The Other, Other Ted
It would be nice to see this here:
Comcast to face lawsuits over BitTorrent filtering
Posted by Chris Soghoian
October 23, 2007 5:37 AM PDT
Law, Security
The blogosphere is abuzz over an Associated Press investigative article this past Friday on the subject of Comcast's BitTorrent filtering. Briefly, there were a number of articles in early September which alleged that Comcast was using some fairly sneaky techniques to throttle BitTorrent traffic on its network. Comcast, of course, denied any such behavior. It took a month and a half, but both a mainstream media news organization as well as the Electronic Frontier Foundation have tested and confirmed the previously reported claims. It turns out that Comcast is not only throttling BitTorrent, but Gnutella and, strangely, Lotus Notes are also suffering.
Comcast's PR people gave me the following statement on Monday: "Comcast does not block access to any Web sites or online applications, including peer-to-peer services like BitTorrent...We have a responsibility to provide all of our customers with a good Internet experience and we use the latest technologies to manage our network so that they can continue to enjoy these applications." I was also able to interview a Comcast Internet executive who would only speak on background. He bobbed and weaved, sticking to his talking points, yet a few things were clear: he would not deny that the company was sending out TCP RST packets, but stated that if it were being done, it was at a "low level" where average users would not see it.
When your ISP receives a spam e-mail, and deletes it without delivering the message to your in-box, it is blocking access to your in-box. (This is a good thing.) When you install a firewall on your home computer and someone else tries to connect to you from another network, your firewall software "blocks access" to that other party. The packets attempting to initiate a connection to your machine will either be silently dropped onto the floor, or in some cases, a rejection message will be sent back to the session initiator telling them that their connection attempt was refused.
Comcast LolCat
(Credit: Comcast and LolCat Buildr)
If Comcast deployed networkwide firewall rules that would drop any BitTorrent packets that came in and out of its network, Comcast would be "blocking access." However, it is not doing this. Primarily, because if it did so, the BitTorrent downloads of its customers would fail, and thousands of users would complain. Instead, Comcast is attempting to only target the sharing or uploading portions of BitTorrent, which are not nearly so noticeable for end users. Comcast will still see a significant drop in network traffic by targeting uploads, but is far less likely to suffer the wrath of its users.
So what is Comcast doing? It is letting BitTorrent traffic flow across its network, and thus is not technically "blocking" anything. Instead, it is forging TCP reset packets that are misleadingingly labeled as being sent by one of the two ends of the BitTorrent connection. That is, Comcast is masquerading as its customers, and sending out data with false sender information. When the BitTorrent clients receive the false reset packets, they themselves terminate the connection, as they think the other host has told them to go away. Thus, through sneaky techniques and network-level false statements, Comcast is able to trick users' software into terminating their own transfers.
Interestingly enough, were Comcast applying this same technique to e-mail, and falsifying the header information of e-mail messages, it would soon find itself violating the Can-Spam Act. That law states that "Whoever...materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages...shall be punished...with a fine...or imprisonment for not more than one year."
As for the idea that Comcast is using the "latest technologies" to manage its network--hogwash. The concept of forging TCP reset packets is at least 10 years old, if not older. Purdue professor Gene Spafford and a number of his graduate students developed a "synkill" system to defeat SYN flood attacks that used the very same technique, back in 1996.
Full Article Here