can be tolerated. P2P as a protocol is designed to make use of "idle network capacity" to promote the distribution of content. These are violent opposites; you can't maintain the broadband network design and subscription pricing model if your number of end users saturating links grows sufficiently large.
There's only a few possible actions to take in dealing with the growing burden of P2P traffic:
1) Reduce access speeds
2) Publish and enforce low usage caps
3) Raise prices to grow the network / reduce oversubscription
4) Deploy mitigation techniques to control "problem" traffic, leaving 95+% of your consumer base completely unaffected.
Some of those options affect the entire customer base, some of them only affect those causing problems. If it were up to the entire subscriber base of 10 million Comcast broadband Internet subscribers, I think it would be clear how they'd vote.
I think to win the PR battle on this all Comcast would have to do is submit a list of filenames to the press that they are using Sandvine to mitigate distribution. Sure, P2P options like BitTorrent can certainly be used to distribute legal content... but the overwhelming majority of the use is DMCA fodder.
said by ajax25 :
Comcast is also sending forged packets to parties who do not have Comcast as an ISP and who did not agree to the Comcast service agreement.
It's still Comcast's IP space in that conversation. If you want to make that argument that also means we'll have to go after the satellite Internet providers, because they spoof TCP ACKs on their terrestrial network connection to allow their subscribers to overcome the hurdle of 800ms round-trip latency via satellite. Without ACK spoofing you would never get TCP flows of more than a few KB/sec over satellite Internet.
-Eric
reply
ztmike @ 11th Sep 03:27PM:Re: Comcast is using Sandvine to manage P2P ConnectionsBest bet would probably be for someone to contact the DOJ
»
www.usdoj.gov/"There's only a few possible actions to take in dealing with the growing burden of P2P traffic:
1) Reduce access speeds
2) Publish and enforce low usage caps
3) Raise prices to grow the network / reduce oversubscription
4) Deploy mitigation techniques to control "problem" traffic, leaving 95% of your consumer base completely unaffected."
And Comcast does every single one of those. besides publish the cap rate.
If im not mistaken..Comcast has reported record growth as far as income goes. So there is no way they can't add on more nodes or whatever you have to do..
reply
kcblack @ 11th Sep 03:52PM:Re: Comcast is using Sandvine to manage P2P ConnectionsThere's a big difference between spoofing packets to facilitate communication and spoofing packets to hinder communication which is the gist of the ECPA violation in my opinion...again, if they were not making any profit and the business was being run into the ground by their network being saturated with P2P traffic then I'd be on their side...if fact most of their models are based on you not using your share of the node and when you do by watching videos or downloading linux distros or watching joost or any other legitmate use of the bandwidth you pay for, you are now the bad guy. Thats why I think network neutrality is so important. Comcast or anyone shouldn't have the right to say what you want to do with your bandwidth. As long as you aren't breaking any laws, then tough. There are things that they can do to mitigate the load by storing popular content within their network to cut down on traffic going outside their network...
Its sort of like an all you can eat food place. You either are or you aren't. If you advertise as all you can eat, then you have to make sure you live up to that advertising and provide the service you promise without all the asterisks and fine print. Its like the airlines too....they overbook and count on a certain percentage of people not making the flight. If they overbook, they have to pay for it.
I imagine that their will be legal action and class action law suits. I hope the customers win and comcast has to provide the service that they advertise. They are doing it to make MORE profit by not having to invest in the infrastructure to support what they sell.
Kevin
--
"Because we’ve invested over $4 billion in building our MegaBand network so you can enjoy the internet the way it was intended to be – fast and uncapped." (RCN marketing Promo)reply
espaeth @ 11th Sep 06:16PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by kcblack :
There's a big difference between spoofing packets to facilitate communication and spoofing packets to hinder communication which is the gist of the ECPA violation in my opinion...
