Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

@Home Stops Allowing VPNs

Roblimo posted more than 14 years ago | from the support-cable-access-for-all-ISPs! dept.

The Almighty Buck 517

cwilson writes: "I just got a message from my cable modem provider, Comcast@Home (a member of the Excite@Home network) that the terms of service were being changed. The interesting bit: Section 6. Prohibited Uses of the Service. This section specifies that use of the Service in conjunction with a VPN (Virtual Private Network) or a VPN Tunneling Protocol is a prohibited use of the Service. See for yourself here in section 6." Apparently @Home is looking for the little bit of extra revenue they can get by selling additional IPs to people (like me) who have more than one computer. This might not be so bad if @Home provided reliable e-mail and DNS servers and other "basic" services one expects from an ISP, which they don't. This is just another piece of woe for those of us whose only broadband choice is @Home. Bah! Update: 08/14 14:16 by michael : Yes, Robin confused NAT and VPN. TLA's are a PIA.

Sorry! There are no comments related to the filter you selected.

Question... (2)

V0oD0oMan (104232) | more than 14 years ago | (#856719)

does using microsoft internet connection sharing qualify as a vpn...because i'm planning on switching on over to att@home because i just can't stand the shoddy adsl service ameritech provides in my area.

@home blows (1)

lemurific (220735) | more than 14 years ago | (#856720)

This is what happens when you get a virtual monopoly in a certain region. @Home service sucks, and now I can't have my own network without shelling out an extra $40 a month for 4 IPs. I still don't see how they can detect VPNs, though.

Can they detect it? (1)

molo (94384) | more than 14 years ago | (#856721)

VPNs are supposed to be excrypted. So just changte the port numbers and they shouldn't be able to distinguish it from other encrypted transmissions. (Try the https port).. this provision sounds unenforcable.. so does it really matter?

Get a router/firewall (1)

SuiteSisterMary (123932) | more than 14 years ago | (#856722)

If you can't (or don't feel like) building one yourself, go nuts and get one. Tim Higgins [timhiggins.com] has some wonderful reviews and resources. I myself have a Linksys 4 port 10/100 router [linksys.com] . The ONLY thing that sucks about it is that @home's DHCP server bites, so having the thing update itself sometimes takes a while. But it's worth it. (I'm using rogers@home in Toronto area)

It started off great. (1)

ibot (219510) | more than 14 years ago | (#856723)

I have had @home for 2 years and have been happy with it overall. The speed is still great. I suspect though that slowly they'll keep removing some of the attractive aspects of its service. One that's affected me is the clamp on the upload speed. I have three computers hooked up to the @home network (by the way that is the max number of IPs you can get) for the 3 people in my family. With the change in upload speed now file sharing between the machines is not so great anymore.

Founder's Camp [founderscamp.com]

Re:Are you confusing VPN's and ip masquerading? (2)

1010011010 (53039) | more than 14 years ago | (#856757)

I can't see how they would know you're doing maquerading.

I plan on using a VPN, however, to provide a small number of real, routable addresses to my home machines while using the single random DHCP address I get from the cable modem providers.

-M

---- ----

6.95 a piece/month (1)

heff (24452) | more than 14 years ago | (#856758)

The extra ip's are 6.95/month each.. I have 3 total.. what I'm wondering is if my cable line now has a max bandwith limit of 1.5 gigs per day upstream instead of just 500 megs a day. Anyone know about this?

Re:More than one computer....? (2)

DrgnDancer (137700) | more than 14 years ago | (#856759)

I have to say that I was totally confused for a moment as to why diallowing VPNs would affect your ability to setup more than one computer on the Net. If anyone is interested, Wingate [deerfield.com] is pretty good proxy software for MS Windows, and Tucows [tucows.com] has a nuber of other. *nix of course has internal support for this knid of stuff.

Comcast != @Home (1)

Jerrry (43027) | more than 14 years ago | (#856760)

Although the /. headline reads "@Home Stops Allowing VPNs", this is misleading.

While Comcast's new AUP explicitely forbids VPNs, there's nothing in the @Home AUP that does so. See

home.com/support/aup/ [home.com]

ATT@Home tried to implement a new AUP with a similar VPN restriction in the Bay Area over a year ago, but the massive outcry quickly resulted in @Home withdrawing the new AUP, replacing it with the old one, which didn't have the VPN restriction.

Oh, how the mighty have fallen... (1)

Vladinator (29743) | more than 14 years ago | (#856761)

When I got my Cable Modem, on @Home in San Diego in 1998, there was NO substitute. They absolutely rocked the house. Then, as they expanded to quickly, didn't think about how they were growing their network, didn't secure open mail relays, harrased customers (even threatening to send one to jail - search the archives, it was covered here) and just plain started to suck. The upload rate cap was the beginning of the end - this is another telling sign. I used to ask people "Who would even WANT DSL when cable is available?" and now I know. People like me.


Fawking Trolls! [slashdot.org]

Re:Noooo!!!! (1)

nharmon (97591) | more than 14 years ago | (#856762)

resell the service or otherwise charge others to use the service, in whole or in part, directly or indirectly, or on a bundled or ununbundled basis. the service is to be used solely in a private residence; living quarters in a hotel, hospital, dorm, sorority or fraternity house, or boarding house; or the residential portion of a premises which is used for both business and residential purposes. without limiting the generality of the foregoing, the service is for personal and non-commercial use only and customer agrees not to use the service for operation as an internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise including, but not limited to, those in competition with the service, or as an end-point on a non-comcast local area network or wide area network, or in conjunction with a vpn (virtual private network) or a vpn tunneling protocol; or

Must have been a real slimy lawyer who wrote this one up! LOL!

Re:Missing out on the V in VPN? (1)

Tupper (1211) | more than 14 years ago | (#856763)

You are correct in stating what a VPN is--- however, they are more important than you seem to think. While joining a vpn isn't important for browsing the web or getting mp3s, its important for working over the broadband connection.

The also disallow home LANs elsewhere in the paragraph.

