Comcast Blocks Web Browsing

An anonymous reader writes "A team of researchers have found that Comcast has quietly rolled out a new traffic-shaping method, which is interfering with web browsers in addition to p2p traffic. The smoking gun that documents this behavior are network traces collected from Comcast subscribers Internet connections. This evidence shows Comcast is forging packets and blocking connection attempts from web browsers. One has to hope this isn't the congestion management system they are touting as no longer targeting BitTorrent, which they are deploying in reaction to the recent FCC investigations."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Throttling

[porcupine8]

On my service provider's homepage, it takes a half an hour for me to just find the place to pay my bill, and it moves every couple of months. If such an option is available, I doubt anyone has ever actually found it to activate it! (Luckily, I don't have comcast, and am in a rare area with two cable providers, the OTHER of which is comcast, so I'm hoping RCN won't pull this crap because they actually could lose customers and are already second-place.)

Re:

[peragrin]

That really annoys me that the link to the pay online service changes every 3-4 months, and trying to find it from one of the thousands of versions of their homepage is ridiculous.

At least Time Warner isn't pulling that stuff yet. It wont' surprise if they start though. Of course I won't keep them long after that. I don't use P2P often but I do need to use it occasionally. for large files bit torrent is the best way to go.

Re:

[monkikuso]

Or just don't use comcast. Too much bull to deal with, if you ask me. Fios will be in my town by June, and that's the route I'm taking. For now, DSL works fine.

Re:

[aurispector]

Same here, except I have comcast now and cant wait to ditch them. A very simple solution would be to make throttling default, with some very easy way of turning it temporarily off. I'd be fine with this.

Re:

[epedersen]

I wish Fios was coming to my area any time soon, and DSL is not available. So unless I want to go with one of the wireless providers or dial-up Comcast is the only option.

FIOS availability

[BenEnglishAtHome]

Fios will be in my town by June,

How did you discover the FIOS rollout schedule for your location? I'm contemplating moving my household and I would definitely use the current/future availability of FIOS to help me choose my destination. However, I can't figure out where to look to find a map that says "This is where you can get it, this is where you can get it in 6 months, and this is where you're out of luck."

So how did you figure this out?

Re:FIOS availability

[sYkSh0n3]

Sound like me. My housing arrangements have been based around broadband availability since i moved out on my own. I probably have it as a slightly higher priority than is reasonable though.

"Oh, I can get 50MB/s broadband here? Of course I'd love to live under this bridge...on the train tracks....next to the paper mill...downwind of the sewage treatment plant."

Re:

[Kugrian]

Who needs a life if you can get decent broadband speeds. Maybe it's the ones who have a life that are the introverted IMers [slashdot.org]?

Re:

[SanityInAnarchy]

Well, it's not Verizon, but Lisco gave me a map [liscofiber.com] for my hometown. But I'm not sure how to do this for the general case.

Re:FIOS availability

[Anonymous Coward]

http://www.dslreports.com/gmaps [dslreports.com]

See the mash-ups menu for some FIOS info.

Re:FIOS availability

[ciscoguy01]

In Orange County, CA there are literally hundreds of boxes with AT&T on them being installed on the sides of streets. They are working on them continuously. I assume that is FIOS going in, and they are really working hard, it's *everywhere*.

After the way AT&T whined about the condition of their copper plant and how they couldn't give us DSL during the DSL rollout (because they were too cheap to fix it), this is a giant change. It may have to do with the UVERSE TV rollout I have been getting bill inserts about.

Course since it IS AT&T it will probably have too many problems and gotchas, and I will likely be trapped on DSL for the time being, since I have a grandfathered static IP.

Re:

[RzUpAnmsCwrds]

In Orange County, CA there are literally hundreds of boxes with AT&T on them being installed on the sides of streets. They are working on them continuously. I assume that is FIOS going in, and they are really working hard, it's *everywhere*.

The only problem with your assumption is that FIOS is Verizon, not AT&T.

Now, AT&T is deploying FTTP and FTTN, but it's not branded as "FIOS". Now if only Qwest would get their act together.

Re:FIOS availability

[It doesn't come easy]

Unfortunately, AT&T's "version" of FIOS isn't truly FIOS. They take fiber to the boxes you see them working on but from there to your house it is still the old copper. The result is essentially the same internet speed you see now. They may be able to essentially double the practical speed but there's no way they will ever be able to get to Verizon's 20mbps symmetrical service. And I also heard that AT&T will be reserving most of the added capacity for their HDTV channels (their technology sends up to 3 HDTV channels down the wire to your house at any given time -- and even then they have to reduce the quality in order to get three channels over the copper -- it also means you will not be able to watch/record more than three channels at the same time at any given time -- might be somehwat of a limit for large households). There's lots of technical details around AT&T's approach verses Verizon but sad to say AT&T's version is already obsolete and they haven't even gotten it out the door.

Re:FIOS availability

[LM741N]

If you want to find a neighborhood with FIOS, just follow their truck around until it stops somewhere. Thats how I found the Sunnyvale, CA post office.

Re:

[danielsfca2]

That's nice, be glad you're in Verizon territory. Unfortunately for those of use in AT&T territory, there will never be FTTH. They've said so. Why? Because they're the monopoly and they have no competition to fear, of course!

Here, it's your choice of Comcast (which is fast, but expensive, and apparently they're IN UR TCP STREAM, RESETTIN UR CONNECTIONS)... or crappy 1-2meg DSL which is cheap and slow.