Spoofing is either fraud or it's not, you can't have it both ways. "Spoofing is fraud, except when I benefit from it" is not a valid legal argument.
said by kcblack :
again, if they were not making any profit and the business was being run into the ground by their network being saturated with P2P traffic then I'd be on their side...if fact most of their models are based on you not using your share of the node and when you do by watching videos or downloading linux distros or watching joost or any other legitmate use of the bandwidth you pay for, you are now the bad guy. There are things that they can do to mitigate the load by storing popular content within their network to cut down on traffic going outside their network...
I honestly think if you were limited to bandwidth you could consume while your butt was planted in a chair in front of the computer the scales would be a lot more even. It's not a matter of fair use, it's a problem of people using 1000+% more than what the average consumer does. That they have to keep churning out DMCA notices probably isn't helping things. It doesn't take long before someone at the top takes notice and starts asking why they even allow that traffic to begin with.
Bringing content into the network is a great idea; too bad that concept doesn't work with P2P or in particular the content being fetched. I'm sure people would love it if Comcast would host Telesync screeners, DVDs, and warez though.
said by kcblack :
I imagine that their will be legal action and class action law suits. I hope the customers win and comcast has to provide the service that they advertise. They are doing it to make MORE profit by not having to invest in the infrastructure to support what they sell.
The consumer never wins in class action law suits. The company loses, the consumer gets meager compensation (I didn't even claim my $0.55 from the Micron lawsuit), and the lawyers make a killing. Assuming the impossible happens and a class action lawsuit is won, Comcast still has the problem of oversubscription and will be forced to cut service or raise prices, punishing the entire customer base for the actions of a few.
-Eric
Edit: just fixing a spelling error I sawreply
espaeth @ 11th Sep 06:31PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by ztmike :
"There's only a few possible actions to take in dealing with the growing burden of P2P traffic:
1) Reduce access speeds
2) Publish and enforce low usage caps
3) Raise prices to grow the network / reduce oversubscription
4) Deploy mitigation techniques to control "problem" traffic, leaving 95% of your consumer base completely unaffected."
And Comcast does every single one of those. besides publish the cap rate.
I just updated my Comcast review from 2004 and went back to look at the bills. I'm paying the same price now as I did in 2003/2004, I went from 4/384 to 8/768, and I get powerboost where I regularly see 20+mbit on downloads. If you factor in inflation that means you are really paying less while provisioned bandwidth went up.
I agree reality doesn't help you make your argument though.
-Eric
reply
NormanS @ 11th Sep 06:45PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by kcblack :
Its sort of like an all you can eat food place. You either are or you aren't. If you advertise as all you can eat, then you have to make sure you live up to that advertising and provide the service you promise without all the asterisks and fine print.
You can cite case law that no asterisks and fine print are allowed?
I imagine that their will be legal action and class action law suits. I hope the customers win and comcast has to provide the service that they advertise.
Or maybe they will advertise the service that they provide?
They are doing it to make MORE profit by not having to invest in the infrastructure to support what they sell.
They are selling a fast connection to the Internet. They are not selling "all you can download" Internet. They aren't even advertising it, that I can tell.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
ztmike @ 11th Sep 06:46PM:Re: Comcast is using Sandvine to manage P2P ConnectionsOk..well look at the price of the Blast tier, then come back to me.
reply
rody_44 @ 11th Sep 08:40PM:Re: Comcast is using Sandvine to manage P2P Connections i just wanted to chime in and say good job comcast. i dont want p2p users slowing my connection.
reply
jig @ 11th Sep 09:21PM:Re: Comcast is using Sandvine to manage P2P Connectionsbut if you don't use p2p, then all you need is dialup, right?
(oh, forgot, windows updates)
reply
hobgoblin @ 11th Sep 09:53PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by jig :
but if you don't use p2p, then all you need is dialup, right?
(oh, forgot, windows updates)
Fortunately the world does NOT revolve around p2p. There are many uses for a high speed connection that do not revolve around downloading and uploading other peoples work.
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
funchords @ 11th Sep 09:54PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by espaeth :
Perhaps, but not more than the premise of the argument. Inserting reset packets to restrict "abusive" traffic is no less dishonest than a NAT gateway performing packet manipulation to create the appearance of an entire network originating from a single IP.
No, no, no. These are two different things, entirely.