-Tupper

Detecting VPNs (shutting off SSL POP3 and SMTP?) (4)

satch89450 (186046) | more than 14 years ago | (#856764)

I suspect that @Home will now start monitoring connections for encryption (think SSL and TLS), then look at traffic patterns to determine whether it's a secure Web browser or "something else". That means that you might be shut off for using SSL-encapsulated FTP or SSL-encapsulated SMTP (for secure mail transfer). Indeed, I can see where people regularly using PGP encryption on mail content may get a little note from the company.

Hmmm...there is very little difference between a VPN and SSL encrypted services. Could it be that we are seeing something caused by the FBI demands to snoop on mail? A VPN is one way to block Carnivore and ISP monitoring from capturing e-mail traffic. Another way is to use STARTTLS-enabled mail clients to talk directly to STARTTLS-enabled mail transfer agents.

Perhaps it isn't just a bid for money...but then again, I admit I'm paranoid.

Re:Read the entire agreement!!! (4)

mikpos (2397) | more than 14 years ago | (#856765)

The part about "reselling" is completely orthogonal to the part of VPNs. Here what you want:

without limiting the generality of the foregoing, the service is for personal and non-commercial use only and [the] customer agrees not to use the service for operation as an internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise including, but not limited to, those in competition with the service, or as an end-point on a non-comcast local area network or wide area network, or in conjunction with a vpn (virtual private network) or a vpn tunneling protocol;

That said, it's probably wise to just ignore the policy. I would suspect fully 100% of @home subscribers are breaking at least two of the rules mentioned there; if they're not, they're wasting their money. It seems that @home (at least in my part of the world) only gets annoyed when you start using up obscene amounts of bandwidth (e.g. around 1GB/day regularly/constantly).

Re:data security (4)

nellardo (68657) | more than 14 years ago | (#856766)

The only "good" reason I can think of for them to bring in this change is that they don't like not being able to sniff all the information on your/their connections.
Even this doesn't make much sense to me. If they start sniffing everything, they open themselves up to huge liability problems (of course, they can and do hire lots of lawyers to deal with this). It's the difference between being a common carrier like a telco (who is not responsible for what is said over their wires) and a newspaper (who is responsible for everything said in their pages). Slashdot skims this line - Slashdot is liable for the stories, but not for the comments (since they never get deleted or edited, Slashdot can reasonably claim common carrier status) (ObDisclaimer - I ain't no steeekin' Lawyer)
The only bad reason I can think of for them to bring in this change is that they don't like people using their service because that means they need more real bandwidth....
No, I think they have higher rates for @Work. If you can't put a LAN on @Home, you can't really use it in a business environment. So you're forced to use the more expensive commercial service, rather than the residential one. In some sense, this is a very crude way of doing usage-based metering (about as much as minimum age requirements "guarantee" responsibility in drinking, smoking, voting, or driving). IMNSHO, these kinds of policies are going to eventually change as home networks become more and more prevalent. No one will sit still for paying more for a cable modem connection just because their "set-top box" happens to be made by Sony and thus has a 1394 connection that happens to be capable of running TCP/IP. I mean, really. That would be like charging someone different phone rates based on having a y-jack for their phone.

Re:No more secure working from home with @Home? (1)

Cappy (36891) | more than 14 years ago | (#856767)

It would seem that way to me, as it could be defined that VPN's make you an end-point of a non-comcast LAN or WAN. If that's the case, then Comcast is really behind the times on their service provisioning. I would avoid using services with contracts like this if at all possible (and affordable).

So? (1)

ibpooks (127372) | more than 14 years ago | (#856768)

Most residential broadband ISPs do not allow VPN communication. I know mine [hcv.com] doesn't. VPN is used primarily to bridge existing networks. In other words, you would be using a residential service to bridge a (probably) commercial WAN. If you need commercial service, pay for it.

Re:VPN's are NOT masquerading firewalls (2)

EvlG (24576) | more than 14 years ago | (#856769)

The masqueradiong/NAT prohibiting clauses are mostly intended to ensure that the service provider can't be liable for running your network. If you do something in trying to set up a IPMasq/NAT LAN behind the cable modem, and find out that you can't get it to work, they don't want to be in the position to have to support your setup. To do so would be unreasonable. This way, when you set up masq/NAT and can't get it to work, crying to @Home will only get you a big "See? It's prohibited by the TOS."

I'm sure there is also a motivation to try and get people to pay for extra IPs, but I suspect that support issues are the main motivation.

Re:Wrongo Roblimo (1)

Tupper (1211) | more than 14 years ago | (#856770)

If they aren't selling bandwidth, what the heck are they selling???

Re:It started off great. (1)

mebob (57853) | more than 14 years ago | (#856771)

Becuase people just don't get it

Re:RCN is a possibility (1)

John Goerzen (2781) | more than 14 years ago | (#856772)

Got a URL or a phone number or something for RCN?

Re:Question... (1)

dilip (211779) | more than 14 years ago | (#856773)

The service agreement you agree to when you subscribe typically states that the provider has the right to change the service agreement with some token amount of notice. In addition, paying your bill after the agreement changes is usually considered acceptance of the new agreement. As usual it sucks to be the small guy. Dilip

VPN (1)

MarNuke (34221) | more than 14 years ago | (#856774)

The whole idea of having a VPN is to have a secure way to have machines on a WAN network without worriing about being tapped. VPN and security goes hand and hand. Why would comcast not want people to have VPN?

Let's say I setup a VPN. What I would do is set a ssh link from my firewall to my friends firewall or a machine I control. I would then forward everything through one port over a ppp link. What is inside of the tunnel, no one but me and the other person knows about. Comcast doesn't know if I'm transfering porn, email, mp3's, or text file on how to make bombs. And guess who else doesn't know? The FBI.

MarNuke

Re:Are you confusing VPN's and ip masquerading? (3)

mxs (42717) | more than 14 years ago | (#856775)

He probably is ...

But apart from this, how does Comcast think to actually enforce this ? I mean, come on, everybody with some knowledge of ipchains, squid, and maybe a generic ip proxy will be able to masquerade that he/shes masquerading his/her traffic. Out of the box masquerading is easily detectable (who seriously uses ports upwards of 60000 ?), but with some precaution you can make it seem to be one computer, running MSIE if you want.

Oh, and how the heck would they tell a VPN protocol from http, provided one uses a sufficiently encrypted connection (ssh will do, so will any ssl-based app). Everybody who runs VPNs without encryption should be shot on the spot anyway. Or take out the P from VPN.