Re:Throttling

[noc007]

No offense to you, but much offense intended towards all telcos, they shouldn't have squandered the $200,000,000,000 they made from the 1996 Telecommunications Act that was intended to bring FTTH. Be livid; Google one of the following:
"$200 billion" telecommunications scandal
"$200 billion" telecommunications rip-off

Re:Throttling

[danielsfca2]

Thank you for pointing that out.

They love to moan (especially ATT) about how they can't afford fiber, when the truth is they are too busy rubbing our billions of tax dollars all over their fat sweaty bodies.

"We already got paid, why should we invest in infrastructure?"

We need either a carrot or a stick for the telcos in this damn country. The carrot would have been making them ACTUALLY DO FTTH before giving them a big fat check. The stick would be forcing them to make good on it now or else face criminal charges of defrauding the US public, and/or fining them $200Bn.

Instead, we've chosen neither--to let them do whatever the hell they want, forever, with no consequences.

Re:Throttling

[electrictroy]

I love to hate on Corporations as much as the next guy, but there is such a thing as "truth" and integrity. The Telcos were not given $200 billion of taxpayer dollars. They were given tax breaks which allowed them to keep more of their money (in the same way I was given a ~$6000 standard deduction, which let me keep more of MY money).

They did not just sit on the money. They reinvested it in upgrades of other services such as:

- Rewiring analog lines with digital lines (cleaner phone calls/faster internet)
- Improving cell phone communications by upgrading to a digital network.
- Providing upgrades to DSL over standard lines.
- Not declaring bankruptcy during the 2000 dot-com collapse, because they had cash reserves to save them.

So the $200 billion was the *corporation's* money, not taxpayer money, and it was spent to upgrade many of the things we take for granted today (clean digital calls, ubiquitous cell availability, and high-speed DSL to the home). In my own area, I've seen my internet increase from 24 kbit/s on dirty analog lines to 53k on clean digital lines. I've seen cellphone costs drop from $60 a month to $5 a month so that even I can afford it, and in just the last few months, I got 3000k internet.

It would be dishonest of me to sit here and say the corporations have not done a damn thing since 1996.

I would be lying.

Re:Throttling

[timeOday]

The Telcos were not given $200 billion of taxpayer dollars. They were given tax breaks which allowed them to keep more of their money (in the same way I was given a ~$6000 standard deduction, which let me keep more of MY money).

A better analogy would be somebody who claims tax exemptions for children they don't have, or claims $20K of income when they actually made $100K. If they made a deal for the $200BN, and they welched on it and kept the money, that is a ripoff!!

People are so easily lead by spin! Remember when a few of the Katrina victims used their govt-issued debit cards for nonessentials and everybody freaked? Now the whole country is receiving a cash windfall of borrowed money from the govt. and nobody cares, because it's a "tax rebate" of "your" money - even if you didn't pay that much tax in the first place, and even though govt. services are still being provided! "Freedom isn't free so I don't mind sacrificing other people's lives for it, just don't tax my capital gains or my inheritance windfall!!!"

Monopolies, regulation, competition, and an idea

[Skapare]

Of course these providers have improved their services. The problem is they have not improved them quite as well as they could have. And a lot of the ways they are "improving" them focues on ways to extract more money out of the customers, rather than providing a service that increases the value to customers. Would you expect any less of a business motived exclusively by revenue growth?

One big problem is that these companies are sitting on "gold mines" that were established for them (or for the company they bought out) through exclusive monopolies on the infrastructure. Although they invested in this infrastructure, they benefitted from government guarantees of an exclusive regulated monopoly. Now, with most of the regulation lifted, they are using this infrastructure they "inherited" to gouge customers (as opposed to supplying a regulated service that would be sufficient to pay back the investment). At the same time, they know competitors are basically unable to overbuild, not because of any exclusivity, but merely because it doesn't make sense to invest in another infrastructure (because the new builder would know they could at best get 50% of the customer base).

IMHO, the people have a "lien" in that infrastructure because of having guaranteed the exclusivity in the past. That "lien" should be exercised in the form of maintaining a level of regulation on the infrastructure that permits fair, equal, and neutral use, as well as pricing that is fair and does not gouge consumers.

It's bad enough that we have such a poor service from companies like several cable companies and many telephone companies in terms of how the internet layer services are rendered over the infrastructure. If we had fair access to the infrastructure by other providers of internet layer service, then competition would at least allow someone that does a better job to offer services, if not encourage others to do better to keep customers happy.

Long ago, AT&T was broken up between local service and long distance service because at the time it was seen that long distance would be better provided through competition. This was in fact correct and it did improve long distance through better offerings, better pricing, etc. But the split wasn't quite right in terms of today's needs. What we need today for telephone and cable service is a split that separates the ownership and management of the infrastructure, and the companies that can offer services over that infrastructure. We are already seeing this point of split taking place in many areas for electrical power service. In many areas, people can contract to get their electric power from any of a number of power providers (some that actually generate power, and some that merely buy it on the generation market). This has opened up options we would not have otherwise even seen, such as greener [greenmountainenergy.com] power preferences.

What I propose is that governments in all areas support (even financially) the development of an all new fiber based infrustructure. Instead of this being a branched fiber structure like Verizon FiOS [wikipedia.org], this infrastructure install a minimum of 4 fibers from each home (maybe more for businesses) all the way to a central office connection facility. This infrastructure, including the central office facilities, will be owned by the local government (or liened or otherwise regulated by it), and operated in a fully fair and neutral way. The home owner/renter can then acquire services from any company prepared to connect service to them through one or more of these fiber circuits. Legacy/incumbent providers of information/entertainment service like Comcast, and telco service like Verizon, can make use of this by being one of these providers. They would be able to offer any services they want through that fiber connection (which is plenty sufficient for a huge amount of service on just 1 of the 4 fibers). They could even choose to subcontract

Re:Throttling

[Fulcrum of Evil]

So the $200 billion was the *corporation's* money, not taxpayer money, and it was spent to upgrade

No, since it was a tax break, it was taxpayer money. The fact that it stayed in the corporation's bucket instead of making a trip to the feds nad back again is irrelevant.

