Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Censorship Technology

Comcast Blocks Web Browsing 502

An anonymous reader writes "A team of researchers have found that Comcast has quietly rolled out a new traffic-shaping method, which is interfering with web browsers in addition to p2p traffic. The smoking gun that documents this behavior are network traces collected from Comcast subscribers Internet connections. This evidence shows Comcast is forging packets and blocking connection attempts from web browsers. One has to hope this isn't the congestion management system they are touting as no longer targeting BitTorrent, which they are deploying in reaction to the recent FCC investigations."
This discussion has been archived. No new comments can be posted.

Comcast Blocks Web Browsing

Comments Filter:
  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Monday April 07, 2008 @10:18AM (#22989046)
    Comment removed based on user account deletion
    • Re:Throttling (Score:5, Insightful)

      by porcupine8 ( 816071 ) on Monday April 07, 2008 @10:21AM (#22989076) Journal
      On my service provider's homepage, it takes a half an hour for me to just find the place to pay my bill, and it moves every couple of months. If such an option is available, I doubt anyone has ever actually found it to activate it! (Luckily, I don't have comcast, and am in a rare area with two cable providers, the OTHER of which is comcast, so I'm hoping RCN won't pull this crap because they actually could lose customers and are already second-place.)
      • That really annoys me that the link to the pay online service changes every 3-4 months, and trying to find it from one of the thousands of versions of their homepage is ridiculous.

        At least Time Warner isn't pulling that stuff yet. It wont' surprise if they start though. Of course I won't keep them long after that. I don't use P2P often but I do need to use it occasionally. for large files bit torrent is the best way to go.
    • Re: (Score:3, Insightful)

      by monkikuso ( 1062016 )
      Or just don't use comcast. Too much bull to deal with, if you ask me. Fios will be in my town by June, and that's the route I'm taking. For now, DSL works fine.
      • Same here, except I have comcast now and cant wait to ditch them. A very simple solution would be to make throttling default, with some very easy way of turning it temporarily off. I'd be fine with this.
      • Re: (Score:3, Informative)

        by epedersen ( 863120 )
        I wish Fios was coming to my area any time soon, and DSL is not available. So unless I want to go with one of the wireless providers or dial-up Comcast is the only option.
      • FIOS availability (Score:5, Interesting)

        by BenEnglishAtHome ( 449670 ) on Monday April 07, 2008 @10:41AM (#22989400)

        Fios will be in my town by June,

        How did you discover the FIOS rollout schedule for your location? I'm contemplating moving my household and I would definitely use the current/future availability of FIOS to help me choose my destination. However, I can't figure out where to look to find a map that says "This is where you can get it, this is where you can get it in 6 months, and this is where you're out of luck."

        So how did you figure this out?

        • by sYkSh0n3 ( 722238 ) on Monday April 07, 2008 @10:54AM (#22989588) Journal
          Sound like me. My housing arrangements have been based around broadband availability since i moved out on my own. I probably have it as a slightly higher priority than is reasonable though.

          "Oh, I can get 50MB/s broadband here? Of course I'd love to live under this bridge...on the train tracks....next to the paper mill...downwind of the sewage treatment plant."
        • Re: (Score:3, Informative)

          Well, it's not Verizon, but Lisco gave me a map [liscofiber.com] for my hometown. But I'm not sure how to do this for the general case.
        • Re:FIOS availability (Score:5, Informative)

          by Anonymous Coward on Monday April 07, 2008 @11:14AM (#22989848)
          http://www.dslreports.com/gmaps [dslreports.com]

          See the mash-ups menu for some FIOS info.
        • Re:FIOS availability (Score:5, Interesting)

          by ciscoguy01 ( 635963 ) on Monday April 07, 2008 @11:33AM (#22990134)
          In Orange County, CA there are literally hundreds of boxes with AT&T on them being installed on the sides of streets. They are working on them continuously. I assume that is FIOS going in, and they are really working hard, it's *everywhere*.

          After the way AT&T whined about the condition of their copper plant and how they couldn't give us DSL during the DSL rollout (because they were too cheap to fix it), this is a giant change. It may have to do with the UVERSE TV rollout I have been getting bill inserts about.

          Course since it IS AT&T it will probably have too many problems and gotchas, and I will likely be trapped on DSL for the time being, since I have a grandfathered static IP.
          • Re: (Score:3, Informative)

            In Orange County, CA there are literally hundreds of boxes with AT&T on them being installed on the sides of streets. They are working on them continuously. I assume that is FIOS going in, and they are really working hard, it's *everywhere*.


            The only problem with your assumption is that FIOS is Verizon, not AT&T.