Can you believe the "Deutsche Telekom" (the phone company in Germany holding the monopoly to local lines and thus flatrates) actually prohibits this exact same behavior on even analog connections ? As if that would make any difference at all (they dont sell you IPs, theyre dynamic anyway), but what do you expect from monopolies.

Re:Not a VPN! (1)

ActionListener (104252) | more than 14 years ago | (#856776)

Ok, so they already ban IP-masqueraded networks. Is this really enforceable? I mean, how is @home ever going to know if one of their customers is using NAT? It was my understanding that the only way they could find out would be if you were to invite an @home employee over to your place and show them your cool 5-machine home network.

Re:Question... (1)

Scurra UK (143378) | more than 14 years ago | (#856777)

the first TOS you agreed to probably included something about them not needing your consent to change those TOS in future.

@Home (1)

Dungeon Dweller (134014) | more than 14 years ago | (#856905)

@Home charges too much for what they offer already! The prices are OUTRAGEOUS and now they want this too? I am so sick of cable/cablemodem monopolies.

Got one at home (1)

funk_phenomenon (162242) | more than 14 years ago | (#856908)

This was one of the great things that came about with the introduction of the high speed network. My whole house is networked using a linux box as the gateway. My whole family can access at anytime and have high speed. I don't know what we'd do without it. I guess I have to put the hive five to services such as @home and sympatico for allowing this sort of high speed service so many users can access the net quickly. This clause though is a real shame as it really takes advantage of people and the ease of the connectivity. What I don't understand is why they would get all stuff about a family using it that way, or a bunch of college kids. Guess it's bad for business and their take home pay.

Even the samurai
have teddy bears,
and even the teddy bears

Oh yeah (2)

Dungeon Dweller (134014) | more than 14 years ago | (#856911)

gettings cable and cablemodem services up at school, + the equipment rental costs about half as much as my RENT for my APPARTMENT with ALL OF THE UTILITIES INCLUDED. This is OBSCENE.

hijack an IP (1)

CrudPuppy (33870) | more than 14 years ago | (#856915)

I just set up a second box at home by using
one of their unused addresses on my subnet.

easy enough (until someone reads a traffic log
or tries to use the hijacked IP)

ISP Monopoly (1)

1alpha7 (192745) | more than 14 years ago | (#856919)

This is exactly what happens when the bandwidth provider (cable co.) is the monopoly ISP, also. While I am not a fan of AOHell by about 180 degrees, they were right about AT&T and cable ISP monopolies.

VPN or Proxy Servers? (1)

Sc00ter (99550) | more than 14 years ago | (#856922)

Do they not allow VPN or Proxy Servers? I don't see how they can do either? VPN traffic is just as legit as any other, and I don't see how they can detect proxy servers.

Ip... (1)

photozz (168291) | more than 14 years ago | (#856927)

My impression is that they are trying to prevent VPN connections. Although how that impacts their Services, I dont know. I think this is seperate from, say, running a router at home and splitting the signal to the rest of your PC's. Again, something that should not impact their service at all, yet my DSL service wants to charge me more meerly to have a router in my house!

No more secure working from home with @Home? (1)

TFloore (27278) | more than 14 years ago | (#856932)

Now, I can see where you object to this as possibly making using an IP-Masq server a violation.

My concern is on a different interpretation. This seems to state that running a VPN client from home, to securely connect to your work LAN, is now a violation of the @Home TOS.

Am I interpretting this correctly?

If so, this does not sound like it relates to sellings additional IPs, but more to just making a useful broadband connection much less useful to working professionals. :(

Tim

Are you confusing VPN's and ip masquerading? (5)

Hairy_Potter (219096) | more than 14 years ago | (#856933)

I thought a VPN was a simulated private network across the internet, which I supposed you could use to connect two of your computers, but only if they were physically far apart, using a VPN to connect two computers in the same room sounds insane.

Perhaps you meant to mention the previous clause in the contract, where they prohibit you from being an endpoint for a lan, which is what you need to do if your sharing an internet connection with IP masquerading.

Looks to be Comcast, not @home doing this (4)

RocketJeff (46275) | more than 14 years ago | (#856945)

I was interested in hearing about this since I use AT&T/@Home. It appears that this is only the Comcast user agreement and not the @Home agreement.
Remember, Comcast (and AT&T) use @Home services and can set their own user agreements seperate from @Home.
Looks like Comcast sucks, but not all @Home providers are quite this bad.

how would they know? (1)

Jae (14657) | more than 14 years ago | (#856948)

how exactly would they know if someone had a VPN going on or not?

all traffic that is masqed looks as if it's coming from the connected machine, so how are they going to know if the traffic i'm generating is coming from my "legit" machine, or from my laptop that is on my private network?

More than one computer....? (1)

FascDot Killed My Pr (24021) | more than 14 years ago | (#856951)

At first I had no idea what you were talking about "more than one computer". Then I realized, you have a computer in the living room and one in the bedroom and you are networking them together, over the Internet, by hooking them both to the cable. Dumb dumb dumb. Inefficient, insecure, a maintainence nightmare...

Why not setup a server for the LAN which hooks to @Home and shares the connection to your clients? Undetectable at the ISP level, easier to maintain, far more secure and not hard to setup. The only disadvantage is having to lay some cabling in your house--but that's simple if the computers are anywhere near each other or you can cut holes in drywall. This is what I've done (although I only have modem access right now).

Here's the real question: What are businesses going to say if their @Home-connected employees can't VPN to work anymore?
--

what's a vpn got to do with more than one computer (1)

nemoc (178963) | more than 14 years ago | (#856954)

Apparently @Home is looking for the little bit of extra revenue they can get by selling additional IPs to people (like me) who have more than one computer. (1)If you're computers were at different location, you'd need multiple connections (and multipe ip's anyway), which is what VPN's are used for, securing communication between remote points. (2) If you have more than one computer at your home -- i'm assuming you can still get a netopia router that will dynamically assign all your computers with local (non-routable) ip addresses and then act as a kind of IP-masq, so you can still have more than one computer on you're local area network _or_ (3) if you have a persistant connection, you should probably configure a box a a firewall anyway, using something like ip-chains (*NIX) or Proxy Server (NT) [if you use ip-chains you'll need to use a separerate applications proxy - i recommend squit. Anyways -- the point is, this will have no effect on having more than one coputer at the same location.