It would be dishonest of me to sit here and say the corporations have not done a damn thing since 1996.

Mostly, they've consolidated their position and worked to make competition impractical, preferrably illegal. Screw them - build FTTH, revoke their last mile right of way, and make them rent the service like anyone else who wants to.

Re:

[danielsfca2]

I concede your point that they were not given a handout, per se. I do however take issue with it being cut and dried that they should be allowed to keep all their profits while you and I, and most other companies do not have a similar entitlement. This is unfair to all other industries that DID have to pay all their taxes in those years.

Whatever the source of the money, they NETTED a huge windfall. The government took an action that made their bank account balances $Billions higher than those balances would

Re:

[AK Marc]

The Telcos were not given $200 billion of taxpayer dollars. They were given tax breaks which allowed them to keep more of their money (in the same way I was given a ~$6000 standard deduction, which let me keep more of MY money).

And if everyone on your street got the $6000 standard deduction and you didn't, that would be fair because the government can give them discounts on taxes beacuse it wasn't their money anyway, regardless of whether you had to pay more? If the government set up standards for all pe

Re:

[LunaticTippy]

I have cell service for $6.66/month. It even includes web access, but not a whole lot of minutes. I got mine through Virgin Mobile prepaid.

Re:

[electrictroy]

And while I'm being honest (which means I'll never get elected to Congress), I also want to debunk the myth that the United States is near-dead-last in terms of internet speeds. You often hear that the USA is somewhere around #20 overall, but that's not true. The U.S. is actually in the Top 5 overall..... the average American has a connection speed approximately equal to the average European:

Megabit/sec
1 93.7 Japan
2 43.3 Korea
3 11.8 Australia
4 9.1 European Union
5 8.7 United States
6 6.9 Canada
7 1.6 Mexico
8

Re:

[Qzukk]

http://www.infoworld.com/article/07/11/12/New-broadband-data-shows-the-US-is-still-behind_1.html [infoworld.com] seems to refer to those statistics... the funny thing is, according to that article: "Japan and South Korea had much higher speeds than in the U.S. The average advertised download speed in Japan was 93.7Mbps, while France and South Korea both had averages of more than 43Mbps. The average download speed in the U.S. in October was 8.9Mbps, while it was 10.6Mbps in the U.K. and 12.1Mbps in Australia", and "The U.S.

Re:Throttling

[Anonymous Coward]

Why should you or anyone opt out? If they can't give you the bandwidth they promise you in your contract - they shouldn't have advertised it as such in the first place.

Re:

[Anonymous Coward]

they shouldn't have advertised it as such in the first place.

I think you're confused as to what advertising is.

From Wikipedia: Advertising is a form of communication whose purpose is to lie and deceive potential customers into handing over money for a product or service. Tactics used in advertising include... flat out lies, false claims of superiority over competing products and/or services, meaningless awards and testimonials to improve the image of products and/or services, exaggerating capabilities of

Re:

[AftanGustur]

Why should you or anyone opt out? If they can't give you the bandwidth they promise you in your contract - they shouldn't have advertised it as such in the first place.

Oh, they give you the bandwidth all right. It's a properly working connection mechanism that isn't working.

What Comcast is doing is like a telephone company promising you free telephone calls, and then faking a busy tone when you try to use the service.

Re:

[Sleepy]

>Consumer ISP's don't promise bandwidth.

Weasel talk.

ISP's DO promise bandwidth speeds.
Are they the Service Level Agreements?

No, but if that's your point you're WAY off: using "no SLA" does not equate to "no guarantee"... lack of an SLA only means it's "undefined" what they will do in terms of CREDIT if there is service degradation.

Comcast is violating FTA, FCC and even USPS directives about false advertising.

Really all Comcast needs to do here is stop forging packets, and employ a REAL traffic shaper. Th

Comcast: we hate our customers

[Presto Vivace]

Does Comcast have a death wish? It sounds like something out of Dilbert.

Re:Comcast: we hate our customers

[dkleinsc]

Does Comcast have a death wish?

No, they have a monopoly and friendly government regulators.

Re:

[jmorris42]

> No, they have a monopoly and friendly government regulators.

Industries almost always end up with 'friendly government regulators.' Raise your objections to that truth all you want, they don't matter. Doesn't matter whether the regulators, current administration, general population, etc. is 'progressive' enough, etc. The industry being regulated has an intense interest and the general population doesn't. NO small band of activists can match the self interest of a powerful industry and there rarely mu

Re:

[Shakrai]

FIOS is obviously targeting the high end neighborhoods first. They are picking off all of the most profitable customers. People in those neighbors tend to be technically sophisticated so 80%+ of them switch to FIOS.

People in those neighborhoods also tend to be the types that will pay for triple play packages they probably don't need. Landline service, cable TV service with all the fixings and the fastest internet service they can afford. They are hugely profitable for the tel/cable-cos.

By contrast, I've never gotten priority treatment or pricing from either Time Warner or Verizon. Some people at Time Warner barely bothered to hide their contempt for me because I wouldn't let them talk me into buying cable servi

Re:

[hhawk]

I think most users have so little idea of what a connection should work like, that if a page doesn't load, they will simply hit reload a few times.

What seems interesting to me, is would this take away their common carrier status? If they blocked specific web sites or types of content, then I think it would, but if this is done randomly, then I would think it wouldn't.