            Now, AT&T is deploying FTTP and FTTN, but it's not branded as "FIOS". Now if only Qwest would get their act together.
            • Re:FIOS availability (Score:5, Interesting)

              by It doesn't come easy ( 695416 ) * on Monday April 07, 2008 @03:59PM (#22993428) Journal
              Unfortunately, AT&T's "version" of FIOS isn't truly FIOS. They take fiber to the boxes you see them working on but from there to your house it is still the old copper. The result is essentially the same internet speed you see now. They may be able to essentially double the practical speed but there's no way they will ever be able to get to Verizon's 20mbps symmetrical service. And I also heard that AT&T will be reserving most of the added capacity for their HDTV channels (their technology sends up to 3 HDTV channels down the wire to your house at any given time -- and even then they have to reduce the quality in order to get three channels over the copper -- it also means you will not be able to watch/record more than three channels at the same time at any given time -- might be somehwat of a limit for large households). There's lots of technical details around AT&T's approach verses Verizon but sad to say AT&T's version is already obsolete and they haven't even gotten it out the door.
        • by LM741N ( 258038 ) on Monday April 07, 2008 @12:59PM (#22991428)
          If you want to find a neighborhood with FIOS, just follow their truck around until it stops somewhere. Thats how I found the Sunnyvale, CA post office.
      • Re: (Score:3, Interesting)

        by danielsfca2 ( 696792 )
        That's nice, be glad you're in Verizon territory. Unfortunately for those of use in AT&T territory, there will never be FTTH. They've said so. Why? Because they're the monopoly and they have no competition to fear, of course!

        Here, it's your choice of Comcast (which is fast, but expensive, and apparently they're IN UR TCP STREAM, RESETTIN UR CONNECTIONS)... or crappy 1-2meg DSL which is cheap and slow.
    • Re:Throttling (Score:5, Insightful)

      by Anonymous Coward on Monday April 07, 2008 @10:22AM (#22989096)
      Why should you or anyone opt out? If they can't give you the bandwidth they promise you in your contract - they shouldn't have advertised it as such in the first place.
      • Re: (Score:3, Funny)

        by Anonymous Coward
        they shouldn't have advertised it as such in the first place.

        I think you're confused as to what advertising is.

        From Wikipedia: Advertising is a form of communication whose purpose is to lie and deceive potential customers into handing over money for a product or service. Tactics used in advertising include... flat out lies, false claims of superiority over competing products and/or services, meaningless awards and testimonials to improve the image of products and/or services, exaggerating capabilities of
      • Re: (Score:3, Insightful)

        by AftanGustur ( 7715 )

        Why should you or anyone opt out? If they can't give you the bandwidth they promise you in your contract - they shouldn't have advertised it as such in the first place.

        Oh, they give you the bandwidth all right. It's a properly working connection mechanism that isn't working.

        What Comcast is doing is like a telephone company promising you free telephone calls, and then faking a busy tone when you try to use the service.

    • by Presto Vivace ( 882157 ) <ammarshall@vivaldi.net> on Monday April 07, 2008 @10:23AM (#22989116) Homepage Journal
      Does Comcast have a death wish? It sounds like something out of Dilbert.
      • by dkleinsc ( 563838 ) on Monday April 07, 2008 @11:12AM (#22989814) Homepage

        Does Comcast have a death wish?
        No, they have a monopoly and friendly government regulators.
        • Re: (Score:3, Interesting)

          by jmorris42 ( 1458 ) *
          > No, they have a monopoly and friendly government regulators.

          Industries almost always end up with 'friendly government regulators.' Raise your objections to that truth all you want, they don't matter. Doesn't matter whether the regulators, current administration, general population, etc. is 'progressive' enough, etc. The industry being regulated has an intense interest and the general population doesn't. NO small band of activists can match the self interest of a powerful industry and there rarely mu
      • Re: (Score:3, Interesting)

        by hhawk ( 26580 )
        I think most users have so little idea of what a connection should work like, that if a page doesn't load, they will simply hit reload a few times.

        What seems interesting to me, is would this take away their common carrier status? If they blocked specific web sites or types of content, then I think it would, but if this is done randomly, then I would think it wouldn't.

        What would be interesting is if they never blocked sites they owed, or sites from which they recieved fees from, etc.

        I have no problem with ti
        • by Frank T. Lofaro Jr. ( 142215 ) on Monday April 07, 2008 @11:55AM (#22990436) Homepage
          I have no problem with tiered pricing. Today it's often based on speed, but I what would be better is service level based on some packet metric. When I eat at a cheap buffet I don't mind that the food isn't at 4 star quality levels.

          Would you mind that certain more costly foods at the buffet were laced with a chemical that would make you barf if you ate more of them than the buffet owner wanted you to eat, yet this was never disclosed and they said it was an all you can eat buffet - and then when called out on it they actually tried to defend it?

          That is a better analogy.

          Also, if you eat more than 100 items of food there in a month, you get banned for a year the first time, and banned for life the next time. That is like their "secret" 100 GB/month limit.