VPN is a strange thing to forbid (3)

wa1hco (37574) | more than 14 years ago | (#856957)

VPN usually means creating an encrypted IP in IP tunnel, for example between home and office, to allow secure connections. So, we have a difference of interpretation here that hard to understand. cwilson assumes it means creating a home network, probably with ipmasquerading. But I've never seen "VPN" used in that context. On the other hand, what does it mean for @home to forbid encrypted tunnels. Do they mean you can't encrypt? What about SSL? Do they mean you can't create a site that allows others to VPN in from the internet? Mysterious.

Broadband (1)

BigZaphod (12942) | more than 14 years ago | (#856959)

"This is just another piece of woe for those of us whose only broadband choice is @Home. Bah!"

Waaa waaa. Try having NO choices for broadband.

Grr..

l8r
Sean

data security (2)

bfree (113420) | more than 14 years ago | (#856962)

The only "good" reason I can think of for them to bring in this change is that they don't like not being able to sniff all the information on your/their connections.
The only bad reason I can think of for them to bring in this change is that they don't like people using their service because that means they need more real bandwidth, so instead they are just banning anything you could possibly want to use it for other than surfing and email (and even email they are not generous about) because if they banned these they wouldn't be able to convince anyone that it was a good deal :-)

Re:Question... (3)

hoefkens (16698) | more than 14 years ago | (#856964)

No it doesn't. But that part wis also forbidden by the Subscriber Agreement (it says ...OR AS AN END-POINT ON A NON-COMCAST LOCAL AREA NETWORK OR WIDE AREA NETWORK).

So the agreement essentially says: you may not put a LAN or a WAN at the end of your line and you may not join another LAN or WAN via an encrypted channel. Kind of interesting...

VPN != IP Masquerading / NAT (2)

TheLurker (32233) | more than 14 years ago | (#856965)

First of all, the poster's interpretation of what this clause means is incorrect and what the term "VPN" means is incorrect. VPN is a way of securely connecting two networks over an insecure network and doesn't necessarily have anything to do with IP Masquerading / NAT.

Still the interesting question is, what would they have against VPN tunnels... I use them all the time to create encrypted links to the servers I administer... hmm... what would a huge ISP have against encrypted VPN links.. encrypted...

Could it be that encrypted tunnels would prevent them fromm sniffing your packets and thus participating in echelon or court ordered wiretaps? Nahh.....

Always use a local isp. (1)

chotlhpah (165919) | more than 14 years ago | (#856966)

It's always better to go with a local isp, name one good national isp, then name all of the great local ones.

Missing out on the V in VPN? (1)

Refrag (145266) | more than 14 years ago | (#856975)

Are most readers missing out on the V in VPN, or am I just out of touch. I think @Home isn't saying you can't have private networks at home, using more than one computer with the service. I think what they are not allowing is Virtual Private Networking which allows you to connect to a private network over the Net and act as a member of that network.

Am I confused or is everyone overreacting?


Refrag

There seems to be some confusion here (1)

bill_kress (99356) | more than 14 years ago | (#856978)

A VPN (Virtual Private Network) is a network set up through encrypted connections that can run over other networks (The internet).

You seem to be talking about aliasing all your PCs on to a single IP address through a proxy--a completely different matter.

Although I have a meeting NOW, a quick glance at section 6 didn't tell me which they were talking about (I couldn't find it in 30 seconds or less, sorry)

Terminology (1)

Judas Iscariot (117445) | more than 14 years ago | (#856982)

I'm not sure I'm clear on this. People tend to
bandy about the term "VPN" a lot, referring both
to NAT, and to any flavor of encrypted
I can see the logic in @home outlawing NATs. More
IP sales == more revenue for them. IP's are one
of an ISPs major assets, and for a long time have
been a crucial part of the business model.

But VPN's? What do they have to gain from this?
It's not going to help them sell more IP's.
Having a NAT'ed network is the quickest way to
turn a fairly simple pptp connection into a
routing nightmare.

I'm a current @home user, and I telecommute at
least once a week. I do this through a conventional
VPN, as well as a public tunnel to the 6bone.

Which brings up another question: This connection
is not a "VPN" per se, but it _is_ an encrypted
tunnel to another network. Are they planning on
prohibiting this, as well?

Ah well, @home seemed to actually have their
act together lately, guess I was mistaken.

(Off to reread the "roll your own dsl" articles)

-judas

PPP over SSH (1)

hakker (11892) | more than 14 years ago | (#856986)

Uhhh. That is retarded. I have a DSL and my friend has @Home. We have setup a VPN using SSH and PPP. If @Home looked at his traffic, all they would see is a SSH connection. So what? They could never prove what he was doing with that connection. Lamers....

Re:VPN is a strange thing to forbid (1)

kevin42 (161303) | more than 14 years ago | (#856989)

Many VPN protocols don't use UDP or TCP, so they aren't very routable. That's probably why they are banning them, because if they want to put people on a private IP space or behind a firewall, then VPN may not work.

Long live ppp over stunnel!

Not a VPN! (1)

jaron (8457) | more than 14 years ago | (#856993)

You're post indicates that you're concerned about losing the ability to run an IP-masqueraded network on their service, not a VPN. According to their agreement, they already ban this:

"OR AS AN END-POINT ON A NON-COMCAST LOCAL AREA NETWORK OR WIDE AREA NETWORK"

the new regulation only refers to VPNs and VPN-related traffic, not IP masquerading. VPNs are not necessarily IP-masqueraded. A VPN is often used to connect geographically separated networks into a single, larger, network through the use of encrypted protocols and Internet bandwidth.

This isn't that big a deal (1)

(some random guy) (198999) | more than 14 years ago | (#856995)

You can still go ahead and use NAT or a proxy to share your internet connection. Microsoft's defintion of a VPN is this:
A virtual private network is a way to simulate a private network over a public network, such as the Internet. It is called "virtual" because it depends on the use of virtual connections-that is, temporary connections that have no real physical presence, but consist of packets routed over various machines on the Internet on an ad hoc basis. Secure virtual connections are created between two machines, a machine and a network, or two networks.
(I use Microsoft's words because Comcast will agree ... MS owns a stake of @Home.)