What would be interesting is if they never blocked sites they owed, or sites from which they recieved fees from, etc.

I have no problem with ti

Re:Comcast: we hate our customers

[Frank T. Lofaro Jr.]

I have no problem with tiered pricing. Today it's often based on speed, but I what would be better is service level based on some packet metric. When I eat at a cheap buffet I don't mind that the food isn't at 4 star quality levels.

Would you mind that certain more costly foods at the buffet were laced with a chemical that would make you barf if you ate more of them than the buffet owner wanted you to eat, yet this was never disclosed and they said it was an all you can eat buffet - and then when called out on it they actually tried to defend it?

That is a better analogy.

Also, if you eat more than 100 items of food there in a month, you get banned for a year the first time, and banned for life the next time. That is like their "secret" 100 GB/month limit.

Use DSL, at least they actually get the bandwidth they advertise. Where I'm at, Embarq has always given at least the promised speed, and none of the crap some of the cable companies have been pulling.

Re:Comcast: we hate our customers

[Em Adespoton]

Contrary to popular belief, internet service providers don't have common carrier status. Only Voice-over-POTS has common carrier status. If Verizon handles your voice and DSL, they only have common carrier on the voice... and only if they're not using FiOS. VoIP doesn't have common carrier protection either (at the IP level).

Re:Comcast: we hate our customers

[thrillseeker]

Comcast does not have common carrier status, nor do they want it.

Then it's an excellent opportunity then for some do gooder to bring a class action against them for not actively preventing access to illegal content - think of the children.

Maybe they want it after all.

Re:Comcast: we hate our customers

[scorp1us]

It is really not a death wish. Look at what is happening: Comcast is making the connection suck even more for p2p users, meaning that they will defect and become someone else's problem. This then puts strain on the other provider, and leaves Comcast with a light-duty network. Look, p2p users, Comcast doesn't want you. They don't want your business. I have a theory on why they are taking a hard-line (npi) approach... It is interesting to note that the shared trunk infrastructure used by Comcast is extremely sensitive to overloading, and the best example of this is p2p applications, because a few users can tie up the whole trunk. You are basically using a broadcast medium, rather than a switched medium. The numbers of non-p2p users at present (as estimated by Comcast's actions) would seem to suggest that it is much more valuable for them to have the offenders leave rather than be customers. There is probably a factor of 1 p2p user for every 10 users. If it takes 10 p2p users to tie up a trunk, then these p2p users are worth 9 subscribers each (100-10=90)

It makes sense to me.

Re:

[Firehed]

Not that I'm siding with the ISPs, but what good is throttling their users if the users can just disable it?

Re:Throttling

[value_added]

Throttling wouldn't be so bad if you could just opt out of it.

Indeed. If we were talking about throttling.

Which we're not.

If the article didn't make that clear, this wiki link [wikipedia.org] might help.

Re:Throttling

[JustinOpinion]

The ISP providing my home Internet connection throttles your performance by default, but if you visit one their website, you can change the settings to unthrottled

Wow... so you have to explicitly opt-in to receive the service that you paid for? You have to know about this throttling, visit a specific page, and flip a switch, in order to get non-degraded service. Is that even legal?

The fact that ISPs are doing this is scary. The fact that customers accept it is also scary.

The ISP figures most people aren't going to bother changing their settings, but the people who really love file-sharing are still free to do so.

Which seems kind of strange. The "problem users" are those savvy ones who transmit tons of data, who are the same ones who will probably change this setting. What's the point in throttling the non-savvy users who just do light web-browsing anyway?

Re:

[element-o.p.]

P2P != "savvy users" in all cases.

Case in point: I visited my aunt and uncle a few years ago. While I was there my uncle asked me to find out why their 280K DSL was so slow. A speed test showed they were getting 80K, and a quick check of Task Manager showed KaZaA was running. Turns out their 14 year old daughter was file sharing. While she was savvy enough to use P2P apps, she really doesn't know squat about networking or broadband technologies. To her, computers and the Internet are an ap

Re:Throttling

[stinerman]

The fact that customers accept it is also scary.

Customers don't accept it because they don't understand the first thing about how communications networks work.

The fact that there is nowhere near perfect information and that last mile access is usually a natural monopoly (if not a statutory one) in most places, the free market will not work as advertised.

Re:

[TooMuchToDo]

Perhaps the problem was that you were rooming with assholes?

You CAN opt out

[Anonymous Coward]

Just use gopher.

Are you serious?

[koh]

How come they still have customers? Are they a de facto monopoly? Where are the class action lawsuits and the antitrust regulations then?

Comment removed

[account_deleted]

Comment removed based on user account deletion

For the low low price of...

[Tmack]

Because the people are saving with their $99 for Internet/phone/cable deal!!!! Bundle and save today!!!!!!

* for the first 6 months, then only $199.99 each month thereafter

Besides their apparent sadism by implementing filters and such (same RIAA/SCO business model, just change "Sue customers" to "prevent from using what they paid for"), Their advertised offers always have very tiny fine print, hidden in the margins and borders of the mass mailings, mentioning that oh yeh, the price quoted above in the bold 1000pt font is good only for a couple months before we double or triple it, and you are still locked in t

Re:

[esocid]

Yes.

I unfortunately have them because they have a contract with the city I live in and no one else has any lines near me. I checked for FiOS but it isn't available yet either. It was almost as bad as when I lived in an apartment complex that had a deal with NTC, which I believe is illegal now, which forced me to pay for their service. Looking back on it, I wish I could get NTC over Comcast.

Re:Are you serious?

