Comcast Blocks Web Browsing

An anonymous reader writes "A team of researchers have found that Comcast has quietly rolled out a new traffic-shaping method, which is interfering with web browsers in addition to p2p traffic. The smoking gun that documents this behavior are network traces collected from Comcast subscribers Internet connections. This evidence shows Comcast is forging packets and blocking connection attempts from web browsers. One has to hope this isn't the congestion management system they are touting as no longer targeting BitTorrent, which they are deploying in reaction to the recent FCC investigations."

Throttling

[CRCulver (715279)]

Throttling wouldn't be so bad if you could just opt out of it. The ISP providing my home Internet connection throttles your performance by default, but if you visit one their website, you can change the settings to unthrottled, and then upload and download gigabytes and gigabytes of music and films each both with no problem. The ISP figures most people aren't going to bother changing their settings, but the people who really love file-sharing are still free to do so.

Re:Throttling

[porcupine8 (816071)]

On my service provider's homepage, it takes a half an hour for me to just find the place to pay my bill, and it moves every couple of months. If such an option is available, I doubt anyone has ever actually found it to activate it! (Luckily, I don't have comcast, and am in a rare area with two cable providers, the OTHER of which is comcast, so I'm hoping RCN won't pull this crap because they actually could lose customers and are already second-place.)

Re:Throttling

[by Anonymous Coward]

Why should you or anyone opt out? If they can't give you the bandwidth they promise you in your contract - they shouldn't have advertised it as such in the first place.

Comcast: we hate our customers

[Presto Vivace (882157)]

Does Comcast have a death wish? It sounds like something out of Dilbert.

Re:Comcast: we hate our customers

[dkleinsc (563838)]

Does Comcast have a death wish?

No, they have a monopoly and friendly government regulators.

Re:Comcast: we hate our customers

[scorp1us (235526)]

It is really not a death wish. Look at what is happening: Comcast is making the connection suck even more for p2p users, meaning that they will defect and become someone else's problem. This then puts strain on the other provider, and leaves Comcast with a light-duty network. Look, p2p users, Comcast doesn't want you. They don't want your business. I have a theory on why they are taking a hard-line (npi) approach... It is interesting to note that the shared trunk infrastructure used by Comcast is extremely sensitive to overloading, and the best example of this is p2p applications, because a few users can tie up the whole trunk. You are basically using a broadcast medium, rather than a switched medium. The numbers of non-p2p users at present (as estimated by Comcast's actions) would seem to suggest that it is much more valuable for them to have the offenders leave rather than be customers. There is probably a factor of 1 p2p user for every 10 users. If it takes 10 p2p users to tie up a trunk, then these p2p users are worth 9 subscribers each (100-10=90)

It makes sense to me.

Re:Comcast: we hate our customers

[Frank T. Lofaro Jr. (142215)]

I have no problem with tiered pricing. Today it's often based on speed, but I what would be better is service level based on some packet metric. When I eat at a cheap buffet I don't mind that the food isn't at 4 star quality levels.

Would you mind that certain more costly foods at the buffet were laced with a chemical that would make you barf if you ate more of them than the buffet owner wanted you to eat, yet this was never disclosed and they said it was an all you can eat buffet - and then when called out on it they actually tried to defend it?

That is a better analogy.

Also, if you eat more than 100 items of food there in a month, you get banned for a year the first time, and banned for life the next time. That is like their "secret" 100 GB/month limit.

Use DSL, at least they actually get the bandwidth they advertise. Where I'm at, Embarq has always given at least the promised speed, and none of the crap some of the cable companies have been pulling.

Re:Comcast: we hate our customers

[Em Adespoton (792954)]

Contrary to popular belief, internet service providers don't have common carrier status. Only Voice-over-POTS has common carrier status. If Verizon handles your voice and DSL, they only have common carrier on the voice... and only if they're not using FiOS. VoIP doesn't have common carrier protection either (at the IP level).

Re:Throttling

[value_added (719364)]

Throttling wouldn't be so bad if you could just opt out of it.

Indeed. If we were talking about throttling.

Which we're not.

If the article didn't make that clear, this wiki link [wikipedia.org] might help.