So this new license restriction only prevents you from using your @Home service as an endpoint for tunneling between two larger networks. This is probably so that small residential-based businesses don't use two @Home subscriptions as a dirt cheap way to connect their networks.

No biggie.

they will have you think (1)

CrudPuppy (33870) | more than 14 years ago | (#857013)

they want you to believe that you must use
DHCP, but their tech let me know that each
and every box gets a static IP that is hard
coded in the DNS (yes I confirmed).

it is simple enough to set up a router/dns
box to use this single IP address and run NAT
for all private addresses inside. there is no way
they could ever know this is happening since
all traffic will come from the single assigned
IP address.

just my two cents

Confusion? (2)

Sloppy (14984) | more than 14 years ago | (#857015)

I don't get Roblimo's comment. What do VPNs have to do with NAT or IP Masquerading?


---

VPN's are NOT masquerading firewalls (2)

dutky (20510) | more than 14 years ago | (#857018)

The cited portion of the @home contract is not preventing users from running a masquerading (aka NAT in the non-Linux world) firewalls. VPN's are a way of tunneling network traffic over a non-secure network in a secure fashion (using encrypted connections/packets) and provide the illusion that many, spatially distant computers are communicating over a common LAN, rather than over the open internet.

There may well be a section of the @home contract that forbids masquerading/NAT firewalls, I know that such clauses were popular a year or so back (mostly specifying that only a single computer could be hooked up to the service, which pretty much forbids masquerading/NAT firewalls) but the cited section is dealing with something else entirely.

Broadband Monopoly (1)

robl (53384) | more than 14 years ago | (#857022)

Aren't you glad they made a change to the customer agreement without asking for your approval first?

Technically, I think they're trying to cash in on the companies and people who are working at home and use a VPN into their corporate office. If you want to use a VPN then you need to go with their corporate broadband services. No one needs to *USE* a vpn unless they were working for a corporation anyway, right?

Re:ISP Monopoly (1)

Drex1911 (220182) | more than 14 years ago | (#857026)

I wish someone did have a cable monopoly. then maybe they would have a provider in my area. Im still stuck with frickin dialup!!

Accepting ToS changes (1)

NathanDay (182970) | more than 14 years ago | (#857030)

IANAL, but I don't believe you have to accept changes to Terms of Service that occur within a contract's time period. I remember reading this in regards to credit cards, but I don't see why it wouldn't apply to this. Any lawyers out there who could verify this?


-----

Read the entire agreement!!! (3)

nharmon (97591) | more than 14 years ago | (#857034)

ROBLIMO!!! Please read the links of the articles before posting them.

resell the service or otherwise charge others to use the service, in whole or in part, directly or indirectly, or on a bundled or ununbundled basis. the service is to be used solely in a private residence; living quarters in a hotel, hospital, dorm, sorority or fraternity house, or boarding house; or the residential portion of a premises which is used for both business and residential purposes. without limiting the generality of the foregoing, the service is for personal and non-commercial use only and customer agrees not to use the service for operation as an internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise including, but not limited to, those in competition with the service, or as an end-point on a non-comcast local area network or wide area network, or in conjunction with a vpn (virtual private network) or a vpn tunneling protocol; or

Note: I had to use Lotus Wordpro to switch this to lower case, because /.'s unintelligent bastardized lameness filter stopped me. *smile*

All it is saying, is that you cannot resell @HOME services. What is wrong with that? I think it's perfectly fine. If you want to use it commercially, you pay for such access.

But seriously. Can Slashdot posters PLEASE read links, it might reduce the amount of FUD which gets passed through.

Would this prohibit IP masqing? (1)

xmutex (191032) | more than 14 years ago | (#857046)

Curious.. would this also prohibit the old RedHat box masqing IPs for the Windows box?

Glad I have Mediaone Roadrunner.. at least, for now..

Do you mean VPNs or IP masquerading? (1)

0xdeadbeef (28836) | more than 14 years ago | (#857049)

In either case it is relatively unenforcable. It's all data coming out of one box as far as they're concerned, they only way they can tell is if they break into your house. I suppose they could do traffic analysis for masquerading, or just watch for packets with encrypted data conforming to the VPN protocols. But my, that would be awfully Orwellian of them, wouldn't it?

Don't worry. The market will fix it... someday. Just bend over and take it like a good consumer in the meantime.

What does VPN have to do with multiple IPs? (1)

mbrannig (20700) | more than 14 years ago | (#857055)

From reading section 6b viii

Having multiple IPs have nothing to do with VPNs. Thats NAT or IPMASQ not VPNs.

This would seem to prohibit attaching from your home machine to a corp VPN connection or perhaps to your real hosting provider. In addition, the same passage seems to prevent using for any business purpose. So using my cable modem to connect via ssh into an office would seem to violate the policy.

This seems shortsighted and bad. How can I telecommute using the service? This is a serious issue here. How about using the web to do reasearch for my job?

Is this a plow to make you buy a more expensive line?

matt

I also interpret is this way (1)

CrudPuppy (33870) | more than 14 years ago | (#857056)

It really does sound like they are prohibiting
the connection to work VPN's.

If this is truly the case then:

1) they are very stupid
2) they are begging people to switch to other
providers and/or xDSL

Re:Always use a local isp. (1)

ucblockhead (63650) | more than 14 years ago | (#857057)

Works great until one of those national bastards buys out your nice, local isp and your service goes to shit.

(Yes, that is from personal experience.)

Well lookee here....another flip-flop (1)

MolGOLD (158043) | more than 14 years ago | (#857059)

I've subscribed to @home for a bout a year now......and up until recently, I've actually purchased the second IP address just for simplicity's sake. Then, I bought a wireless networking kit for another computer, and that whole plan went straight to hell. @home needs to figure out that realistically, no one is going to want to pay an extra $10 (or whatever it is in your area) for an IP address, especially after flip-flopping back and forth. I remember before @home was available here, cable modem service (known as "the wave") would not allow any kind of connection sharing. Then, the service becomes @home, no networking or sharing allowed, but wait, three months down the road, our policy has to change. Honestly, this is really going to turn people off cable...this also disturbs me as I'm moving in a week, and have to get the service set up again (look ma, another $80 installation)

Re:Missing out on the V in VPN? (1)

e_feldhusen (59076) | more than 14 years ago | (#857061)

You're correct, a VPN is "Virtual" Private Network which allows a computer or a LAN to connect to another computer or LAN across public "ie the Internet" connections usually with encrypted traffic. It seems like most people posting are confusing a home network with a virtual private network.

