Beating Comcast's Sandvine On Linux With Iptables 361
HiroDeckard writes "Multiple sites reported a while ago that Comcast was using Sandvine to do TCP packet resets to throttle BitTorrent connections of their users. This practice may be a thing of the past as it's been found a simple rule in the Linux firewall, iptables, can simply just block their reset packets, returning your BitTorrent back to normal speeds and allowing you to once again connect to all your seeds and peer. If blocking the TCP packet resets becomes a common practice, on and off of Linux, it'll be interesting to see the next move in the cat-and-mouse game between customers and service providers, and who controls that bandwidth."
Tag: !news (Score:5, Insightful)
This trick has been around for a while, hasn't it?
The problem is, you can only filter out the RST packets on your end of the connection. But Sandvine also sends RSTs to the other end of the connection. That means it isn't enough for you to be running this iptables rule - all the peers you connect to have to be running it too.
I wonder if they will simply start disconnecting. (Score:5, Insightful)
I wonder if they will just say that blocking their RST Packets is a violation of TOS and disconnect you.
Re:Port 25 (Score:3, Insightful)
Easy.
Get a real ISP.
First it was email and spam, then it was content.. (Score:5, Insightful)
There is no more good reasons and not any easier for the ISP's to block or rate limit our web-use than it is to centrally control spam. People are different, and have different needs plain and square.
Who should have priority, and how to determine it? I can guarantee that if it is a packet flag, then spammers, virus writers, and even bit torrent users will find a way to use it. And regardless, consider the following:
- Which priority should online Live football have from site X? Should it have over the one from site Y, and Z, and the 1000+ others with different commentators and different languages?
- What if you rather wanted live games? Or Live online music concerts? What should have higher priority?
- What about your live online video rentals - stream from Netflix over one from Blockbuster or should maybe your own ISP be allowed to rate limit all the competition to sell their own?
- What about my VoIP from Skype over Vonage, Gizmo, Provider X,Y,Z?
- What about Online games from Xbox 360 above Playstation 3?
Who are to set the priorities? How on earth should the ISP know what my priorities are? How on earth should the football channel know they should not send with highest priority flags?
And there is also a much easier way that leaves the internet neutral:
As with e-mail spam filtering - let the settings be neutral from the ISP side, then let us set up our own profile or custom rules for the downstream traffic.
Re:I wonder if they will simply start disconnectin (Score:3, Insightful)
Of course, they could have just kicked you for using bittorrent in the first place, if they wanted to.
But they want your money.
They were hoping they could slow down bittorrent enough to not cause anyone to leave, but still get an under the table payoff from the *AA groups. I'm sure they'll keep tweaking and keep watching their subscription numbers.
Re:It's a trace buster buster buster (Score:2, Insightful)
You know what I hate? (Score:5, Insightful)
It's when I see a comment on Slashdot, that seems to have no relation to the comment above it. Then I discover that the real parent post has been hidden by Slashdot's new comment system, and the child post linked to the grandparent.
It's damn annoying! Slashdot, please, at least link the child to the "hidden comments" link. That way, I won't get head spins when someone appears to viscously lash out at an interesting post.
Re:It's a trace buster buster buster (Score:5, Insightful)
Straight-up blocking it is probably more clearly illegal than throttling.
Re:Piracy is wrong - plain and simple (Score:2, Insightful)
Flamebait/troll...
But just to make sure you understand: File sharing is NOT theft! - There is no loss involved as the subject is copied, not transferred.
I myself download some movies as a way of sampling them before either deleting them or buying the DVD/Blu-ray. I don't keep the downloaded copy around - it's always deleted, either right away (because the movie is crap) or when I buy the DVD. So my copies doesn't cost anybody anything; no loss and thus no theft.
Re:Tag: !news (Score:5, Insightful)
The problem is, you can only filter out the RST packets on your end of the connection.
That's only a temporary problem. The real problem -- for the ISPs -- is that the same software is running on each end of a p2p, so all of their efforts are guaranteed to fail eventually.
For instance, p2p programs can start using UDP spread spectrum... pass packets on random ports. The receiver then basically implements a quick and dirty tcp-like connection over this (ie much worse for an ISP than actual TCP). Add encryption and random length so it's harder to filter out. Or there can be a shared random number seed for the shared ports. Just for example...
There's probably some computer science or information theory law stating this, but they can't ultimately reduce the targeted traffic by more than the loss from encoding it as 'normal' traffic. For instance, if they limit torrents to 100k/s and the loss is 33% from 'base64' encoding the data as some kind of an html-ish doc then if normal web pages get more than 133k/s then torrents would be faster encoding them as 'normal' traffic.