Re:Throttling

[JustinOpinion (1246824)]

The ISP providing my home Internet connection throttles your performance by default, but if you visit one their website, you can change the settings to unthrottled

Wow... so you have to explicitly opt-in to receive the service that you paid for? You have to know about this throttling, visit a specific page, and flip a switch, in order to get non-degraded service. Is that even legal?

The fact that ISPs are doing this is scary. The fact that customers accept it is also scary.

The ISP figures most people aren't going to bother changing their settings, but the people who really love file-sharing are still free to do so.

Which seems kind of strange. The "problem users" are those savvy ones who transmit tons of data, who are the same ones who will probably change this setting. What's the point in throttling the non-savvy users who just do light web-browsing anyway?

You CAN opt out

[by Anonymous Coward]

Just use gopher.

FIOS availability

[BenEnglishAtHome (449670)]

Fios will be in my town by June,

How did you discover the FIOS rollout schedule for your location? I'm contemplating moving my household and I would definitely use the current/future availability of FIOS to help me choose my destination. However, I can't figure out where to look to find a map that says "This is where you can get it, this is where you can get it in 6 months, and this is where you're out of luck."

So how did you figure this out?

Re:FIOS availability

[sYkSh0n3 (722238)]

Sound like me. My housing arrangements have been based around broadband availability since i moved out on my own. I probably have it as a slightly higher priority than is reasonable though.

"Oh, I can get 50MB/s broadband here? Of course I'd love to live under this bridge...on the train tracks....next to the paper mill...downwind of the sewage treatment plant."

Re:FIOS availability

[by Anonymous Coward]

http://www.dslreports.com/gmaps [dslreports.com]

See the mash-ups menu for some FIOS info.

Re:FIOS availability

[ciscoguy01 (635963)]

In Orange County, CA there are literally hundreds of boxes with AT&T on them being installed on the sides of streets. They are working on them continuously. I assume that is FIOS going in, and they are really working hard, it's *everywhere*.

After the way AT&T whined about the condition of their copper plant and how they couldn't give us DSL during the DSL rollout (because they were too cheap to fix it), this is a giant change. It may have to do with the UVERSE TV rollout I have been getting bill inserts about.

Course since it IS AT&T it will probably have too many problems and gotchas, and I will likely be trapped on DSL for the time being, since I have a grandfathered static IP.

Re:FIOS availability

[It doesn't come easy (695416)]

Unfortunately, AT&T's "version" of FIOS isn't truly FIOS. They take fiber to the boxes you see them working on but from there to your house it is still the old copper. The result is essentially the same internet speed you see now. They may be able to essentially double the practical speed but there's no way they will ever be able to get to Verizon's 20mbps symmetrical service. And I also heard that AT&T will be reserving most of the added capacity for their HDTV channels (their technology sends up to 3 HDTV channels down the wire to your house at any given time -- and even then they have to reduce the quality in order to get three channels over the copper -- it also means you will not be able to watch/record more than three channels at the same time at any given time -- might be somehwat of a limit for large households). There's lots of technical details around AT&T's approach verses Verizon but sad to say AT&T's version is already obsolete and they haven't even gotten it out the door.

Re:Throttling

[noc007 (633443)]

No offense to you, but much offense intended towards all telcos, they shouldn't have squandered the $200,000,000,000 they made from the 1996 Telecommunications Act that was intended to bring FTTH. Be livid; Google one of the following:
"$200 billion" telecommunications scandal
"$200 billion" telecommunications rip-off

Re:Throttling

[danielsfca2 (696792)]

Thank you for pointing that out.

They love to moan (especially ATT) about how they can't afford fiber, when the truth is they are too busy rubbing our billions of tax dollars all over their fat sweaty bodies.

"We already got paid, why should we invest in infrastructure?"

We need either a carrot or a stick for the telcos in this damn country. The carrot would have been making them ACTUALLY DO FTTH before giving them a big fat check. The stick would be forcing them to make good on it now or else face criminal charges of defrauding the US public, and/or fining them $200Bn.

Instead, we've chosen neither--to let them do whatever the hell they want, forever, with no consequences.