ADSL is better (3)

spinfire (148920) | more than 14 years ago | (#857073)

I have ADSL service from Speakeasy.net [speakeasy.net] and they are incredibly flexible. They allow whole networks on residential circuits and i run a mail/web/ftp server on mine.

Thus, I come to the conclusion that DSL is a better deal, provided you can find a good ISP (I strongly recommend speakeasy, they even fully support linux).

VPN vs. NAT (1)

jmauro (32523) | more than 14 years ago | (#857076)

NATs are not VPNs.
NATs are used to connect more than one computer to the internet using something like Windows Connection Sharing or IPMasq or Netfilter. A VPN is connection of two computer using authentication and encryption. Each of the computers has its own IP numbers, but all traffic is encrypted. FreeSWAN and Compaq Tunnel are examples of this as well as IPSec. VPNs are really useful in talking to a private network at work. Tunnel into the network and you can work on you stuff without a reasonable fear that it is being sniffed. Whay they would want to prevent this I do not know? Maybe they don't like people working from home and think everyone should just work from work. Probably they'd want to raise prices for people to work at home and make them sign up for @work. Or they could just be confused. It happens.

I'm only going to pay for a pipe... (2)

sjbe (173966) | more than 14 years ago | (#857079)

I've run into this with our local cablemodem vendor. (Buckeye Cablesystem in this case - unfortunately I can't yet get DSL to my door even though I'm close enough) They want to charge an extra $10 for every extra computer hooked up to their lines. Where do these folks get off thinking they are entitled to this extra money? I'm paying for the pipe to my house, nothing more. If I'm leasing equipment from them (ala cable boxes or NIC's) then they can charge me for thoses but beyond that it is none of their business what I hook up to the pipe. (so long as I'm not doing anything illegal with the connection)

I've no problem with companies trying to make a buck but this is ridiculous. They are providing no additional benefit but think they are entitled to additional money? Not from me. I'm paying for a pipe, not the right to use my own computers.

Besides, this is really not enforcable as far as I can tell. If you set things up right, I'm not sure how they could tell if you had such a network or not.

VPN not the same as a personal network at home. (1)

lythander (21981) | more than 14 years ago | (#857080)

VPN is a secure encrypted connection over an insecure connection to a remote network. Work from home, have your machine pretend to be right on the network at work.

The writer seems to be bitching that he can't NAT his home network on anymore, and he seems to still be able to do that (atleast section 6. doesn't outlaw it) as long as he's not hosting servers for a business enterprise.

BUT...

Why would they disallow VPN? This just prevents people from working from home.

Can https or SSL be considered a VPN? A whole bunch of etraders will be grumpy!

VPN != IP Masquerading (1)

MasterD (18638) | more than 14 years ago | (#857083)

A VPN is a concept where you can encrypt all the data between two computers on an insecure line and create the illusion that the two machines are on the same private network. Generally, VPN's are used for businesses who want to let their employees work from home and have connectivity inside their firewall. This can be detected by the ISP because of the ports you need to have open on your host.

Whereas, it seems from Roblimo's response that he wants to be able to Masquerade IP's. This, first of all is impossible for your ISPto detect even if you were doing it. Secondly, this does not constitute a VPN.

Yes, poster was confused (3)

mojotooth (53330) | more than 14 years ago | (#857085)

The original poster was indeed confused.

The reasons for restricting VPN traffic and restricting ip-masq are completely different.

ip-masq: They would restrict this if they wanted to sell you more IP numbers.

VPN: They would restrict this if they wanted to charge you BUSINESS rates for telecommuting.

They can't possibly detect ip-masq. They could only detect VPN with a lot of effort.

So don't even sweat it, just ignore this policy.

Clarification (1)

nerd1701 (70945) | more than 14 years ago | (#857088)

I don't think that they are banning proxy servers / IP Masquerade. They are trying to get folks who connect to work using VPN to use their more expensive @Work service.

VPN != NAT (3)

sanemind (155251) | more than 14 years ago | (#857089)

You people are confusing VPN's with NAT!

Using, say, masquerading for many machines inside your home or buisness to seem to be coming from the one IP your ISP gives you is NAT (network address translation[I prefer masquerading, it is more descriptive, more obvious to the novice])

VPN, or (virtual private networking), is when you tunnel IP over something else, so it's sort of like you have a PPP link [across the net] to some other host... and it is usually encrypted so that you can have the effect of a WAN or a dedicated private leased line, but using the public internet infrastructure instead. [Except for cpu lost in crypt [Still much cheaper ;) ]

--sanemind

man signature

D'oh!!! (1)

Lxy (80823) | more than 14 years ago | (#857091)

DSL.chant(infiniteloop) Umm... so according to this no telecommuting for me. Our office set up VPN so I can connect from home when I got my @home service (the competition sucks in my neighborhood). Now even though what I was planning to do (logging into my remote site for admin purposes) is no longer possible? Down with this crap. DSL forever, baby!!!

"You'll die up there son, just like I did!" - Abe Simpson

Re:Missing out on the V in VPN? (1)

Judas Iscariot (117445) | more than 14 years ago | (#857113)

As far as I'm concerned this is a MUCH more
serious issue. ISP's have a right to charge for
IP's. It's a basic tenet of their business.
They hold the class C and above allocations, and
they dole it out to Joe End User so he can get on
the net. This service comes at a price.

I currently have 3 IP's from @home, for 4 computers
(one of which is a thin client that just gets X sessions off another box).
This causes me substantially less headache, as
all computers can be on irc at the same time
as well as using any and all services that NAT
may or may not break.