          Use DSL, at least they actually get the bandwidth they advertise. Where I'm at, Embarq has always given at least the promised speed, and none of the crap some of the cable companies have been pulling.
        • Contrary to popular belief, internet service providers don't have common carrier status. Only Voice-over-POTS has common carrier status. If Verizon handles your voice and DSL, they only have common carrier on the voice... and only if they're not using FiOS. VoIP doesn't have common carrier protection either (at the IP level).
      • by scorp1us ( 235526 ) on Monday April 07, 2008 @12:44PM (#22991230) Journal
        It is really not a death wish. Look at what is happening: Comcast is making the connection suck even more for p2p users, meaning that they will defect and become someone else's problem. This then puts strain on the other provider, and leaves Comcast with a light-duty network. Look, p2p users, Comcast doesn't want you. They don't want your business. I have a theory on why they are taking a hard-line (npi) approach... It is interesting to note that the shared trunk infrastructure used by Comcast is extremely sensitive to overloading, and the best example of this is p2p applications, because a few users can tie up the whole trunk. You are basically using a broadcast medium, rather than a switched medium. The numbers of non-p2p users at present (as estimated by Comcast's actions) would seem to suggest that it is much more valuable for them to have the offenders leave rather than be customers. There is probably a factor of 1 p2p user for every 10 users. If it takes 10 p2p users to tie up a trunk, then these p2p users are worth 9 subscribers each (100-10=90)

        It makes sense to me.
    • by Firehed ( 942385 )
      Not that I'm siding with the ISPs, but what good is throttling their users if the users can just disable it?
    • Re:Throttling (Score:5, Informative)

      by value_added ( 719364 ) on Monday April 07, 2008 @10:33AM (#22989270)
      Throttling wouldn't be so bad if you could just opt out of it.

      Indeed. If we were talking about throttling.

      Which we're not.

      If the article didn't make that clear, this wiki link [wikipedia.org] might help.
    • Re:Throttling (Score:5, Insightful)

      by JustinOpinion ( 1246824 ) on Monday April 07, 2008 @10:33AM (#22989274)

      The ISP providing my home Internet connection throttles your performance by default, but if you visit one their website, you can change the settings to unthrottled
      Wow... so you have to explicitly opt-in to receive the service that you paid for? You have to know about this throttling, visit a specific page, and flip a switch, in order to get non-degraded service. Is that even legal?

      The fact that ISPs are doing this is scary. The fact that customers accept it is also scary.

      The ISP figures most people aren't going to bother changing their settings, but the people who really love file-sharing are still free to do so.
      Which seems kind of strange. The "problem users" are those savvy ones who transmit tons of data, who are the same ones who will probably change this setting. What's the point in throttling the non-savvy users who just do light web-browsing anyway?
      • Re: (Score:3, Insightful)

        P2P != "savvy users" in all cases.

        Case in point: I visited my aunt and uncle a few years ago. While I was there my uncle asked me to find out why their 280K DSL was so slow. A speed test showed they were getting 80K, and a quick check of Task Manager showed KaZaA was running. Turns out their 14 year old daughter was file sharing. While she was savvy enough to use P2P apps, she really doesn't know squat about networking or broadband technologies. To her, computers and the Internet are an ap
      • Re:Throttling (Score:4, Insightful)

        by stinerman ( 812158 ) on Monday April 07, 2008 @02:18PM (#22992238)

        The fact that customers accept it is also scary.

        Customers don't accept it because they don't understand the first thing about how communications networks work.

        The fact that there is nowhere near perfect information and that last mile access is usually a natural monopoly (if not a statutory one) in most places, the free market will not work as advertised.
    • by Anonymous Coward on Monday April 07, 2008 @10:39AM (#22989376)
      Just use gopher.
  • Are you serious? (Score:5, Insightful)

    by koh ( 124962 ) on Monday April 07, 2008 @10:21AM (#22989084) Journal
    How come they still have customers? Are they a de facto monopoly? Where are the class action lawsuits and the antitrust regulations then?

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Monday April 07, 2008 @10:29AM (#22989204)
      Comment removed based on user account deletion
      • Because the people are saving with their $99 for Internet/phone/cable deal!!!! Bundle and save today!!!!!!

        * for the first 6 months, then only $199.99 each month thereafter

        Besides their apparent sadism by implementing filters and such (same RIAA/SCO business model, just change "Sue customers" to "prevent from using what they paid for"), Their advertised offers always have very tiny fine print, hidden in the margins and borders of the mass mailings, mentioning that oh yeh, the price quoted above in the bold 1000pt font is good only for a couple months before we double or triple it, and you are still locked in t

    • Re: (Score:3, Interesting)

      by esocid ( 946821 )
      Yes.