NAT is described by nearly a dozen RFCs. Changing a private IP address to a Public IP is THE ACCEPTED STANDARD by which private and public internet traffic meet. Network Address Translation and Application Layer Gateways/Relays are described in major RFCs such as RFC 1918 and 1631.
In hundreds of messages on this subject, I've seen less that 5 that think a man-in-the-middle attack using forged/injected RST flag is the appropriate way for a carrier to behave. In other words, it is NOT STANDARD and NOT ACCEPTED.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
Roundboy @ 11th Sep 10:27PM:Re: Comcast is using Sandvine to manage P2P ConnectionsI came from RCN, and while they had attempts at stoppin bittorrent traffic, they took a much more balanced approach..
While you were downloading, you had 100% of your upload speed available..
If you were not pulling down anything on bittorrent ports, your upload was throttled to a percentage of your total upload FOR BITTORRENT only. I forget the number, lets just say 50%
You took longer to meet ratios, but it freed bandwidth. Much better solution then forging packets.
reply
espaeth @ 11th Sep 11:12PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by funchords :
No, no, no. These are two different things, entirely.
I wasn't trying to equate them in a technical sense. Most people didn't care about NAT until they figured out they could skirt the "one computer" policy that was previously common with broadband providers. Cable customers played with packet manipulation (albeit a very different form) to their advantage before, now the cable companies are leveraging stupid TCP tricks to serve their agenda.
said by funchords :
In hundreds of messages on this subject, I've seen less that 5 that think a man-in-the-middle attack using forged/injected RST flag is the appropriate way for a carrier to behave. In other words, it is NOT STANDARD and NOT ACCEPTED.
It's adhering to RFC793 which set out the definition of TCP in 1981; you see a RST you have to shut down the connection.
I would agree that it's not the way for a
carrier to behave, but I suspect when it comes to Comcast that's where you and I will disagree. Comcast is a residential broadband provider and not a full fledged carrier; the governance of operations is completely different. They're packaging a connection that isn't what you would get from a true carrier; it's a private network that has upstream Internet carrier connectivity. The oversubscription is higher, the ToS/AUP isn't as flexible, but in return you also pay significantly less than you would for a real carrier circuit.
Reset injection is not something all that flashy and new; our 8E6 content filters have been doing this for a couple years now. The key benefits from a network infrastructure standpoint are huge: less devices in-path and simpler firewall rules. While I agree that filtering is a cleaner solution, it's not always the most practical to implement. With the 8E6 filters I can have a simple Checkpoint firewall cluster sitting behind an Internet router with a very simple/easy-to-manage ruleset. Not having to worry about the complexity of a full content filtering ruleset makes life much easier for ongoing firewall management, not to mention the 8E6 can be have signatures updated throughout the day without incurring some of the nasty issues that can result during firewall rule updates. For client traffic filtering I just setup a span session from the Internet router to the 8e6 and it watches for URLs and sends resets on inappropriate content fetches. It stops the connection and I don't have to have another point of failure in my connection path.
Since we're back to talking technical details -- what do you propose for a better solution? Most of the filtering that Comcast does today happens at the cable modem, so the port 137-139 blocks, and the port 25 block if they put it in place happens well before things get upstream. With the dynamic ports used by BitTorrent clearly that isn't a solution.
Even throttling is tricky in that you'd need to identify the traffic so it can be queued appropriately. That means that some device in path would need to be able to recognize P2P traffic and mark the packets appropriately so that the packets could be filtered into the correct throttled queue. That means they can try to make this happen on their existing routing platforms if thats even possible, or they can introduce another box in-line to do the classification and inject another point of failure into the system. Even if they do this they'd have to deal with a significantly more complex queue structure than they have now.
I think if there were easy answers to this problem we wouldn't be 20+ pages into this thread.
-Eric
reply
koitsu @ 12th Sep 12:35AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by espaeth :
Even throttling is tricky in that you'd need to identify the traffic so it can be queued appropriately. That means that some device in path would need to be able to recognize P2P traffic and mark the packets appropriately so that the packets could be filtered into the correct throttled queue.