Don't get me wrong. I think IPmasq and the various
win32 NAT's are great, and I've set them up for
several companies in the past. But to be quite
honest, one of the major reasons I chose to
purchase all my IP's was so that I _COULD_ make
use of a VPN. Prohibiting NAT forces users to shell
out a few more bucks a month. Big deal. Prohibiting
VPN's is going to piss off a lot of users who
simply want a secure way to do their work from
home.
This, IMO, is a much bigger issue.

-judas

Re:No more secure working from home with @Home? (1)

norton_I (64015) | more than 14 years ago | (#857115)

[Though shalt not use this service...] AS AN END-POINT ON A NON-COMCAST LOCAL AREA NETWORK OR WIDE AREA NETWORK, OR IN CONJUNCTION WITH A VPN (VIRTUAL PRIVATE NETWORK) OR A VPN TUNNELING PROTOCOL;

Looks like all of the above are forbidden. In the same paragraph, telnetd, ftpd, httpd, and others are also forbidden. Quite honestly, if AT&T tries to tell me this when I get their Cable modem service, they can go to hell (and I will do it anyway).

Carnivore? (1)

Element5 (119310) | more than 14 years ago | (#857119)

Anyone consider this may be a step towards Carnivore monitoring of @Home networks? Seems to me the first step to that would be to prohibit any secured tunneling.

--

Re:Accepting ToS changes (1)

baywulf (214371) | more than 14 years ago | (#857122)

"IANAL, but I don't believe you have to accept changes to Terms of Service that occur within a contract's time period. I remember reading this in regards to credit cards, but I don't see why it wouldn't apply to this. Any lawyers out there who could verify this?"

And what is the time period of your contract? I'd say month-to-month since you pay on a monthly basis and can discontinue the service on notice. But IANAL

Re:Can they detect it? (1)

CosmicEntity (100265) | more than 14 years ago | (#857124)

Judging through previous experience (3 months with AT&T@Home), even if they could, they won't. I've had several extra machines running on the service. I'm suspecting that this may be more of a legal coverall than a legitimate concern. @Home in my area has entirely static IP addresses, allowing anyone to just select an open number and use it. What's more, there are actual blocks of IP addresses that are never used. While this is extremely simple to detect (ping 'em!), never once has any action to discourage the practice been made. In all reality, this may be a way to avoid having to provide technical support and security for VPNs, just like they did with Microsoft Networking support initially.

Hodwash.. (3)

Thomas Charron (1485) | more than 14 years ago | (#857127)

Apperently their lawyers should take some classes on basic WAN networking. You see, the issue here is, according to ComCast:

OR AS AN END-POINT ON A NON-COMCAST LOCAL AREA NETWORK OR WIDE AREA NETWORK, OR IN CONJUNCTION WITH A VPN (VIRTUAL PRIVATE NETWORK) OR A VPN TUNNELING PROTOCOL;

So basically, you *CANNOT* surf the net. The Net, after all, is basically a WAN connecting many LANs together, and hence, while using the net, you are breaking the service agreement. Personally, I'd sue them like no tommorow, becouse they are placing a stipulation in the agreement that disallows the service to be used for what you're actually paying it to do..

They're banning NAT'ing, not just VPN's (1)

Echo|Fox (156022) | more than 14 years ago | (#857128)

Erg, wtf? The fact that they're dissalowing VPN's isn't the big issue here. If you read the terms of service: AS AN END-POINT ON A NON-COMCAST LOCAL AREA NETWORK OR WIDE AREA NETWORK, OR IN CONJUNCTION WITH A VPN (VIRTUAL PRIVATE NETWORK) OR A VPN TUNNELING PROTOCOL; or you'll see something much more interesting. "an END-POINT" would be a *BSD NAT box, or a Linux IPMASQ box, and the local area network would be your machines you're NAT'ting too. Why the story talks about the VPN aspect is beyond me, since that's a relatively minor issue in comparison. And yes, this also bans Windows Internet connection sharing.

The business world will revolt (2)

PenguinX (18932) | more than 14 years ago | (#857130)

Seems to me that all people who want to work from home via VPN now are going to have to switch to DSL - darn.

A home network is not a VPN! (2)

StenD (34260) | more than 14 years ago | (#857152)

The Comcast subscriber agreement already banned connecting a home LAN [techtarget.com] to the cable modem. A VPN [techtarget.com] allows your home system to appear to be part of private WAN [techtarget.com] across the public Internet. In reality, this change doesn't take anything away, as connecting to a non-Comcast WAN was already prohibited, but this makes it an explicit statement for people like Roblimbo who don't know what makes a LAN, a WAN, and a VPN different.

IP/NAT however can be viewed as a NON-Comcast net. (1)

Svartalf (2997) | more than 14 years ago | (#857153)

Your IP/NAT box can be viewed as an endpoint for a non-Comcast network (Does Comcast own your LAN?). They got ya in that regard.

Re:Question... (1)

toast- (72345) | more than 14 years ago | (#857157)

Around here (Canada) @Home doesn't allow for you to buy more than 3 or 4 IP's per home.

I need 10 IP's, thus I'm using Masquerauding.

Oh and i'm saving money (10/month extra per IP)

I'd like to see them try to bring 'me down' so i have to pay for my IP's.

Bring it on

Question: If an agreement is changed, do i have to agree to the new change? (ie: sign something) or is it automatically agreed upon?

Re:Question... (1)

Tower (37395) | more than 14 years ago | (#857159)

I think that may be dependant on your particular provider, too... the reps *suggested* that for my last apartment when I signed up, and when I moved into my house, they certainly didn't have a problem with it... you have to use NAT, though - you can't just plug the cable modem into a hub...


--

Looks like a draft copy (1)

Jakyll (94797) | more than 14 years ago | (#857161)

This looks like a draft copy of a proposed service agreement. Don't jump the gun and think a document with red ink and strike-out lettering is written in stone. I'm with Cogeco@Home and while they won't lift a finger to support a VPN or any other feature beyond a single Mac or Windows PC connected directly to the cable modem, they don't care what you do with your connection as long as you aren't being a bandwidth bastard.

Re:Not a VPN! (1)

ucblockhead (63650) | more than 14 years ago | (#857162)

I'm sure that the reason that they want to ban local nets is that they are afraid it will cause people to generate too much traffic. It all goes down to the basic problem with @Home and similar services. They promise more bandwidth then they can really deliver.