Re:Throttling

[electrictroy (912290)]

I love to hate on Corporations as much as the next guy, but there is such a thing as "truth" and integrity. The Telcos were not given $200 billion of taxpayer dollars. They were given tax breaks which allowed them to keep more of their money (in the same way I was given a ~$6000 standard deduction, which let me keep more of MY money).

They did not just sit on the money. They reinvested it in upgrades of other services such as:

- Rewiring analog lines with digital lines (cleaner phone calls/faster internet)
- Improving cell phone communications by upgrading to a digital network.
- Providing upgrades to DSL over standard lines.
- Not declaring bankruptcy during the 2000 dot-com collapse, because they had cash reserves to save them.

So the $200 billion was the *corporation's* money, not taxpayer money, and it was spent to upgrade many of the things we take for granted today (clean digital calls, ubiquitous cell availability, and high-speed DSL to the home). In my own area, I've seen my internet increase from 24 kbit/s on dirty analog lines to 53k on clean digital lines. I've seen cellphone costs drop from $60 a month to $5 a month so that even I can afford it, and in just the last few months, I got 3000k internet.

It would be dishonest of me to sit here and say the corporations have not done a damn thing since 1996.

I would be lying.

Re:Throttling

[timeOday (582209)]

The Telcos were not given $200 billion of taxpayer dollars. They were given tax breaks which allowed them to keep more of their money (in the same way I was given a ~$6000 standard deduction, which let me keep more of MY money).

A better analogy would be somebody who claims tax exemptions for children they don't have, or claims $20K of income when they actually made $100K. If they made a deal for the $200BN, and they welched on it and kept the money, that is a ripoff!!

People are so easily lead by spin! Remember when a few of the Katrina victims used their govt-issued debit cards for nonessentials and everybody freaked? Now the whole country is receiving a cash windfall of borrowed money from the govt. and nobody cares, because it's a "tax rebate" of "your" money - even if you didn't pay that much tax in the first place, and even though govt. services are still being provided! "Freedom isn't free so I don't mind sacrificing other people's lives for it, just don't tax my capital gains or my inheritance windfall!!!"

Monopolies, regulation, competition, and an idea

[Skapare (16644)]

Of course these providers have improved their services. The problem is they have not improved them quite as well as they could have. And a lot of the ways they are "improving" them focues on ways to extract more money out of the customers, rather than providing a service that increases the value to customers. Would you expect any less of a business motived exclusively by revenue growth?

One big problem is that these companies are sitting on "gold mines" that were established for them (or for the company they bought out) through exclusive monopolies on the infrastructure. Although they invested in this infrastructure, they benefitted from government guarantees of an exclusive regulated monopoly. Now, with most of the regulation lifted, they are using this infrastructure they "inherited" to gouge customers (as opposed to supplying a regulated service that would be sufficient to pay back the investment). At the same time, they know competitors are basically unable to overbuild, not because of any exclusivity, but merely because it doesn't make sense to invest in another infrastructure (because the new builder would know they could at best get 50% of the customer base).

IMHO, the people have a "lien" in that infrastructure because of having guaranteed the exclusivity in the past. That "lien" should be exercised in the form of maintaining a level of regulation on the infrastructure that permits fair, equal, and neutral use, as well as pricing that is fair and does not gouge consumers.

It's bad enough that we have such a poor service from companies like several cable companies and many telephone companies in terms of how the internet layer services are rendered over the infrastructure. If we had fair access to the infrastructure by other providers of internet layer service, then competition would at least allow someone that does a better job to offer services, if not encourage others to do better to keep customers happy.

Long ago, AT&T was broken up between local service and long distance service because at the time it was seen that long distance would be better provided through competition. This was in fact correct and it did improve long distance through better offerings, better pricing, etc. But the split wasn't quite right in terms of today's needs. What we need today for telephone and cable service is a split that separates the ownership and management of the infrastructure, and the companies that can offer services over that infrastructure. We are already seeing this point of split taking place in many areas for electrical power service. In many areas, people can contract to get their electric power from any of a number of power providers (some that actually generate power, and some that merely buy it on the generation market). This has opened up options we would not have otherwise even seen, such as greener [greenmountainenergy.com] power preferences.