Re:This is why you select a specific port.... (Score:3, Insightful)
No good medicine comes without side effects.
It is my understanding that these false resets cause much more serious disruption than leaving connections open, so you are still coming out ahead.
Re:They are doing it because they are crooks...... (Score:5, Insightful)
Their own damn fault for selling something they don't have!
A Fitness center analogy.. (Score:5, Insightful)
Now, imagine you buy a year membership card.
Then you start showing up each morning, and again in the evening.
Then the fitness center comes to you and says: "You can come here, but we are going to lock all the doors when you show up, because you are using up to much resources and thus denying them to our other members.
Do you think there would be any outrage ?
First They Came (Score:5, Insightful)
First they came for the game crackers,
and I did not speak up because I did not play games
Then they came for the pornographers,
and I did not speak up because I did not view porn
Then they came first for the spammers,
and I did not speak up because I was not a spammer
First they came for the music pirates
and I did not speak up because I was not a pirate
Then they came for me,
and by that time there was no fair-use left.
Re:A Fitness center analogy.. (Score:4, Insightful)
Re:Usenet (Score:2, Insightful)
Yes, but they need to know they should ask for it.
Re:A Fitness center analogy.. (Score:5, Insightful)
Say that you found out a way to earn or safe a lot of money by staying on the fitness machines 16 hours a day.
Suddenly, the 28 fitness machines they expected to service 5,000 people are being used from opening until closing by the same 28 people.
Do you think the fitness companies and their customers would say "ah well... they've got us because of our advertising unlimited service."
No- the next time your contract came up, it would have a clause that allowed them to force people to share the machines or something to protect them.
You are being unreasonable. The cable companies are trying a weaselly scummy way to get out of the situation instead of just doing what they should do up front.
1) Determine the real usage of their desired customer (say 20gb a month).
2) Advertise 24gb a month for one "low rate" with a "reasonable $1 per gb"
And eventually they will. Even if you have you current company in an iron clad contract, if it is losing money the situation *will* fix it self.
---
The current isp situation in america is a complete joke and anti-capitalistic. We basically have duopolies in 99% of cities between AT&T and a cable company. That needs to stop and be broken up. The internet wires, like the roads, should put be put by the government.
Re:A Fitness center analogy.. (Score:1, Insightful)
Do you think there would be any outrage ?
I don't agree with your analogy. Presumably, your maximum impact to other customers is 1 piece of equipment. In a sufficiently large facility there are hundreds of other pieces of equipment. Therefore, your impact to their over subscription model is minimal.
In the ISP scenario, you could potentially impact a much higher percentage of customers by consuming large amounts of bandwidth and session connections. A few customers could drive large amounts of bulk traffic and session connections to the point of impacting other customers and the ISP over subscription model.
Re:Tag: !news (Score:3, Insightful)
In short, it's an arms race; both parties are equally equipped and both parties care none for the collateral. And the first rule of arms races is that whoever started it, lost.
Re:They are doing it because they are crooks...... (Score:4, Insightful)
Well, that's why there are laws that prohibit lying in advertising; and the 'limited' ISP should be able to get punitive damages if other ISPs falsely advertise 'unlimited' access.
But I am not holding my breath while waiting for this to really happen this way :)
Re:They are doing it because they are crooks...... (Score:5, Insightful)
They always have. ISP's, especially those on the last mile, have historically sold 10 to 20 times the actual bandwidth to their customers. Except a while back the last mile was not a hot zone. There weren't so many things you can use huge amounts of bandwidth on.
Today there are lots. Desktop apps move to the web, there's streaming, online gaming, all kinds of legal, semi-legal and illegal things to download, malware and the list goes on and on.
The ISP's are caught in the middle of all this. They've entered this time period with pricing policies that belong in gentler times, and their infrastructure is also outdated and getting more so every day.
On top of everything, everybody seems to think it's their job to carry the Internet on its back and figure it out somehow. The end customer likes to have huge amounts of bandwidth for pennies. The websites and online apps have bulk deals for bandwidth with providers that have efficient distribution infrastructures all over the world. And the last mile ISP is left to fight a dog eat dog fight with other similar local ISP or with a bigger area ISP, both of which will drive it out of business eventually.
Not to mention the crazy politics involved, where they are required to act as copyright cops and other idiocies.