      I unfortunately have them because they have a contract with the city I live in and no one else has any lines near me. I checked for FiOS but it isn't available yet either. It was almost as bad as when I lived in an apartment complex that had a deal with NTC, which I believe is illegal now, which forced me to pay for their service. Looking back on it, I wish I could get NTC over Comcast.
    • by j_166 ( 1178463 ) on Monday April 07, 2008 @10:31AM (#22989232)
      "Are they a de facto monopoly?"

      In my town they are. Oh, excuse me. They are "Franchised" by the township. Huge difference, apparently. Not in practice though.
      • Re:Are you serious? (Score:5, Informative)

        by LoudNoiseElitist ( 1016584 ) on Monday April 07, 2008 @10:49AM (#22989520)
        I find it interesting that more people don't realize this. I'm tired of getting "USE SOMEONE ELSE" every time this issue comes up, and people simply do not realize that MANY smaller cities are literally stuck with Comcast until sometime towards the end of the second coming. It was great when it was the only way my city could even get cable 30 years ago, but now it's a mess, and Comcast is raping us for it.
      • Re: (Score:3, Informative)

        by N1ck0 ( 803359 )
        In most areas Comcast has an exclusive franchise agreement with the city/township. If you are in a major metropolitan area you have a good chance of being served by several cable companies, but many times it still matters on exactly what street/building you are on.

        The franchise setup is not considered a monopoly by the government because:

        a) it was accepted by the local government (and supposedly by the people). The down side is many of these contracts are long term and were originally with smaller
    • by Yurka ( 468420 ) on Monday April 07, 2008 @10:31AM (#22989236) Homepage
      People who, when reading "forged packets", do not form a picture of counterfeit plastic bags in their heads are a small, albeit vocal minority. Comcast seems to have found the way to kick them off of its customer rolls by self-selection (the more /. stories stoking the outrage, the better), thereby only retaining the sheep. Good business plan, as I see it. Bully for them. The antitrust and legal issues can be sorted out, I would assume, by changing some verbiage in the customer agreement and allowing some sort of so-called oversight from the benevolent government.
    • I am still a customer, not happily though. I am 4 meters too far for DSL, and the satelite and cell tower options aren't so hot. In general I do get decent bandwidth, but I will have to go check out this new behavior.

      Most of the stuff they are doing does not effect me, thankfully. I have seen them destroy my BT traffic on the few occasions that I have tried it. That was well before the publicity, and I just blamed the protocol at the time. Now I know...

      My options are dial-up (slow than throttled cable modem
    • by KingSkippus ( 799657 ) * on Monday April 07, 2008 @10:38AM (#22989348) Homepage Journal

      We synthetically generated TCP SYN packets at a rate of 100 SYN packets per second using the hping utility...In this section, we present our network traces that show the network behavior while the TCP SYN packets are being sent. All traces were collected during peak usage hours (7-9pm local time).

      Okay, I'm not specifically a network engineer, but I like to think that I'm not network stupid. To me, this would sound suspiciously like someone trying to perform a denial of service attack.

      Now, I can understand being irritated at forged packets coming back as a result, but at the same time, isn't it reasonable to expect Comcast to do something to shut down connections coming from this host? Frankly, I'm a little surprised that Comcast didn't shut off the connection altogether.

      Am I missing something?

    • Re:Are you serious? (Score:5, Informative)

      by quanticle ( 843097 ) on Monday April 07, 2008 @10:38AM (#22989362) Homepage

      Comcast, in many locations, is not just a de-facto monopoly, they are a de-jure monopoly. Comcast negotiates with municipalities to be the sole cable provider to community. The best situation in many of these cases is a duopoly between Comcast and the local Baby Bell. Often, for many regions, Comcast is the sole broadband provider, since the residents are too far away from the CO for DSL.

      • Re: (Score:3, Interesting)

        by not_anne ( 203907 )
        In the city I live in (Sacramento, CA) there four large cable companies: Charter, SureWest, Frontier, and Comcast. All four have franchise agreements with the city. There are a few smaller cable companies too, but I don't remember their names offhand.

        Cable franchise agreements are controlled by the municipality, not the company. This agreement allows a company (under strict guidelines) to do business in the municipality. If your municipality chooses to allow only one cable company to do business there, blam
    • Re:Are you serious? (Score:4, Interesting)

      by Rakishi ( 759894 ) on Monday April 07, 2008 @10:40AM (#22989386)
      They're probably a government mandated monopoly in many places which isn't a horrible system per say. The problem is that the government is doing jack shit to uphold it's end of the bargain which is to keep comcast in check. A company given an artificial monopoly will abuse it, directly or indirectly, and if you give a company a monopoly then you better also take the effort to keep them in check.