What I propose is that governments in all areas support (even financially) the development of an all new fiber based infrustructure. Instead of this being a branched fiber structure like Verizon FiOS [wikipedia.org], this infrastructure install a minimum of 4 fibers from each home (maybe more for businesses) all the way to a central office connection facility. This infrastructure, including the central office facilities, will be owned by the local government (or liened or otherwise regulated by it), and operated in a fully fair and neutral way. The home owner/renter can then acquire services from any company prepared to connect service to them through one or more of these fiber circuits. Legacy/incumbent providers of information/entertainment service like Comcast, and telco service like Verizon, can make use of this by being one of these providers. They would be able to offer any services they want through that fiber connection (which is plenty sufficient for a huge amount of service on just 1 of the 4 fibers). They could even choose to subcontract

Re:Throttling

[Fulcrum of Evil (560260)]

So the $200 billion was the *corporation's* money, not taxpayer money, and it was spent to upgrade

No, since it was a tax break, it was taxpayer money. The fact that it stayed in the corporation's bucket instead of making a trip to the feds nad back again is irrelevant.

It would be dishonest of me to sit here and say the corporations have not done a damn thing since 1996.

Mostly, they've consolidated their position and worked to make competition impractical, preferrably illegal. Screw them - build FTTH, revoke their last mile right of way, and make them rent the service like anyone else who wants to.

Are you serious?

[koh (124962)]

How come they still have customers? Are they a de facto monopoly? Where are the class action lawsuits and the antitrust regulations then?

Re:Are you serious?

[liquidpele (663430)]

Because the people are saving with their $99 for Internet/phone/cable deal!!!! Bundle and save today!!!!!!

Most people don't realize it's happening, and/or don't understand what articles like this even mean (but look at Brittany's pregnant sister!! OMG!)

Re:Are you serious?

[j_166 (1178463)]

"Are they a de facto monopoly?"

In my town they are. Oh, excuse me. They are "Franchised" by the township. Huge difference, apparently. Not in practice though.

Re:Are you serious?

[LoudNoiseElitist (1016584)]

I find it interesting that more people don't realize this. I'm tired of getting "USE SOMEONE ELSE" every time this issue comes up, and people simply do not realize that MANY smaller cities are literally stuck with Comcast until sometime towards the end of the second coming. It was great when it was the only way my city could even get cable 30 years ago, but now it's a mess, and Comcast is raping us for it.

Re:Are you serious?

[Yurka (468420)]

People who, when reading "forged packets", do not form a picture of counterfeit plastic bags in their heads are a small, albeit vocal minority. Comcast seems to have found the way to kick them off of its customer rolls by self-selection (the more /. stories stoking the outrage, the better), thereby only retaining the sheep. Good business plan, as I see it. Bully for them. The antitrust and legal issues can be sorted out, I would assume, by changing some verbiage in the customer agreement and allowing some sort of so-called oversight from the benevolent government.

How is this a bad thing?

[KingSkippus (799657)]

We synthetically generated TCP SYN packets at a rate of 100 SYN packets per second using the hping utility...In this section, we present our network traces that show the network behavior while the TCP SYN packets are being sent. All traces were collected during peak usage hours (7-9pm local time).

Okay, I'm not specifically a network engineer, but I like to think that I'm not network stupid. To me, this would sound suspiciously like someone trying to perform a denial of service attack.

Now, I can understand being irritated at forged packets coming back as a result, but at the same time, isn't it reasonable to expect Comcast to do something to shut down connections coming from this host? Frankly, I'm a little surprised that Comcast didn't shut off the connection altogether.

Am I missing something?

Re:Are you serious?

[quanticle (843097)]

Comcast, in many locations, is not just a de-facto monopoly, they are a de-jure monopoly. Comcast negotiates with municipalities to be the sole cable provider to community. The best situation in many of these cases is a duopoly between Comcast and the local Baby Bell. Often, for many regions, Comcast is the sole broadband provider, since the residents are too far away from the CO for DSL.

Re:Are you serious?