This is
specifically one of the things Sandvine does -- deep packet inspection. The issue described here happens no matter what source or destination TCP port # is used (on either end).
It looks as if Sandvine is analysing established TCP sessions, looking for specific signature bytes (you touched base on this, re: your 8E6). I'm also under the impression that they look for signature bytes in the response packet. Upon matches in both cases (since the inspector is now aware of the TCP state on both ends), injects RST both directions (to the peer/client and the seed/server). That's
been confirmed by funchords.
So, based on the methodology they're using for packet analysis, I would say that throttling/rate-limiting would be quite possible. But instead they opted for man-in-the-middle packet injection, which of course, really pisses me off. :)
Edit: Clarification on port #sreply
espaeth @ 12th Sep 12:49AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by koitsu :
So, based on the methodology they're using for packet analysis, I would say that throttling/rate-limiting would be quite possible. But instead they opted for man-in-the-middle packet injection, which of course, really pisses me off.
Sure it's possible, but only if the Sandvine box is directly in-line of the conversation path so that it can touch/mark the packets. By doing the reset injection the Sandvine box doesn't have to physically reside in the middle of the communication path, it just needs a span session directed to it so it can see copies of what traffic is flowing through the router and it can issue the resets completely out of band. If the Sandvine box kacks it won't take out the network, only P2P throttling will be broken.
-Eric
reply
koitsu @ 12th Sep 12:54AM:Re: Comcast is using Sandvine to manage P2P ConnectionsThat's very true, and something I didn't consider. You're quite right -- rate-limiting would require the Sandvine unit to be sitting in the middle of the network path.
reply
koma3504 @ 12th Sep 02:28AM:Re: Comcast is using Sandvine to manage P2P ConnectionsHmm Glad i ran accros this thread it goes right along what i have noticed and posted over here.
»
netmeetingreply
NormanS @ 12th Sep 03:26AM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by jig :
but if you don't use p2p, then all you need is dialup, right?
High Speed Internet is useful for a number of activities other than P2P. I was using HSI for two, or three years before I found BitTorrent fansub anime downloads; and I was a latecomer to the HSI party.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drumreply
deblin @ 12th Sep 10:37AM:Re: Comcast is using Sandvine to manage P2P ConnectionsInteresting, I am not on Comcast, but I believe I just inadvertently found evidence of this Sandvine behavior. I was debugging my firewall rules and I saw this packet get dropped:
44. 715536 rule 11/0(match): block in on em0: 69.252.A.B.36881 > 71.162.C.D.6900: R 1765380375:1765380375(0) win 0
This is during an active torrent download, and I've verified with sockstat that I have an established connection with this host. Note the
R there. My firewall dropped this packet, I guess somehow pf knows this RST packet was not part of the existing established connection. I'm a bit rusty on TCP/IP, but doesn't the RST packet need to honor the existing TCP sequence numbers? If not, it appears as though Sandvine is just sending an RST without a valid TCP sequence number. So smart firewalls should ignore these. If more people ran firewalls that were "smart", it would minimize the effect on you Comcast folks I think. :)
--
"The Dude abides."reply
dfxmatt @ 12th Sep 12:02PM:Re: Comcast is using Sandvine to manage P2P Connectionsthere are also legitimate uses to P2P
at colleges for example people share things with eachother, this can be scientific data or legitimate classwork that is shared via torrent. Are you going to say the "some torrents can be used badly, therefore all torrents are bad" argument?
The world does revolve around P2P in one form or another. Bittorrent, limewire, kazaa, bearshare, these are just false excuses to label the network bad. What about the artists that wish to distribute free music over said networks? Should they be equally burdened with the "torrents can be used badly, all torrents are bad" argument as well?
reply
dfxmatt @ 12th Sep 12:03PM:Re: Comcast is using Sandvine to manage P2P Connectionsre: RCN 50% upload
this I would actually find wholly acceptable, in fact I'd actually appreciate it (it would save me from having to do QOS/bandwith limiting myself)
reply
espaeth @ 12th Sep 05:07PM:Re: Comcast is using Sandvine to manage P2P ConnectionsDouble post.