      I have heard, for example, that roadrunner in NYC needs to provide satisfactory service to customers due to it being a government created monopoly. Sure they won't mention this but I have heard of at least one person making enough noise (ie: contacting every politician within 50 miles, among other things) to have roadrunner cave in (well first they begged him to switch to dsl then they caved in).
    • Re:Are you serious? (Score:5, Informative)

      by 99BottlesOfBeerInMyF ( 813746 ) on Monday April 07, 2008 @10:58AM (#22989642)

      How come they still have customers?

      Their service is terrible and unreliable and they treat their customers like shit. This makes them a slightly better option than the local phone company.

      Are they a de facto monopoly?

      No. They are part of a government enforced duopoly. In most locations in the US only three companies have the legal right to use the right of ways that allow them to connect a line to your house. These companies are given an exclusive contract in most cases. They are:

      • The local power distribution monopoly. (Usually they stick to power but in a few cases they've started to roll out internet access over the power lines. The absurdity of such a plan speaks to how terrible the other options for internet in the U.S. are.
      • The local Cable company - provides cable TV and has expanded to internet access and phone service. In many places they are the only option for high speed internet. Right now I'm paying about $50/month for internet access from them and it comes with "free" cable TV. Of course it isn't free. In fact, internet without cable TV costs $60/month from them.
      • The local phone company - they have less coverage and the cheapest high speed DSL line I can get from them is $80 and comes with "free" local phone use. The phone company is the longest standing antitrust abuser and they treat all their customers like crap. Besides being more expensive they want you to give them all your personal information on a web form, just to see if they will provide service in your area. When I tried it, the Web form was broken and only worked in IE for Windows. Calling one the phone got me 20 minutes of muzac and then transferred to several people before anyone knew what DSL was.

      In short, internet access options in most of the US sucks. We've already paid more per person in tax subsidies to the network providers than many other countries. Sweden, for example has slightly less population density and had a huge embezzling scandal in their national internet drive. They paid half as much per person as people in the US, have on average ten times faster connections, better uptime, and pay about half as much per month as US citizens.

      The phone companies and the cable companies have lobbyists who legally bribe our politicians with campaign contributions. As a result, the good of the people isn't even considered. It is just a battle of whether a given law will give money to the cable company or the phone company. Either way citizens get the shaft.

      Where are the class action lawsuits...

      There are numerous ones making their slow progress through the courts, usually to end in a private settlement. One might actually go through sometime this decade, but the politicians has also been working on passing laws to grant retroactive immunity to network operators for malicious, illegal abuses under the guise of national security. There is little hope.

      ...and the antitrust regulations then?

      The antitrust regulators are appointed by the executive branch. Both candidate's parties in the last two elections received huge donations from hundreds of private companies and for some reason antitrust regulators i the US show little or no interest in prosecuting even blatant antitrust abuses. (In the case of Microsoft, they had already been convicted and the new appointees, changed the punishment from being broken up, to a small fine and a pat on the back.)

  • Damn... (Score:5, Funny)

    by Starturtle ( 1148659 ) on Monday April 07, 2008 @10:22AM (#22989086) Homepage
    ...I wanted to have First Post but I had to find an available proxy to get through my ISP's traffic shaping technology
  • by Anonymous Coward on Monday April 07, 2008 @10:25AM (#22989142)
    Eclipse in the UK, since taken over by Kingston Communications, will packet shape you so hard, that even if only downloading a linux iso from p2p at 33kbps,they will disrupt all your connections, such that web browsing becomes a pre broadband experience. Don't use p2p and all plays nice again.

    so nothing new in this here in the UK
  • Thankyou Comcast. (Score:5, Insightful)

    by Anonymous Coward on Monday April 07, 2008 @10:26AM (#22989152)
    When ISPs were just targetting the minority of users who use P2P (and then under the excuse of stopping piracy/ thinking of the children/ protecting us from terrrists) there would never be enough backlash from their users to stop this kind of abuse.

    However if they start screwing with http, then suddenly every Joe Sixpack will be up in arms about traffic shaping, and maybe the pressure will be sufficient to actually bring about some change.

    My sincere thanks, Comcast, for bringing this issue into the mainstream.
  • by rmdir -r * ( 716956 ) on Monday April 07, 2008 @10:26AM (#22989156)
    NOT COMCASTIC
  • by iceT ( 68610 ) on Monday April 07, 2008 @10:29AM (#22989200)
    Responding on behalf of hosts that don't (aren't supposed to) exist isn't necessarily a bad thing. It can save on the 45 second timeout for customers, and can help keep FW state tables smaller.

    That being said.. spoofing addresses to return RST commands and etc. just SUCKS.

    I wish DSL providers would improve their coverage. Many people don't have a choice of anything BUT Comcrap.
  • by AndGodSed ( 968378 ) on Monday April 07, 2008 @10:31AM (#22989228) Homepage Journal
    1. It is a darn good read. Concise, short and to the point.
    2. They are using firefox.
    3. The Slashdot headline is not completely accurate.