[Rakishi (759894)]

They're probably a government mandated monopoly in many places which isn't a horrible system per say. The problem is that the government is doing jack shit to uphold it's end of the bargain which is to keep comcast in check. A company given an artificial monopoly will abuse it, directly or indirectly, and if you give a company a monopoly then you better also take the effort to keep them in check.

I have heard, for example, that roadrunner in NYC needs to provide satisfactory service to customers due to it being a government created monopoly. Sure they won't mention this but I have heard of at least one person making enough noise (ie: contacting every politician within 50 miles, among other things) to have roadrunner cave in (well first they begged him to switch to dsl then they caved in).

Re:Are you serious?

[99BottlesOfBeerInMyF (813746)]

How come they still have customers?

Their service is terrible and unreliable and they treat their customers like shit. This makes them a slightly better option than the local phone company.

Are they a de facto monopoly?

No. They are part of a government enforced duopoly. In most locations in the US only three companies have the legal right to use the right of ways that allow them to connect a line to your house. These companies are given an exclusive contract in most cases. They are:

• The local power distribution monopoly. (Usually they stick to power but in a few cases they've started to roll out internet access over the power lines. The absurdity of such a plan speaks to how terrible the other options for internet in the U.S. are.
• The local Cable company - provides cable TV and has expanded to internet access and phone service. In many places they are the only option for high speed internet. Right now I'm paying about $50/month for internet access from them and it comes with "free" cable TV. Of course it isn't free. In fact, internet without cable TV costs $60/month from them.
• The local phone company - they have less coverage and the cheapest high speed DSL line I can get from them is $80 and comes with "free" local phone use. The phone company is the longest standing antitrust abuser and they treat all their customers like crap. Besides being more expensive they want you to give them all your personal information on a web form, just to see if they will provide service in your area. When I tried it, the Web form was broken and only worked in IE for Windows. Calling one the phone got me 20 minutes of muzac and then transferred to several people before anyone knew what DSL was.

In short, internet access options in most of the US sucks. We've already paid more per person in tax subsidies to the network providers than many other countries. Sweden, for example has slightly less population density and had a huge embezzling scandal in their national internet drive. They paid half as much per person as people in the US, have on average ten times faster connections, better uptime, and pay about half as much per month as US citizens.

The phone companies and the cable companies have lobbyists who legally bribe our politicians with campaign contributions. As a result, the good of the people isn't even considered. It is just a battle of whether a given law will give money to the cable company or the phone company. Either way citizens get the shaft.

Where are the class action lawsuits...

There are numerous ones making their slow progress through the courts, usually to end in a private settlement. One might actually go through sometime this decade, but the politicians has also been working on passing laws to grant retroactive immunity to network operators for malicious, illegal abuses under the guise of national security. There is little hope.

...and the antitrust regulations then?

The antitrust regulators are appointed by the executive branch. Both candidate's parties in the last two elections received huge donations from hundreds of private companies and for some reason antitrust regulators i the US show little or no interest in prosecuting even blatant antitrust abuses. (In the case of Microsoft, they had already been convicted and the new appointees, changed the punishment from being broken up, to a small fine and a pat on the back.)

Damn...

[Starturtle (1148659)]

...I wanted to have First Post but I had to find an available proxy to get through my ISP's traffic shaping technology

UK ISPs do this all the time

[by Anonymous Coward]

Eclipse in the UK, since taken over by Kingston Communications, will packet shape you so hard, that even if only downloading a linux iso from p2p at 33kbps,they will disrupt all your connections, such that web browsing becomes a pre broadband experience. Don't use p2p and all plays nice again.

so nothing new in this here in the UK

Thankyou Comcast.

[by Anonymous Coward]

When ISPs were just targetting the minority of users who use P2P (and then under the excuse of stopping piracy/ thinking of the children/ protecting us from terrrists) there would never be enough backlash from their users to stop this kind of abuse.

However if they start screwing with http, then suddenly every Joe Sixpack will be up in arms about traffic shaping, and maybe the pressure will be sufficient to actually bring about some change.

My sincere thanks, Comcast, for bringing this issue into the mainstream.

Let me be the first to say

[rmdir -r * (716956)]

NOT COMCASTIC

I'm not sure it's all bad...