[j_166]

"Are they a de facto monopoly?"

In my town they are. Oh, excuse me. They are "Franchised" by the township. Huge difference, apparently. Not in practice though.

Re:Are you serious?

[LoudNoiseElitist]

I find it interesting that more people don't realize this. I'm tired of getting "USE SOMEONE ELSE" every time this issue comes up, and people simply do not realize that MANY smaller cities are literally stuck with Comcast until sometime towards the end of the second coming. It was great when it was the only way my city could even get cable 30 years ago, but now it's a mess, and Comcast is raping us for it.

Re:

[Miseph]

Which makes it a "smaller city". In my experience, people from cities like Los Angeles or New York just assume that everyone else does too, and that if they don't they're a) some kind of freak and b) have all the same problems and options. I'm pretty sure that there are many, many /.ers out there who simply can't comprehend the fact that most Americans have absolutely no choice in who provides their broadband.

Re:

[N1ck0]

In most areas Comcast has an exclusive franchise agreement with the city/township. If you are in a major metropolitan area you have a good chance of being served by several cable companies, but many times it still matters on exactly what street/building you are on.

The franchise setup is not considered a monopoly by the government because:

a) it was accepted by the local government (and supposedly by the people). The down side is many of these contracts are long term and were originally with smaller

Re:Are you serious?

[Yurka]

People who, when reading "forged packets", do not form a picture of counterfeit plastic bags in their heads are a small, albeit vocal minority. Comcast seems to have found the way to kick them off of its customer rolls by self-selection (the more /. stories stoking the outrage, the better), thereby only retaining the sheep. Good business plan, as I see it. Bully for them. The antitrust and legal issues can be sorted out, I would assume, by changing some verbiage in the customer agreement and allowing some sort of so-called oversight from the benevolent government.

Re:

[berashith]

I am still a customer, not happily though. I am 4 meters too far for DSL, and the satelite and cell tower options aren't so hot. In general I do get decent bandwidth, but I will have to go check out this new behavior.

Most of the stuff they are doing does not effect me, thankfully. I have seen them destroy my BT traffic on the few occasions that I have tried it. That was well before the publicity, and I just blamed the protocol at the time. Now I know...

My options are dial-up (slow than throttled cable modem

How is this a bad thing?

[KingSkippus]

We synthetically generated TCP SYN packets at a rate of 100 SYN packets per second using the hping utility...In this section, we present our network traces that show the network behavior while the TCP SYN packets are being sent. All traces were collected during peak usage hours (7-9pm local time).

Okay, I'm not specifically a network engineer, but I like to think that I'm not network stupid. To me, this would sound suspiciously like someone trying to perform a denial of service attack.

Now, I can understand being irritated at forged packets coming back as a result, but at the same time, isn't it reasonable to expect Comcast to do something to shut down connections coming from this host? Frankly, I'm a little surprised that Comcast didn't shut off the connection altogether.

Am I missing something?

Re:How is this a bad thing?

[cait56]

An ISP *dropping* packets that are in excess of the contracted
service is perfectly acceptable.

Comcast is *forging* packets, effectively claiming that the
destination does not want to talk with you rather than admitting
that it is Comcast that does not want to support this connection.

Re:Are you serious?

[quanticle]

Comcast, in many locations, is not just a de-facto monopoly, they are a de-jure monopoly. Comcast negotiates with municipalities to be the sole cable provider to community. The best situation in many of these cases is a duopoly between Comcast and the local Baby Bell. Often, for many regions, Comcast is the sole broadband provider, since the residents are too far away from the CO for DSL.

Re:

[not_anne]

In the city I live in (Sacramento, CA) there four large cable companies: Charter, SureWest, Frontier, and Comcast. All four have franchise agreements with the city. There are a few smaller cable companies too, but I don't remember their names offhand.

Cable franchise agreements are controlled by the municipality, not the company. This agreement allows a company (under strict guidelines) to do business in the municipality. If your municipality chooses to allow only one cable company to do business there, blam

Re:Are you serious?

[Rakishi]

They're probably a government mandated monopoly in many places which isn't a horrible system per say. The problem is that the government is doing jack shit to uphold it's end of the bargain which is to keep comcast in check. A company given an artificial monopoly will abuse it, directly or indirectly, and if you give a company a monopoly then you better also take the effort to keep them in check.

I have heard, for example, that roadrunner in NYC needs to provide satisfactory service to customers due to it being a government created monopoly. Sure they won't mention this but I have heard of at least one person making enough noise (ie: contacting every politician within 50 miles, among other things) to have roadrunner cave in (well first they begged him to switch to dsl then they caved in).

Re:Are you serious?

[99BottlesOfBeerInMyF]

How come they still have customers?

Their service is terrible and unreliable and they treat their customers like shit. This makes them a slightly better option than the local phone company.

Are they a de facto monopoly?

No. They are part of a government enforced duopoly. In most locations in the US only three companies have the legal right to use the right of ways that allow them to connect a line to your house. These companies are given an exclusive contract in most cases. They are:

• The local power distribution monopoly. (Usually they stick to power but in a few cases they've started to roll out internet access over the power lines. The absurdity of such a plan speaks to how terrible the other options for internet in the U.S. are.
• The local Cable company - provides cable TV and has expanded to internet access and phone service. In many places they are the only option for high speed internet. Right now I'm paying about $50/month for internet access from them and it comes with "free" cable TV. Of course it isn't free. In fact, internet without cable TV costs $60/month from them.
• The local phone company - they have less coverage and the cheapest high speed DSL line I can get from them is $80 and comes with "free" local phone use. The phone company is the longest standing antitrust abuser and they treat all their customers like crap. Besides being more expensive they want you to give them all your personal information on a web form, just to see if they will provide service in your area. When I tried it, the Web form was broken and only worked in IE for Windows. Calling one the phone got me 20 minutes of muzac and then transferred to several people before anyone knew what DSL was.