reply
espaeth @ 12th Sep 05:14PM:Re: Comcast is using Sandvine to manage P2P ConnectionsNevermind. Misread and responded incorrectly.
reply
Roundboy @ 12th Sep 07:01PM:Re: Comcast is using Sandvine to manage P2P Connectionsit worked out pretty well for me... it didn't take long to seed a good ratio at all...
reply
dfxmatt @ 12th Sep 10:38PM:Re: Comcast is using Sandvine to manage P2P Connectionsyes but were they comcast members?
how many were dropped about 15secs after connection?
reply
funchords @ 12th Sep 10:53PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by espaeth :
Reset injection is not something all that flashy and new; our 8E6 content filters have been doing this for a couple years now.
Then you're a bad player, stop doing that! -- There are solutions. Read this informative RFC:
RFC 3360: Inappropriate TCP Resets Considered HarmfulRST abuse is relatively new. The author of that RFC was talking about this:
said by »list.nfr.com/pipermail/firewall-···672.html :
Of 24,000 or so web servers that we tested as part of the TBIT project, only 300 or so were behind firewalls that send TCP resets in this case, so clearly most of the world seems to be maintaining reasonably adequate security without sending TCP Resets in this case.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
funchords @ 12th Sep 11:15PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by espaeth :
Since we're back to talking technical details -- what do you propose for a better solution?
Well, let's get one thing perfectly straight: the RST forgery/injection is wrong and must be stopped -- even if there is no other solution to replace it.
But there are solutions:
- Be public about the problem, and enlist the customers' assistance in solving it. "This is a shared service and heavy uploading by one or two customers impacts the entire neighborhood." That's not hard to say -- Wireless ISPs and Satellite ISPs make this fact very clear to their customers.
The reason they're not being public about the problem is because they have to compete with DSL and FIOS, which balances a lot more bandwidth across a much larger field of customers. As a result, DSL/FIOS can tolerate a larger percentage of heavy uploaders before their other customers begin to be affected.
- Those that do not cooperatively manage their usage can be put in a penalty box, like the port 25 issue is handled on Comcast. If the account is uploading at a sustained rate over 60%-80% of his tier for two hours, then limit the account to an upload of 128 kbps and send an e-mail to account holder. The account holder gets a Computer-Based Training lesson about about "fair use" of a "shared connection," clicks a link, and he is restored to full service by noon the next day.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
hobgoblin @ 12th Sep 11:24PM:Re: Comcast is using Sandvine to manage P2P Connections"Those that do not cooperatively manage their usage can be put in a penalty box, like the port 25 issue is handled on Comcast. If the account is uploading at a sustained rate over 60%-80% of his tier for two hours, then limit the account to an upload of 128 kbps and send an e-mail to account holder. The account holder gets a Computer-Based Training lesson about about "fair use" of a "shared connection," clicks a link, and he is restored to full service by noon the next day."
Then we can have a 20 page thread about that eh?
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
reply
funchords @ 12th Sep 11:25PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by deblin :
44. 715536 rule 11/0(match): block in on em0: 69.252.A.B.36881 > 71.162.C.D.6900: R 1765380375:1765380375(0) win 0
This is during an active torrent download, and I've verified with sockstat that I have an established connection with this host. Note the R there. My firewall dropped this packet, I guess somehow pf knows this RST packet was not part of the existing established connection. I'm a bit rusty on TCP/IP, but doesn't the RST packet need to honor the existing TCP sequence numbers? If not, it appears as though Sandvine is just sending an RST without a valid TCP sequence number.
Sandvine determines and then forges in the correct sequence number, so that wasn't Sandvine. Stateful firewalls often generate a lot of unnecessary RST responses to the closing of a previous connection. (They RST the last FIN,ACK of a 3-way handshake, for example.) We would have to see more about that packet in the context of a conversation before we could say for sure why it happened.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
funchords @ 12th Sep 11:28PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by hobgoblin :
Then we can have a 20 page thread about that eh?