[iceT (68610)]

Responding on behalf of hosts that don't (aren't supposed to) exist isn't necessarily a bad thing. It can save on the 45 second timeout for customers, and can help keep FW state tables smaller.

That being said.. spoofing addresses to return RST commands and etc. just SUCKS.

I wish DSL providers would improve their coverage. Many people don't have a choice of anything BUT Comcrap.

Read the featured article

[AndGodSed (968378)]

1. It is a darn good read. Concise, short and to the point.
2. They are using firefox.
3. The Slashdot headline is not completely accurate.

The /. headline had me thinking one thing - but reading the article clarified my one knee jerk reaction: "You cannot browse the web - at all!?"

Reading the article I got the idea that is not exactly the case...

Re:Read the featured article

[Lyrael (1196443)]

Ah, you must be new here. All *I* got from reading the /. headline was 'Comcast are evil, fire insults at will.'

Cancel

[Badbone (1159483)]

Im tired of Comcast pulling stunts like this too. So today I did something about it. I cancelled my Comcast service. Completely cancelled. And when I called to cancel, I let them know exactly why.

Granted, the person on the other end of the phone doesnt know or care about such issues as net neutrality. But she did ask why I was cancelling, and she did type in my response. So hopefully someone down the line will read it. But even if they dont, at least I know that my money will not be going to a company I despise.

Re:Cancel

[Mr. Underbridge (666784)]

Granted, the person on the other end of the phone doesnt know or care about such issues as net neutrality. But she did ask why I was cancelling, and she did type in my response. So hopefully someone down the line will read it.

Someone will probably read it. Here's your problem though - what she typed is probably something like this:

Reason for cancelling: Customer is a jackass

You can't bust through the customer service morass when you're dealing with people making $10/hour who have been strategically placed by their employer as a defense between you and anyone who could actually solve your problem.

They are still forging packets

[corsec67 (627446)]

The biggest objection to what Comcast was doing was that they were generating reset packets that didn't originate with either host.

Now, this article seems to say that they will generate reset packets for hosts that don't even exist on the internet. This may be a kind of throttling, but it is sill FORGERY, and shouldn't be allowed at all.

Did I call it or what?

[Ossifer (703813)]

To me it seemed rather obvious: http://slashdot.org/comments.pl?sid=501572&cid=22882416 [slashdot.org]

comcast charges for opting out

[poptart (145881)]

This is a bit off-topic, but it does have to do with comcast.

Last month I called comcast to tell them I did not want to be called, mailed, or emailed by them or any of their 'partners'. I called in response to a mailing from comcast that provided a phone number for opting out. FWIW, I have been receiving junk mail (post and electronic) from comcast encouraging me to get internet service from them, despite the fact that I have been a comcast internet customer since it was RCN.

Yesterday I received my monthly comcast bill, and on the bill was a $1.99 charge for "change of service". I called comcast, since I recalled making no changes to my service in the past decade. The telephone operator said "that charge is for when you called to opt-out of the comcast and partner mailings". She quickly followed with "we can remove that charge with a credit to your next statement".

Sigh.

$1.99 is not much, and almost not worth the time calling about it. But the attitudes and practices behind the fee are what get my goat.

Re:comcast charges for opting out

[Ossifer (703813)]

By the way, that $1.99 credit to your account constitutes a "change of service"...

I wonder...

[richardtallent (309050)]

I wonder what Comcast's network would look like if they spent as much money improving bandwidth as they apparently do "shaping" (damaging) the traffic already on their wires.

Isn't 100 syn packets a second a bit abnormal?

[InsaneGeek (175763)]

Sending 100 syn packets per second to an invalid internet address... that would seem like a big red someone stupid is trying (or testing) a DOS syn attack flag to any ISP worth their salt. They basically were trying to create 100 outbound connection attempts per second for an extended period of time, I would be more annoyed if the ISP didn't catch something like that, only need a few hosts to build up a nice syn attack and overrun someone's tcp stack.

The methodology looks suspect

[berashith (222128)]

please someone correct me, but this appears like comcast is knocking down SYN floods. If this is the case, it is a good thing. In fact, if they stopped all connections both ways to some tool who is slamming the network with a bunch of crap at peak time for a limited time on each offense, wouldn't that be a good thing ?