    The /. headline had me thinking one thing - but reading the article clarified my one knee jerk reaction: "You cannot browse the web - at all!?"

    Reading the article I got the idea that is not exactly the case...
  • I am getting torrent speeds around 200K/second. Is filtering specific to some region or bittorrent client? Does Mac TCP stack confuse it in some way? It seems to me that they face a mass exodus of customers to AT&T if they really break torrents for everyone.
  • Cancel (Score:5, Interesting)

    by Badbone ( 1159483 ) on Monday April 07, 2008 @10:35AM (#22989310)
    Im tired of Comcast pulling stunts like this too. So today I did something about it. I cancelled my Comcast service. Completely cancelled. And when I called to cancel, I let them know exactly why.

    Granted, the person on the other end of the phone doesnt know or care about such issues as net neutrality. But she did ask why I was cancelling, and she did type in my response. So hopefully someone down the line will read it. But even if they dont, at least I know that my money will not be going to a company I despise.

    • Re: (Score:3, Funny)

      by Gothmolly ( 148874 )
      Don't worry, they won't read it.
    • Re:Cancel (Score:5, Insightful)

      by Mr. Underbridge ( 666784 ) on Monday April 07, 2008 @11:27AM (#22990066)

      Granted, the person on the other end of the phone doesnt know or care about such issues as net neutrality. But she did ask why I was cancelling, and she did type in my response. So hopefully someone down the line will read it.

      Someone will probably read it. Here's your problem though - what she typed is probably something like this:

      Reason for cancelling: Customer is a jackass

      You can't bust through the customer service morass when you're dealing with people making $10/hour who have been strategically placed by their employer as a defense between you and anyone who could actually solve your problem.

  • I couldn't get to *some* of the hosts at the College I work at around 7am Saturday morning (EDT). Some were fine. That's for ssh, http, https, and even vpn. I could ping all the hosts and ping could get through, but no tcp connections I tried. I tried going the opposite direction from those hosts later back to my linux box via ssh at home and couldn't get through either. The at 2pm eastern everything just started to work again.
  • Never noticed (Score:2, Informative)

    by jgarra23 ( 1109651 )
    I upload & download tons on Comcast's network. OTOH I don't pirate software or music. Really, I make heavy use of the bandwidth given me (routine full load) and I've never received any of these notices, any sort of throttling or anything else. Is there a site with all the assumed proff of all this Comcast badness going on that I can look at?

    I'd be impressed if the loudest complainers weren't some sort of thieving pirate.
  • by corsec67 ( 627446 ) on Monday April 07, 2008 @10:40AM (#22989396) Homepage Journal
    The biggest objection to what Comcast was doing was that they were generating reset packets that didn't originate with either host.

    Now, this article seems to say that they will generate reset packets for hosts that don't even exist on the internet. This may be a kind of throttling, but it is sill FORGERY, and shouldn't be allowed at all.
  • by poptart ( 145881 ) on Monday April 07, 2008 @10:43AM (#22989428)
    This is a bit off-topic, but it does have to do with comcast.

    Last month I called comcast to tell them I did not want to be called, mailed, or emailed by them or any of their 'partners'. I called in response to a mailing from comcast that provided a phone number for opting out. FWIW, I have been receiving junk mail (post and electronic) from comcast encouraging me to get internet service from them, despite the fact that I have been a comcast internet customer since it was RCN.

    Yesterday I received my monthly comcast bill, and on the bill was a $1.99 charge for "change of service". I called comcast, since I recalled making no changes to my service in the past decade. The telephone operator said "that charge is for when you called to opt-out of the comcast and partner mailings". She quickly followed with "we can remove that charge with a credit to your next statement".

    Sigh.

    $1.99 is not much, and almost not worth the time calling about it. But the attitudes and practices behind the fee are what get my goat.
    • by Ossifer ( 703813 ) on Monday April 07, 2008 @10:51AM (#22989546)
      By the way, that $1.99 credit to your account constitutes a "change of service"...
    • Re: (Score:3, Insightful)

      by fm6 ( 162816 )
      Better get used to having your goat got. The practice of tacking silly little fees onto monthly bills seems to be common practice. Started with credit card companies, but now it seems to be spreading. Sometimes they don't even have an excuse like "service change". Just throw a "field upgrade fee" or "klatu barata nikto charge" on the bill, reverse for the 10% of customers who bother to complain, and presto! another $1 million to your bottom line.
  • I wonder... (Score:5, Insightful)