Yeah, exactly! :) This one, probably: »
Comcast Bandwidth Abuse/Limits - Discuss here onlyreply
deblin @ 12th Sep 11:28PM:Re: Comcast is using Sandvine to manage P2P ConnectionsUnderstood, but in watching the traffic for a good half hour on a busy torrent, that was the only RST packet I saw destined for the port I was running rtorrent on. Could just be coincidence, but that it was a Comcast IP made me think of this thread.
--
"The Dude abides."reply
funchords @ 12th Sep 11:32PM:Re: Comcast is using Sandvine to manage P2P Connectionssaid by deblin :
Understood, but in watching the traffic for a good half hour on a busy torrent, that was the only RST packet I saw destined for the port I was running rtorrent on. Could just be coincidence, but that it was a Comcast IP made me think of this thread.
With apologies, I have to retract. It could be Sandvine. I almost always get 2 RST packets from Sandvine -- one that has the right Sequence Number (which does tear down the connect), followed by one that has a Sequence number that is completely strange.
If your firewall does track sequence numbers, it would have passed the first one through and rejected the second one.
My apologies -- it's definitely possible that was a Sandvine RST.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.reply
deblin @ 12th Sep 11:49PM:Re: Comcast is using Sandvine to manage P2P ConnectionsNo worries, you could be absolutely right, it certainly could have been a coincidence :) Just thought it funny...happened to see the R, and thought "hmm, I wonder..." and sure enough it was a GA Comcast address.
--
"The Dude abides."reply
espaeth @ 13th Sep 09:10AM:Re: Comcast is using Sandvine to manage P2P ConnectionsThat RFC has very little to do with this discussion. It was drafted largely in response to packets with non-zero reserved bits in the TCP header being rejected by firewalls. Specifically he was concerned with firewalls blocking traffic with hosts that decided to try to implement explicit congestion notification. He did include commentary stating
"We would recommend that the TCP reset not be used as a congestion control mechanism, because this overloads the semantics of the reset message, and inevitably leads to more aggressive behavior from TCP implementations in response to a reset. We would suggest that simply dropping the SYN packet is the most effective response to congestion. The TCP sender will retransmit the SYN packet, using the default value for the Retransmission Timeout (RTO), backing-off the retransmit timer after each retransmit."
There's a bit of an issue with that statement; the goal of Sandvine is to shut down connections, not throttle them. For Sandvine to work transparently it should seem like the host port is closed for connections, and the standard TCP/IP stack response to closed ports is to send a reset! Everybody seems to forget this because nearly everything (including Windows) comes with a firewall these days with a Draconian ruleset that still seems to foster the idea that obscurity has some relation to security. Disable your windows firewall or flush IPtables and try to connect to a closed port -- you'll get a nice RST back indicating the port is not available. From a debugging standpoint this is what you want to see -- some response that will help you determine why things aren't working.
The RFC author's main concern was that TCP implementations would get more aggressive in response to RST packets and start spewing SYNs (he cited the example of a stack that generated 4 connection attempts even after receiving RST responses). It's 5 years later now, and there's no indication that was really a valid concern.
It's important to keep in mind that all RFCs are not standards in and of themselves. Some do gain general acceptance as standards, but anyone can bring forth a document for review. You have to look at RFCs like 1149 or 968 to see that pretty much anyone can submit an RFC about anything, and it doesn't necessarily mean it's right.
said by funchords :said by espaeth :
Since we're back to talking technical details -- what do you propose for a better solution?
Well, let's get one thing perfectly straight: the RST forgery/injection is wrong and must be stopped -- even if there is no other solution to replace it.
Is it mean? Sure. Is it tricky? Absolutely. Is it
wrong? It depends on how you define wrong. We're talking about using valid TCP constructs to initiate the shutdown of a connection.
If Comcast were a carrier this would be a different discussion, but they're not. Carriers don't have to worry about things like DMCA notices because the responsibility for mitigation falls on the networks that represent the endpoints of the conversation. Comcast doesn't have that same luxury, as they are often one of those end-point networks. This
Comcast is using Sandvine to manage P2P Connections