So they're desperate. They're trying anything to "fix things". There are a couple of sane solutions but not without problems. The obvious move would be to rethink their pricing and start selling capped amounts of bandwidth. Filtering will always be passed somehow but a hard cap upstream is a hard cap. And nobody will be able to protest they're not getting what they're paying for.
But this isn't easy either, because of the fierce competition. You do hard caps, you piss of customers. If they have a choice, they'll run to that new ISP that popped up in the neighborhood a week ago. Sure, that ISP will experience the same problems a while from now, but in the meantime you're short some income.
Another solution is a world-wide effort to update infrastructure (better throughput, either hardware or software). But who's gonna pay for that? The last mile ISP's can't and won't and granted, it's not fair they should pay all of it. But the other interested parties like the status quo and won't pay either, but will bitch just as readily about filtering and caps and whatnot. In the end, the ISP's will probably turn to insightful investors like Google's dark fiber and become their prisoners and people won't like that either, but will conveniently forget they're the ones that pushed the ISP's into that corner.
It's not just the ISP's fault, it's everybody's. The Internet has become an ecosystem, you gotta work together on all parts of it to see proper overall change.
Re:why a specialized device? (Score:3, Insightful)
in general, i dont see why you'd get specific hardware for this when you could just have a small 5 watt linux router that handles your wan/lan/wifi/simple daemons.
Usually, that 5w router ends up falling a bit short when you run large amounts of data through it.
That's what you get with equipment that has quality as an afterthought.
Re:They are doing it because they are crooks...... (Score:5, Insightful)
But what they are really doing is trying to stop 2% of their customers from using 98% of the bandwidth, bandwidth they have to pay for. Remember, though they are selling "unlimited" internet access at some level *all* bandwidth is measured. Theirs is certainly measured by their upstream provider. There is really no "unlimited" bandwidth.
Pisshaw. Large regional and national ISPs don't have "upstream" providers. They have a presence in a NAP(s) and peering agreements with other networks. The only costs they have is for the infrastructure; physical cables, equipment, power and people. They don't pay for bandwidth on a "meter". Their bandwidth is limited by equipment; available technology and costs.
They are "managing bandwidth" to control last mile congestion. It is cheaper to mangle traffic than to upgrade the last mile. Plain and simple.
Re:They are doing it because they are crooks...... (Score:5, Insightful)
Re:They are doing it because they are crooks...... (Score:5, Insightful)
This seems to me to be *exactly* what an ISP's job is. If they don't like doing this, they should get on out of the business.
Expected response from ISPs (Score:3, Insightful)
"Obviously, due to these techniques being available, the tool known as iptables must be made illegal. The ability to change how we're sending packets through our networks allows users to engage in piracy, terrorism, and cyber-warfare, and this cannot be allowed to continue in the name of national security."
(Yes, I think that's a load of crap, but I suspect they can get 60 senators with that and a few campaign donations.)
Re:A Fitness center analogy.. (Score:5, Insightful)
Re:Tag: !news (Score:3, Insightful)
This is not entirely true; both parties are not equally equipped. The ISP has to do a whole lot of filtering with a minimum of resources, because resources (CPU, memory) are expensive, while the users they are up against have a lot of idle CPU time and free memory to use.
(posting as AC because I already moderated)
Re:They are doing it because they are crooks...... (Score:2, Insightful)
Another solution is a world-wide effort to update infrastructure (better throughput, either hardware or software). But who's gonna pay for that? The last mile ISP's can't and won't and granted, it's not fair they should pay all of it.
So the US government didn't give them billions of dollars in subsidies and grants to do exactly that? They got greedy. They didn't do what they were tasked to do. It most certainly IS fair for them to have to pay for all of it because it was their willful inaction that plays such a large part of the problem.
Re:They are doing it because they are crooks...... (Score:4, Insightful)
Damn, I can't get this critical update for Vista this month because I'm out of bandwidth. Or, I guess I don't get to play this game I just bought because I don't have the bandwidth left to download the first 12 patches to it that came out in between the time I left the store and when I got home. I would be less concerned about capping bandwidth if everybody didn't expect you to have an unlimited connection. Maybe that expectation would change in time (maybe flash would go away!).
Re:They are doing it because they are crooks...... (Score:5, Insightful)
Re:This is why you select a specific port.... (Score:5, Insightful)
This was an initial way researchers detected forged resets. And it still works for some appliances (think snort), but most appliances ISPs use forge TTL now.
The appliance is seeing everything including TTL, so it is rather trivial for these devices to forge it on top of everything else it forges.
One idea being played around with is looking at the arrival time of the reset. A much harder analysis, but a much harder thing for the appliance to control.