New traffic shaping can disrupt a Comcast Internet connection (Comcast strikes again)

University of Colorado at Boulder ^ | Broadband Network Management

[dickmc]

New traffic shaping can disrupt a Comcast Internet connection

Recently, it has been observed that Comcast is disrupting TCP connections using forged TCP reset (RST) packets [1]. These reset packets were originally targeted at TCP connections associated with the BitTorrent file-sharing protocol.

[dickmc]

However, Comcast has stated that they are transitioning to a more "protocol neutral" traffic shaping approach [2]. We have recently observed this shift in policy, and have collected network traffic traces to demonstrate the behavior of their traffic shaping. In particular, we are able (during peak usage times) to synthetically generate a relatively large number of TCP reset packets aimed at any new TCP connection regardless of the application-level protocol. Surprisingly, this traffic shaping even disrupts normal web browsing and e-mail applications. Specifically, we observe two different types of packet forgery and packets being discarded.

Data collection methodology

We synthetically generated TCP SYN packets at a rate of 100 SYN packets per second using the hping utility [3]. The packets were destined for the reserved IP address 2.2.2.2, on which no host is present. We simultaneously collect network traces using tcpdump [4]. This data collection process was repeated at various times throughout multiple days. In addition, we could monitor a destination host to determine if outgoing packets reached their destination, and to determine if responses are generated by the destination host or by a third-party. Finally, this data collection was conducted from multiple Comcast accounts, all within close geographical proximity.

Analysis of network traces

In this section, we present our network traces that show the network behavior while the TCP SYN packets are being sent. All traces were collected during peak usage hours (7-9pm local time). The first trace demonstrates an HTTP (web) connection being established, and subsequently being reset. The IP Time to Live (TTL) field for these forged TCP RST packets is consistently set to 255 (indicating that the forged RST packets are originating on one of the local Comcast links).....analysis in original article via link....

Implications

Although the traces given above were generated synthetically, it is possible to produce the TCP reset packet flood using peer-to-peer applications such as BitTorrent. Users may find it extremely difficult to establish new TCP connections while using any application that has a relatively high rate of TCP connection establishment on a Comcast link. For instance, the Firefox browser will give the following error message when an HTTP connection is reset:

********************************************************************

According to this Slashdot thread one company has already successully sued Comcast over this kind of thing.

I'm going to be an anonymous coward here because I don't want people emailing me and there is pending litigation that we have all but won. Waiting on settlement at this time.

We sued comcast. What? How? Eh?!?

Check your EULA that you signed when first getting service. If you are a business customer this REALLY affects you. Their "shaping" technology actually caused a shitload of false positives on a bunch of alarms. Our sent packets to security equipment wasn't always returned so we started to get a lot of "failure to connect". Well... a lot of what we manage are fall back systems that when they come online take over for other sites.

Well... these different locations of hardware were not able to communicate correctly because they were identified as P2P. We use encrypted packets of random data to doubly ensure that it's authentic communication.

This set off a chain of events as the shaping got worse and worse. Originally we thought it was our network code. We couldn't reproduce it and noticed our satellite connection didn't have this issue.

Our amazing network engineers took 2 months to track down the issue and it was their shaping technology blocking or resetting our connections at almost a 90% success ratio. Now while we preferred having 24/7 connections to our equipment this was no longer possible unless we altered our code significantly.

So we looked at our EULA and sure enough there was no mention of interception of data and packet shaping. In fact, our contract said they wouldn't do anything without notifying and getting our approval first.

We sued. We won. Now we're waiting judgment for lost revenue, breaking of contract etc.

I STRONGLY recommend every business out there who has remote equipment that does more than "ping" for responses and are having trouble to check your Agreement. Screw cancelling your subscription. Sue the pants off of them.

[jdm]

Using BitTorrent with Comcast is a massive pain, I’ve heard.

[mysterio]

Comcast just bought my local internet company, so I guess I can look forward to their BS. Hopefully they will get sued a couple times and reverse this idiocy.

[theFIRMbss]

>Sue the pants off of them

Even if you win,
lawsuits are a massive pain.
Think it through fully . . .

[theFIRMbss]

>Hopefully they will get sued a couple times and reverse this idiocy

Why doesn't Google
or someone else their own size
stand up for users?!

[Wiseghy]

Sounds like a lovely class-action opportunity.

I usually hate class action, but Comcast has ruined my vonage connection and taken up hundreds of hours of my time with it’s unreliable connections to my home office. AT&T had to pay tens of thousands to make a multi-line phone connection there instead.

BTW, I don’t use P2P, but I’ve seen the results of their playing games on the connections.

[JOAT]

Using BitTorrent with Comcast is a massive pain, I’ve heard.

Yes. Almost all other apps will slow to unuseable speeds.

Er, at least that's what I've heard.

[mysterio]

Hopefully Google will be racing Microsoft for the broadcast high speed internet everywhere idea. I really haven’t heard much good about Comcast, so I was shocked when they moved into my area. Sounds like they are ripe for some competition.

[politicalwit]

What Vonage problems have you encountered? I’m using both Comcast and Vonage without any problems (as of yet).

[TommyDale]

The main Vonage problem I encountered was finding someone who actually spoke English.

[jdm]

LOL

[JenB]

Bittorrent clients often cause your computer to run really slow and it’s nothing to do with Comcast. What you want to do is find the options and set the “kb/sec upload” or whatever the equivalent low. It’s usually set to “no max” by default but you want to set it to 35 or 40... experiment and see what works well.

Sorry for the slightly low-tech reply but as I don’t know what your technical background is I thought I’d try to keep this simple.

[gjones77]

Yes, yes it is.

I was using Bit Torrent to download the latest release of Kubuntu, yeah, that failed.

Notice how I wasn’t doing something illegal, yet because they think that any bit torrent is bad the block all.

[Petronski]

30 or 40?

Try 8.

[JenB]

Like I said, see what works for you. When I used to use Bittorrent regularly, 35 or 40 worked well for me.

[taxcontrol]

WARNING .... very bad article.

The test method is seriously flawed. In fact, the test method looks EXACTLY like a type of denial of service attack called a SYN flood attack. As such, disrupting a DOS attack is GOOD policy and is exactly what should be done by Comcast.

[Petronski]

I’m not trying to be a smart alec, I’m making a suggestion to all thread readers...try 8.

[longtermmemmory]

Perhaps we need (in all seriousness) an email address portability act to open up competition the way cell phone number portability opened that up.l

just need to figure out the logistics.

[tokenatheist]

Simply buy your own domain and hosting separately from your internet service.

[em2vn]

Please explain.