    by richardtallent ( 309050 ) on Monday April 07, 2008 @10:44AM (#22989458) Homepage
    I wonder what Comcast's network would look like if they spent as much money improving bandwidth as they apparently do "shaping" (damaging) the traffic already on their wires.
  • Sending 100 syn packets per second to an invalid internet address... that would seem like a big red someone stupid is trying (or testing) a DOS syn attack flag to any ISP worth their salt. They basically were trying to create 100 outbound connection attempts per second for an extended period of time, I would be more annoyed if the ISP didn't catch something like that, only need a few hosts to build up a nice syn attack and overrun someone's tcp stack.
  • by berashith ( 222128 ) on Monday April 07, 2008 @10:51AM (#22989536)
    please someone correct me, but this appears like comcast is knocking down SYN floods. If this is the case, it is a good thing. In fact, if they stopped all connections both ways to some tool who is slamming the network with a bunch of crap at peak time for a limited time on each offense, wouldn't that be a good thing ?
  • Television (Score:4, Insightful)

    by Dancindan84 ( 1056246 ) on Monday April 07, 2008 @10:54AM (#22989598)
    Just wait till they do the same thing with TV/phone: Hundreds of channels* Free unlimited long distance** *If you watch your TV more than 20 hours a month we'll cut you off **As long as you don't place a lot of really long distance calls. Then we'll throttle them so you only get every 3rd word
  • by natoochtoniket ( 763630 ) on Monday April 07, 2008 @11:02AM (#22989698)

    We synthetically generated TCP SYN packets at a rate of 100 SYN packets per second using the hping utility ... The IP Time to Live (TTL) field for these forged TCP RST packets is consistently set to 255

    So, when new connection requests are issued at the rate of 100 per second, the first router is resetting some of those requests.

    The application is issuing new connection requests at a prodigious rate. The router determines that this is beyond the capacity for the router, or perhaps beyond some limit imposed on that router by the internal network. Or, perhaps, it is beyond a rate parameter that is used to detect DOS attacks.

    When such a limit is exceeded, there are a few reasonable responses for the router to choose from: It can drop random packets; It can drop random SYN packets; it can drop packets from the attacking host; or it can NAK/RST some of those SYN packets. All of those are legitimate router responses. The reset packets are not "forged". They are legitimate responses in the protocol. The primitive operation is called a "provider disconnect indication".

    I don't see any problem in the protocol here. And, I don't see any problem in the router behavior. The router is just protecting itself and the network from overload conditions. By selecting to disconnect calls from a host that is using far more resource than other hosts, it is just protecting the other hosts from a DOS attack by that first host.

    The title of the summary should be "Local routers defend agaist DOS attack".

    • They're not just sending RSTs. read teh whole article, you've got routers sending SYN/ACK packets as well, pretending to be the destination host... even when that host does not exist. That's the part that's forgery.
  • by Anonymous Coward on Monday April 07, 2008 @11:11AM (#22989806)
    I'm going to be an anonymous coward here because I don't want people emailing me and there is pending litigation that we have all but won. Waiting on settlement at this time.

    We sued comcast. What? How? Eh?!?

    Check your EULA that you signed when first getting service. If you are a business customer this REALLY affects you. Their "shaping" technology actually caused a shitload of false positives on a bunch of alarms. Our sent packets to security equipment wasn't always returned so we started to get a lot of "failure to connect". Well... a lot of what we manage are fall back systems that when they come online take over for other sites.

    Well... these different locations of hardware were not able to communicate correctly because they were identified as P2P. We use encrypted packets of random data to doubly ensure that it's authentic communication.

    This set off a chain of events as the shaping got worse and worse. Originally we thought it was our network code. We couldn't reproduce it and noticed our satellite connection didn't have this issue.

    Our amazing network engineers took 2 months to track down the issue and it was their shaping technology blocking or resetting our connections at almost a 90% success ratio. Now while we preferred having 24/7 connections to our equipment this was no longer possible unless we altered our code significantly.

    So we looked at our EULA and sure enough there was no mention of interception of data and packet shaping. In fact, our contract said they wouldn't do anything without notifying and getting our approval first.

    We sued. We won. Now we're waiting judgment for lost revenue, breaking of contract etc.

    I STRONGLY recommend every business out there who has remote equipment that does more than "ping" for responses and are having trouble to check your Agreement. Screw cancelling your subscription. Sue the pants off of them.

  • by hdmoore ( 1228676 ) on Monday April 07, 2008 @11:14AM (#22989844) Homepage
    A quick solution is to just drop the RST's coming back with a TTL of 255 (something > 250 would work fine too). Unless they are sending a reset to the destination host as well, this is a quick-fix for anyone with a Linux or BSD firewall. Similar to how the Chinese firewall can be evaded.
    • Re: (Score:3, Informative)

      by Furry Ice ( 136126 )
      If you'd read the article, you'd know that Comcast forges the three way handshake and then sends an RST. The real destination doesn't see any traffic at all. Dropping the RST would accomplish nothing.
  • by Animats ( 122034 ) on Monday April 07, 2008 @11:53AM (#22990410) Homepage

    In the early days of the Internet (by which I mean 1981-1983, not 1997) there were ICMP Source Quench messages. This provided a way for routers to say to an end node "Slow Down." Back when I was working on congestion control, I had our TCP implementation (a modified 3COM UNET; this was before Berkeley got into TCP) set to cut down the size of the congestion window when a Source Quench was received. I took the position that Source Quench messages should be sent before the packet-drop point was reached, so that a well-behaved TCP should never have a packet dropped for congestion reasons.