In short, internet access options in most of the US sucks. We've already paid more per person in tax subsidies to the network providers than many other countries. Sweden, for example has slightly less population density and had a huge embezzling scandal in their national internet drive. They paid half as much per person as people in the US, have on average ten times faster connections, better uptime, and pay about half as much per month as US citizens.

The phone companies and the cable companies have lobbyists who legally bribe our politicians with campaign contributions. As a result, the good of the people isn't even considered. It is just a battle of whether a given law will give money to the cable company or the phone company. Either way citizens get the shaft.

Where are the class action lawsuits...

There are numerous ones making their slow progress through the courts, usually to end in a private settlement. One might actually go through sometime this decade, but the politicians has also been working on passing laws to grant retroactive immunity to network operators for malicious, illegal abuses under the guise of national security. There is little hope.

...and the antitrust regulations then?

The antitrust regulators are appointed by the executive branch. Both candidate's parties in the last two elections received huge donations from hundreds of private companies and for some reason antitrust regulators i the US show little or no interest in prosecuting even blatant antitrust abuses. (In the case of Microsoft, they had already been convicted and the new appointees, changed the punishment from being broken up, to a small fine and a pat on the back.)

Damn...

[Starturtle]

...I wanted to have First Post but I had to find an available proxy to get through my ISP's traffic shaping technology

UK ISPs do this all the time

[Anonymous Coward]

Eclipse in the UK, since taken over by Kingston Communications, will packet shape you so hard, that even if only downloading a linux iso from p2p at 33kbps,they will disrupt all your connections, such that web browsing becomes a pre broadband experience. Don't use p2p and all plays nice again.

so nothing new in this here in the UK

Thankyou Comcast.

[Anonymous Coward]

When ISPs were just targetting the minority of users who use P2P (and then under the excuse of stopping piracy/ thinking of the children/ protecting us from terrrists) there would never be enough backlash from their users to stop this kind of abuse.

However if they start screwing with http, then suddenly every Joe Sixpack will be up in arms about traffic shaping, and maybe the pressure will be sufficient to actually bring about some change.

My sincere thanks, Comcast, for bringing this issue into the mainstream.

Let me be the first to say

[rmdir -r *]

NOT COMCASTIC

Re:

[Mr. Underbridge]

It's Comcraptic.

I'm not sure it's all bad...

[iceT]

Responding on behalf of hosts that don't (aren't supposed to) exist isn't necessarily a bad thing. It can save on the 45 second timeout for customers, and can help keep FW state tables smaller.

That being said.. spoofing addresses to return RST commands and etc. just SUCKS.

I wish DSL providers would improve their coverage. Many people don't have a choice of anything BUT Comcrap.

Read the featured article

[AndGodSed]

1. It is a darn good read. Concise, short and to the point.
2. They are using firefox.
3. The Slashdot headline is not completely accurate.

The /. headline had me thinking one thing - but reading the article clarified my one knee jerk reaction: "You cannot browse the web - at all!?"

Reading the article I got the idea that is not exactly the case...

Re:Read the featured article

[Lyrael]

Ah, you must be new here. All *I* got from reading the /. headline was 'Comcast are evil, fire insults at will.'

It's not interfering with my browser or bittorrent

[iamacat]

I am getting torrent speeds around 200K/second. Is filtering specific to some region or bittorrent client? Does Mac TCP stack confuse it in some way? It seems to me that they face a mass exodus of customers to AT&T if they really break torrents for everyone.

Cancel

[Badbone]

Im tired of Comcast pulling stunts like this too. So today I did something about it. I cancelled my Comcast service. Completely cancelled. And when I called to cancel, I let them know exactly why.

Granted, the person on the other end of the phone doesnt know or care about such issues as net neutrality. But she did ask why I was cancelling, and she did type in my response. So hopefully someone down the line will read it. But even if they dont, at least I know that my money will not be going to a company I despise.

Re:

[Gothmolly]

Don't worry, they won't read it.

Re:Cancel

[Mr. Underbridge]

Granted, the person on the other end of the phone doesnt know or care about such issues as net neutrality. But she did ask why I was cancelling, and she did type in my response. So hopefully someone down the line will read it.

Someone will probably read it. Here's your problem though - what she typed is probably something like this:

Reason for cancelling: Customer is a jackass

You can't bust through the customer service morass when you're dealing with people making $10/hour who have been strategically placed by their employer as a defense between you and anyone who could actually solve your problem.

I had problems Saturday

[weave]

I couldn't get to *some* of the hosts at the College I work at around 7am Saturday morning (EDT). Some were fine. That's for ssh, http, https, and even vpn. I could ping all the hosts and ping could get through, but no tcp connections I tried. I tried going the opposite direction from those hosts later back to my linux box via ssh at home and couldn't get through either. The at 2pm eastern everything just started to work again.

IP2Location

[Comboman]

Any ideas how to determine ISP from IP?

The company IP2Location [ip2location.com] will determine not only the geographic location of your visitors, but also their ISP.

Never noticed

[jgarra23]

I upload & download tons on Comcast's network. OTOH I don't pirate software or music. Really, I make heavy use of the bandwidth given me (routine full load) and I've never received any of these notices, any sort of throttling or anything else. Is there a site with all the assumed proff of all this Comcast badness going on that I can look at?

I'd be impressed if the loudest complainers weren't some sort of thieving pirate.