From what I've seen, the ADSL guys are much less concerned about you hooking up multiple boxes, because they really can give you what they advertise.

In any case, I was under the impression that if you did the ip masquerading correctly, there was no way @Home would even know you have more than one box there.

Re:It started off great. (1)

kasparov (105041) | more than 14 years ago | (#857163)

Why would you want to share files over their network for computers in your own home? Why don't you just buy an ethernet hub and share at 100Mb/s?

VPN =! proxy or NAT (1)

MentlFlos (7345) | more than 14 years ago | (#857179)

Ok, I may be ignorant on this, but I'm pretty sure I know what I'm talking about.

The TOS says that you can't use @home for business crap or tunneling out, that has nothing to do with how many computers you run thru them (proxied or not)

It looks like they don't want people who work from home to 'dial' into their corprate network and create buttloads of traffic with a tunnel.

How many people use sygate/wingate/ipmasq to run many computers over a cable modem? Tons. Is that tunneling? No. Its either a form of a proxy or NAT or however the program decides to implement the exchange of the packets.

I dunno how togther I sound, I just woke up.
-paul
---------------------------------------
The art of flying is throwing yourself at the ground...
... and missing.

Charges (1)

187 (86855) | more than 14 years ago | (#857180)

Don't forget, in addition to the $6 and change a month IP charge, there's also a ~$25 "service change" fee as well.

I'm ready to dump comcast altogther, between hidden fees and those insipid commercials they play trashing all alternatives every 5 minutes...

"So some *MAN* who I don't even know is going to come over and install the dish?"

Make your own (3)

MrEd (60684) | more than 14 years ago | (#857184)

You don't need to shell out for a router! Make your own!

I'm in the Kingston area, on COGEGO@Home, living in a student house. We have six computers sharing a cablemodem connection using a linux box running the Linux Router Project [linuxrouter.org] . Very nice. It has no HD, no fan, and does its job quietly and well. A hub and two shitty network cards were all we had to buy.

The cable guys who installed the modem were very understanding about it too... I pretended that my computer was the only one being connected, but strangely enough they ended up leaving behind enough free coax cable so that we could run it into the closet... :)

Bottom line, I have lots of friends who are running LANs behind the scenes, and, at least in the Kingston area, none of them have been hassled.

And, @Home sucks. Is ADSL any better?

Catch me if you can... (1)

pendrake (200392) | more than 14 years ago | (#857185)

Prove it!

After all, how the hell are they supposed to know what that encrypted traffic actually is. And if they actually do start paying attention to traffic, they run the risk of voiding their common carrier protection (which protects them from being liable if their network is used for attack). In my mind this is bluster to discourage the 10% of users who would actually read these agreements, and perhaps annoy a bunch of companies to no end. I don't see how they can do this and stay in business, however - one of the driving forces behind broadband connections to the home is telework, and if their Service Agreement prevents VPNs, companies will have to go with DSL or (yuck!) use dial-up. The only people this hurts are businesses, not home users.

Whatever.

VPN and home networks (1)

e_feldhusen (59076) | more than 14 years ago | (#857187)

A VPN and a home network are two completely different things. A virtual private network is connecting a computer or LAN to another computer or LAN across public, ie the Internet, wotj encrypted connections. A home network is using a computer/LinkSys/router to share your single broadband connection. What @Home is describing is the VPN. However, for my Charter Pipeline *cable modem server*, the agreement wording is such that I can't run a home network either. I suspect the @Home agreement is similar.

slightly OT--Cable dynamic IPs (1)

Aerolith_alpha (85503) | more than 14 years ago | (#857189)

How dynamic are the dynamic IP's that @home uses, and how hard is it to get set up with a static?

I will be using @home this semester at school, and i am curious about being able to run a MINOR MINOR MINOR webserver off it for my own purposes...

How would they know... (2)

Shotgun (30919) | more than 14 years ago | (#857190)

what you are using, unless they are snooping your traffic? If all they are doing is pushing packets then how do they know what those packets contain? Could this clause be safely ignored? If they threaten to cut service because you're running NAT or VPN, then you can sue them for 'breaking and entering' your property. (Remember, the lawyers are claiming that information is property.)

What happens if the USPS starts deciding that they want to open and read all the mail?

Noooo!!!! (2)

robl (53384) | more than 14 years ago | (#857191)

resell the service or otherwise charge others to use the service, in whole or in part, directly or indirectly, or on a bundled or ununbundled basis. the service is to be used solely in a private residence; living quarters in a hotel, hospital, dorm, sorority or fraternity house, or boarding house; or the residential portion of a premises which is used for both business and residential purposes. without limiting the generality of the foregoing, the service is for personal and non-commercial use only and customer agrees not to use the service for operation as an internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise including, but not limited to, those in competition with the service, or as an end-point on a non-comcast local area network or wide area network, or in conjunction with a vpn (virtual private network) or a vpn tunneling protocol; or

See, you *ARE* prohibited from using a vpn.

Clarifying the confusion (maybe) (1)

VP (32928) | more than 14 years ago | (#857192)

Prohibitting using the service for VPN connections is new, but has nothing to do with forcing individual IPs on each machine in your home. The latter has been there for a while, but I think is only so that they don't have to support your home LAN questions.

Using the service for VPN connection may assume that you are doing work from home, which they want you to do using their @Work service (more expensive). Another interpretation may be that you can't offer VPN services, but that would fall under their "no public servers" policy.

Can they track VPN connections? I think they can, as this is a specific protocol, which can be selectively sniffed. Even though the payload is encrypted, the protocol information would be visible. I hope someone will correct me if I am wrong on this.

Re:Are you confusing VPN's and ip masquerading? (1)

Judas Iscariot (117445) | more than 14 years ago | (#857193)

There's no reason why you couldn't.
VPN's are fairly easy to set up, and provide
fairly strong encryption for all data that passes
over the wire. If you were for some reason concerned
about someone placing a sniffer on your local network
setting up a virtual network over the lan would not,
in fact, be a bad way to go. At this point it's
actually a little simpler than just deploying
IPSec on all the boxes (Especially if some of them
are Win9x/Nt4

-judas
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?