    This didn't catch on, though. There was concern that sending Source Quench messages would choke the network, since as the network congests, routers need to send more Source Quench messages. That sort of behavior creates an unstable condition. And coming up with a generally applicable Source Quench policy was hard. Eventually, ICMP Source Quench was deprecated.

    Without Source Quench, there's not much a router can say to an end node about congestion. A router can still send ICMP Destination Unreachable messages, though. What Comcast ought to be doing if they want to reject a connection is to send back ICMP Destination Unreachable, Code 13 (communication administratively prohibited). That's a legitimate action by a router, and it makes it clear who's complaining. Some firewalls will send such messages, so they're not unheard of; however, some NAT boxes don't translate them properly, so they may not reach home clients.

    But faking a TCP RST, or worse, sending an ACK for something that didn't reply at all, is just wrong.

  • by hansamurai ( 907719 ) <hansamurai@gmail.com> on Monday April 07, 2008 @11:58AM (#22990494) Homepage Journal
    I've been experiencing this for at least a week, exactly how the article described. I had no idea where to attribute the problem, thinking my router might be dying or something, but this is pretty clear now. I'm just glad that I'll be moving out of the Comcast area in the next few months. YAY!
  • by Jekler ( 626699 ) on Monday April 07, 2008 @12:09PM (#22990674)
    This crap has to come to a halt. Not just Comcast's antics, but ISPs in general. If an ISP is going to block ports, traffic shape, or otherwise impose restrictions on internet connections, they should be required to advertise those restrictions more prominently than the features of the service. It's not right to bury restrictions on page 30 of a TOS agreement. If you're going to advertise your service as 50 times faster than a dial-up connection or advertise "blazing speeds" and low prices, they should also be required to advertise their service's restrictions just as prominently or more so. The same thing goes for "unlimited bandwidth". If they're going to advertise unlimited bandwidth, they should never be able to cite excessive usage as a reason to cut someone off. Our world should not be run by marketing and PR people. "Liar" should not be a viable career path.
  • by scorp1us ( 235526 ) on Monday April 07, 2008 @12:55PM (#22991386) Journal
    As a FiOS user (and very satisfied, aside from the port 80 blocking) I don't really care, but as a former Comcast customer and for those of you that are locked into Comcast...

    Comcast has their own "Comcastic!" word for describing the Comccast experience. Why not turn it into a sarcastic meme of "fantasic!". Better yet, with specific application to losing bits.

    Examples:
    My Hard-drive crashed. Comcastic!
    We had a Comcastic terminator on this 10base-2 cable which was causing the problem.
    I sent they money, but western union got a bit Comcastic.
    Steven Hawking thinks black holes have Comcastic properties.
  • by SmoothTom ( 455688 ) <Tomas@TiJiL.org> on Monday April 07, 2008 @02:27PM (#22992356) Homepage
    I am an Earthlink high-speed subscriber with the "last mile" provided on Comcast Cable in the Seattle area.

    I rarely notice any long-term "problems" but I and the folks running a particular website (a low volume one at that) have been working trying to find the reason I CONSTANTLY get repeated resets trying to access their site (hosted on Digital River, a local competitor...)

    I don't get the resets on any other IPs, only others on Comcast get ANY, and the DR hosted site is NOT even seeing my requests.

    It looks like I may just have found the "problem" and it may be Comcast blocking my access even though I am not THEIR customer directly.

    Thing is, what in Hell can we do about it???

    --Tomas
  • by giafly ( 926567 ) on Tuesday April 08, 2008 @07:07AM (#22998772)

    A note regarding our findings: Further experiments have led us to believe that our initial conclusions that indicated Comcast's responsibility for dropping TCP SYN packets and forging TCP SYN, ACK and RST (reset) packets was incorrect. Our experiments were conducted from behind a network address translator (NAT). The anomalous packets were generated when the outbound TCP SYN packets exceeded the NAT's resources available in it's state table. In this case, TCP SYN, ACK and RST packets were sent. We would like to thank Don Bowman, Robb Topolski, Neal Krawetz, and Comcast engineers for bringing this to our attention. We sincerely apologize for any inconvenience that this posting may have caused.
    Broadband Network Management [colorado.edu]

After all is said and done, a hell of a lot more is said than done.

Working...