They are still forging packets

[corsec67]

The biggest objection to what Comcast was doing was that they were generating reset packets that didn't originate with either host.

Now, this article seems to say that they will generate reset packets for hosts that don't even exist on the internet. This may be a kind of throttling, but it is sill FORGERY, and shouldn't be allowed at all.

Did I call it or what?

[Ossifer]

To me it seemed rather obvious: http://slashdot.org/comments.pl?sid=501572&cid=22882416 [slashdot.org]

comcast charges for opting out

[poptart]

This is a bit off-topic, but it does have to do with comcast.

Last month I called comcast to tell them I did not want to be called, mailed, or emailed by them or any of their 'partners'. I called in response to a mailing from comcast that provided a phone number for opting out. FWIW, I have been receiving junk mail (post and electronic) from comcast encouraging me to get internet service from them, despite the fact that I have been a comcast internet customer since it was RCN.

Yesterday I received my monthly comcast bill, and on the bill was a $1.99 charge for "change of service". I called comcast, since I recalled making no changes to my service in the past decade. The telephone operator said "that charge is for when you called to opt-out of the comcast and partner mailings". She quickly followed with "we can remove that charge with a credit to your next statement".

Sigh.

$1.99 is not much, and almost not worth the time calling about it. But the attitudes and practices behind the fee are what get my goat.

Re:comcast charges for opting out

[Ossifer]

By the way, that $1.99 credit to your account constitutes a "change of service"...

Re:

[fm6]

Better get used to having your goat got. The practice of tacking silly little fees onto monthly bills seems to be common practice. Started with credit card companies, but now it seems to be spreading. Sometimes they don't even have an excuse like "service change". Just throw a "field upgrade fee" or "klatu barata nikto charge" on the bill, reverse for the 10% of customers who bother to complain, and presto! another $1 million to your bottom line.

I wonder...

[richardtallent]

I wonder what Comcast's network would look like if they spent as much money improving bandwidth as they apparently do "shaping" (damaging) the traffic already on their wires.

Isn't 100 syn packets a second a bit abnormal?

[InsaneGeek]

Sending 100 syn packets per second to an invalid internet address... that would seem like a big red someone stupid is trying (or testing) a DOS syn attack flag to any ISP worth their salt. They basically were trying to create 100 outbound connection attempts per second for an extended period of time, I would be more annoyed if the ISP didn't catch something like that, only need a few hosts to build up a nice syn attack and overrun someone's tcp stack.

The methodology looks suspect

[berashith]

please someone correct me, but this appears like comcast is knocking down SYN floods. If this is the case, it is a good thing. In fact, if they stopped all connections both ways to some tool who is slamming the network with a bunch of crap at peak time for a limited time on each offense, wouldn't that be a good thing ?

Re:

[hxnwix]

On a charter cable connection in St. Louis, I find that my download speeds are dependent on the upstream speed of the peer on the other side of the connection. When I grab stuff from good mirrors, I am accustomed to seeing a steady 6 megabits, regardless of time of day. To my knowledge, charter performs no shaping nor reset forgery.

So, essentially, comcast sucks so hard that they have to break their network to save it. They're fucked; find a new ISP.

Television

[Dancindan84]

Just wait till they do the same thing with TV/phone: Hundreds of channels* Free unlimited long distance** *If you watch your TV more than 20 hours a month we'll cut you off **As long as you don't place a lot of really long distance calls. Then we'll throttle them so you only get every 3rd word

Local routers defend agaist DOS attack

[natoochtoniket]

We synthetically generated TCP SYN packets at a rate of 100 SYN packets per second using the hping utility ... The IP Time to Live (TTL) field for these forged TCP RST packets is consistently set to 255

So, when new connection requests are issued at the rate of 100 per second, the first router is resetting some of those requests.

The application is issuing new connection requests at a prodigious rate. The router determines that this is beyond the capacity for the router, or perhaps beyond some limit imposed on that router by the internal network. Or, perhaps, it is beyond a rate parameter that is used to detect DOS attacks.

When such a limit is exceeded, there are a few reasonable responses for the router to choose from: It can drop random packets; It can drop random SYN packets; it can drop packets from the attacking host; or it can NAK/RST some of those SYN packets. All of those are legitimate router responses. The reset packets are not "forged". They are legitimate responses in the protocol. The primitive operation is called a "provider disconnect indication".

I don't see any problem in the protocol here. And, I don't see any problem in the router behavior. The router is just protecting itself and the network from overload conditions. By selecting to disconnect calls from a host that is using far more resource than other hosts, it is just protecting the other hosts from a DOS attack by that first host.

The title of the summary should be "Local routers defend agaist DOS attack".

They're not just sending RSTs

[argent]

They're not just sending RSTs. read teh whole article, you've got routers sending SYN/ACK packets as well, pretending to be the destination host... even when that host does not exist. That's the part that's forgery.

Re:

[natoochtoniket]

Read RFC 4987, "TCP SYN Flooding Attacks and Common Mitigation"

How to truly beat comcast.

[Anonymous Coward]

I'm going to be an anonymous coward here because I don't want people emailing me and there is pending litigation that we have all but won. Waiting on settlement at this time.

We sued comcast. What? How? Eh?!?

Check your EULA that you signed when first getting service. If you are a business customer this REALLY affects you. Their "shaping" technology actually caused a shitload of false positives on a bunch of alarms. Our sent packets to security equipment wasn't always returned so we started to get a lot of "failure to connect". Well... a lot of what we manage are fall back systems that when they come online take over for other sites.

Well... these different locations of hardware were not able to communicate correctly because they were identified as P2P. We use encrypted packets of random data to doubly ensure that it's authentic communication.