Local routers defend agaist DOS attack

[natoochtoniket (763630)]

We synthetically generated TCP SYN packets at a rate of 100 SYN packets per second using the hping utility ... The IP Time to Live (TTL) field for these forged TCP RST packets is consistently set to 255

So, when new connection requests are issued at the rate of 100 per second, the first router is resetting some of those requests.

The application is issuing new connection requests at a prodigious rate. The router determines that this is beyond the capacity for the router, or perhaps beyond some limit imposed on that router by the internal network. Or, perhaps, it is beyond a rate parameter that is used to detect DOS attacks.

When such a limit is exceeded, there are a few reasonable responses for the router to choose from: It can drop random packets; It can drop random SYN packets; it can drop packets from the attacking host; or it can NAK/RST some of those SYN packets. All of those are legitimate router responses. The reset packets are not "forged". They are legitimate responses in the protocol. The primitive operation is called a "provider disconnect indication".

I don't see any problem in the protocol here. And, I don't see any problem in the router behavior. The router is just protecting itself and the network from overload conditions. By selecting to disconnect calls from a host that is using far more resource than other hosts, it is just protecting the other hosts from a DOS attack by that first host.

The title of the summary should be "Local routers defend agaist DOS attack".

How to truly beat comcast.

[by Anonymous Coward]

I'm going to be an anonymous coward here because I don't want people emailing me and there is pending litigation that we have all but won. Waiting on settlement at this time.

We sued comcast. What? How? Eh?!?

Check your EULA that you signed when first getting service. If you are a business customer this REALLY affects you. Their "shaping" technology actually caused a shitload of false positives on a bunch of alarms. Our sent packets to security equipment wasn't always returned so we started to get a lot of "failure to connect". Well... a lot of what we manage are fall back systems that when they come online take over for other sites.

Well... these different locations of hardware were not able to communicate correctly because they were identified as P2P. We use encrypted packets of random data to doubly ensure that it's authentic communication.

This set off a chain of events as the shaping got worse and worse. Originally we thought it was our network code. We couldn't reproduce it and noticed our satellite connection didn't have this issue.

Our amazing network engineers took 2 months to track down the issue and it was their shaping technology blocking or resetting our connections at almost a 90% success ratio. Now while we preferred having 24/7 connections to our equipment this was no longer possible unless we altered our code significantly.

So we looked at our EULA and sure enough there was no mention of interception of data and packet shaping. In fact, our contract said they wouldn't do anything without notifying and getting our approval first.

We sued. We won. Now we're waiting judgment for lost revenue, breaking of contract etc.

I STRONGLY recommend every business out there who has remote equipment that does more than "ping" for responses and are having trouble to check your Agreement. Screw cancelling your subscription. Sue the pants off of them.

We should have kept ICMP Source Quench

[Animats (122034)]

In the early days of the Internet (by which I mean 1981-1983, not 1997) there were ICMP Source Quench messages. This provided a way for routers to say to an end node "Slow Down." Back when I was working on congestion control, I had our TCP implementation (a modified 3COM UNET; this was before Berkeley got into TCP) set to cut down the size of the congestion window when a Source Quench was received. I took the position that Source Quench messages should be sent before the packet-drop point was reached, so that a well-behaved TCP should never have a packet dropped for congestion reasons.

This didn't catch on, though. There was concern that sending Source Quench messages would choke the network, since as the network congests, routers need to send more Source Quench messages. That sort of behavior creates an unstable condition. And coming up with a generally applicable Source Quench policy was hard. Eventually, ICMP Source Quench was deprecated.

Without Source Quench, there's not much a router can say to an end node about congestion. A router can still send ICMP Destination Unreachable messages, though. What Comcast ought to be doing if they want to reject a connection is to send back ICMP Destination Unreachable, Code 13 (communication administratively prohibited). That's a legitimate action by a router, and it makes it clear who's complaining. Some firewalls will send such messages, so they're not unheard of; however, some NAT boxes don't translate them properly, so they may not reach home clients.

But faking a TCP RST, or worse, sending an ACK for something that didn't reply at all, is just wrong.