Here is the official load of crap you get if you bitch about it to them .....

-- begin bunch of shit ---

Thank you for contacting Comcast Cable Mark.

Thank you for writing to us in response to reports about Comcast's
efforts to manage peer-to-peer traffic on our networks.

Mark, we have posted new FAQs on our Web site making clear to our
customers the steps we are taking to protect the customer experience for
all of our customers. You may access content related to this issue in
the FAQ section of http://www.comcast.net/ [comcast.net]

First, and most importantly, you should know that Comcast does not block
access to any Web site or application, including peer-to-peer services
like BitTorrent. Our customers use the Internet for downloading and
uploading files, watching movies and videos, streaming music, sharing
digital photos, accessing numerous peer-to-peer sites, VOIP applications
like Vonage, and thousands of other applications online.

Mark, we have a responsibility to provide all of our customers with a
good Internet experience and we use the latest technologies to manage
our network so that you can continue to enjoy these applications.
Peer-to-peer activity consumes a disproportionately large amount of
network resources, and therefore poses the biggest challenge to
maintaining a good broadband experience for all users, including the
overwhelming majority of our customers who don't use P2P applications.

It is important to note, however, that we never prevent P2P activity, or
block access to any P2P applications, but rather manage the network in
such a way that this activity does not degrade the broadband experience
for other users.

Mark, network management is absolutely essential to provide a good
Internet experience for our customers. All major ISPs manage their
traffic in some way and many use similar tools.

Comcast believes we have a responsibility to our customers to provide
this service. Network management helps us perform critical work that
protects our customers from things like spam, viruses, the negative
effects of network congestion, or attacks to their PCs. As threats on
the Internet continue to grow, our network management tools will
continue to evolve and keep pace so that we can maintain a good,
reliable online experience for all of our customers.

I understand you have some questions about Comcast's policies. You can
view all of the Comcast Subscriber Agreements and Policies by visiting
the Comcast Online Customer Support Center at http://www.comcast.net/terms/subscriber.jsp [comcast.net]

On this site you will find the Subscriber Agreement, the Acceptable Use
Policy, and other policies relating to your Comcast Service. You can
also view our Privacy Policy Statement at http://www.comcast.net/privacy/index.jsp [comcast.net]

Links to the Privacy Statement and Terms of Service are located at the
bottom of every page at www.comcast.

-- end bunch of shit --

This can be done in virtually all clients..for example, in uTorrent, set Encryption to "Forced" in your preferences. This isn't 100% foolproof but it seems to help a lot of Comcast users, among others with throttling and other P2P blocking measures forced on them from their ISP.

Because they've got a pretty good track record so far.
Net neutrality was the rule of the land until just recently.
It is not something new, it is a return to the way it was only a few years ago.
In 2005 the SCOTUS ruled [wikipedia.org] that broadband internet was an "information service," and not a "telecommunications service." Thus freeing broadband ISPs from the laws that have enforced "network neutrality" for telephone service for decades.

Use IPsec. Not only can they not tell what your packets mean (only where they are going and came from), but they cannot forge an RST since that also needs to be encrypted with the association key.

So they could do a man-in-the-middle attack on a simplistic key exchange done over IPsec. But that would require far more resources (they have to get in the middle of each connection) than they appear to be willing to use (RST forgery is about the cheapest form of net interference there is). So I think even minimal IPsec would bring this blocking to and end until such time as they want to invest in whatever it takes to mount an attack on IPsec. Then we just use a strong key infrastructure and end that.

If the protocol involved understood the work to be done (e.g. how many bytes to be transferred), it could also re-establish a new connection if the existing one got dropped, and resume the transfer ... until done or one end decides to not do this anymore.

I believe they are stretching definitions to the limit if not beyond :

"The duty to carry does not mean that a carrier is never justified in refusing to provide service. It is well established that "if goods are not of the character that the carrier transports he may refuse carriage." Gorton, Supra at 109. Yet, the reasons for refusal are very limited and related to potential damage to other's goods, or to unreasonably high risks for the carrier in its capacity as insurer, or are beyong the reasonable capacity restraints of the carrier." http://www.cybertelecom.org/notes/common_carrier.htm [cybertelecom.org]

All one has to do is look at the main competitor to Comcast, which is Verizon, and look at how they do the same type of stuff. They block outbound SMTP traffic except to their smtp servers...

ISPs and cable TV providers in the US are not common carriers, Comcast doesn't have common carrier status. If ISPs were common carriers there would be no net neutrality issues.

NY Sec. 190.25

Not a real stretch. If they just enforced QoS, then it wouldn't be an issue, the issue is pretending to be the end user's system.

Ok,

From the article that I linked to that you obviously failed to read:

I had an enlightening conversation with a Comcast CSR a couple months ago about this. I posted notes about it shortly thereafter. I'm sure they are thinking that they can get away with saying that they don't block anything because they aren't technically blocking certain types of connections or connections to certain ports. They are sending RSTs to new and existing connections inbound to the subscriber's IP after a certain number of inbound connections per unit time have been detected. (I think it is measured per unit time -- there may be some sort of weighting scheme that favors some ports or detected connection contents or something else, but for me, the relevant metric involved how many SSH connections I could make to my machine at home from school before new ones failed and all the established ones stopped responding.) There is absolutely nothing beneficial to anyone's user experience about blocking my very low bandwidth ssh sessions. Particularly since they don't just send RSTs to the new connections, but all the existing ones as well, unencrypted P2P apps are essentially worthless if you are subject to this kind of TCP meddling. I'm not a P2P expert, but every P2P network I have ever used would blow the inbound connection quota in a few seconds. You'd be lucky to be able to do anything except leach. See previous comment and pseudotranscript of conversation with Comcast guy here: http://yro.slashdot.org/comments.pl?sid=287993&cid=20477309 [slashdot.org]