This set off a chain of events as the shaping got worse and worse. Originally we thought it was our network code. We couldn't reproduce it and noticed our satellite connection didn't have this issue.

Our amazing network engineers took 2 months to track down the issue and it was their shaping technology blocking or resetting our connections at almost a 90% success ratio. Now while we preferred having 24/7 connections to our equipment this was no longer possible unless we altered our code significantly.

So we looked at our EULA and sure enough there was no mention of interception of data and packet shaping. In fact, our contract said they wouldn't do anything without notifying and getting our approval first.

We sued. We won. Now we're waiting judgment for lost revenue, breaking of contract etc.

I STRONGLY recommend every business out there who has remote equipment that does more than "ping" for responses and are having trouble to check your Agreement. Screw cancelling your subscription. Sue the pants off of them.

Drop all packets with TTL 254. Duh.

[hdmoore]

A quick solution is to just drop the RST's coming back with a TTL of 255 (something > 250 would work fine too). Unless they are sending a reset to the destination host as well, this is a quick-fix for anyone with a Linux or BSD firewall. Similar to how the Chinese firewall can be evaded.

Re:

[Furry Ice]

If you'd read the article, you'd know that Comcast forges the three way handshake and then sends an RST. The real destination doesn't see any traffic at all. Dropping the RST would accomplish nothing.

We should have kept ICMP Source Quench

[Animats]

In the early days of the Internet (by which I mean 1981-1983, not 1997) there were ICMP Source Quench messages. This provided a way for routers to say to an end node "Slow Down." Back when I was working on congestion control, I had our TCP implementation (a modified 3COM UNET; this was before Berkeley got into TCP) set to cut down the size of the congestion window when a Source Quench was received. I took the position that Source Quench messages should be sent before the packet-drop point was reached, so that a well-behaved TCP should never have a packet dropped for congestion reasons.

This didn't catch on, though. There was concern that sending Source Quench messages would choke the network, since as the network congests, routers need to send more Source Quench messages. That sort of behavior creates an unstable condition. And coming up with a generally applicable Source Quench policy was hard. Eventually, ICMP Source Quench was deprecated.

Without Source Quench, there's not much a router can say to an end node about congestion. A router can still send ICMP Destination Unreachable messages, though. What Comcast ought to be doing if they want to reject a connection is to send back ICMP Destination Unreachable, Code 13 (communication administratively prohibited). That's a legitimate action by a router, and it makes it clear who's complaining. Some firewalls will send such messages, so they're not unheard of; however, some NAT boxes don't translate them properly, so they may not reach home clients.

But faking a TCP RST, or worse, sending an ACK for something that didn't reply at all, is just wrong.

I've been experiencing this

[hansamurai]

I've been experiencing this for at least a week, exactly how the article described. I had no idea where to attribute the problem, thinking my router might be dying or something, but this is pretty clear now. I'm just glad that I'll be moving out of the Comcast area in the next few months. YAY!

Misleading Advertising

[Jekler]

This crap has to come to a halt. Not just Comcast's antics, but ISPs in general. If an ISP is going to block ports, traffic shape, or otherwise impose restrictions on internet connections, they should be required to advertise those restrictions more prominently than the features of the service. It's not right to bury restrictions on page 30 of a TOS agreement. If you're going to advertise your service as 50 times faster than a dial-up connection or advertise "blazing speeds" and low prices, they should also be required to advertise their service's restrictions just as prominently or more so. The same thing goes for "unlimited bandwidth". If they're going to advertise unlimited bandwidth, they should never be able to cite excessive usage as a reason to cut someone off. Our world should not be run by marketing and PR people. "Liar" should not be a viable career path.

Lets redefine Comcastic!

[scorp1us]

As a FiOS user (and very satisfied, aside from the port 80 blocking) I don't really care, but as a former Comcast customer and for those of you that are locked into Comcast...

Comcast has their own "Comcastic!" word for describing the Comccast experience. Why not turn it into a sarcastic meme of "fantasic!". Better yet, with specific application to losing bits.

Examples:
My Hard-drive crashed. Comcastic!
We had a Comcastic terminator on this 10base-2 cable which was causing the problem.
I sent they money, but western union got a bit Comcastic.
Steven Hawking thinks black holes have Comcastic properties.

Earthlink on Comcast cable resets

[SmoothTom]

I am an Earthlink high-speed subscriber with the "last mile" provided on Comcast Cable in the Seattle area.

I rarely notice any long-term "problems" but I and the folks running a particular website (a low volume one at that) have been working trying to find the reason I CONSTANTLY get repeated resets trying to access their site (hosted on Digital River, a local competitor...)

I don't get the resets on any other IPs, only others on Comcast get ANY, and the DR hosted site is NOT even seeing my requests.

It looks like I may just have found the "problem" and it may be Comcast blocking my access even though I am not THEIR customer directly.

Thing is, what in Hell can we do about it???

--Tomas

TFA now shows this apology

[giafly]

A note regarding our findings: Further experiments have led us to believe that our initial conclusions that indicated Comcast's responsibility for dropping TCP SYN packets and forging TCP SYN, ACK and RST (reset) packets was incorrect. Our experiments were conducted from behind a network address translator (NAT). The anomalous packets were generated when the outbound TCP SYN packets exceeded the NAT's resources available in it's state table. In this case, TCP SYN, ACK and RST packets were sent. We would like to thank Don Bowman, Robb Topolski, Neal Krawetz, and Comcast engineers for bringing this to our attention. We sincerely apologize for any inconvenience that this posting may have caused.

Broadband Network Management [colorado.edu]