Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comcast Forging Packets To Filter Torrents

kdawson posted more than 7 years ago | from the could-be-actionable dept.

Security 413

An anonymous reader writes "It's been widely reported by now that Comcast is throttling BitTorrent traffic. What has escaped attention is the fact that Comcast, like the Great Firewall of China uses forged TCP Reset (RST) packets to do the job. While the Chinese government can do what they want, it turns out that Comcast may actually be violating criminal impersonation statutes in states around the country. Simply put, while it's legal to block traffic on your network, forging data to and from customers is a big no-no."

Sorry! There are no comments related to the filter you selected.

Can you say "class action" ? (5, Insightful)

unity100 (970058) | more than 7 years ago | (#20469659)

say it ! and add a "lawsuit" to the end. Such "companies" deserve it.

Re:Can you say "class action" ? (1)

Associate (317603) | more than 7 years ago | (#20469727)

The question would be who could be a party to the lawsuit. Could someone that's not a customer but peered BT's to Comcast customers seek damages? All that would be needed for proof would be a peer's IP belonging to Comcast. Right?

Re:Can you say "class action" ? (4, Informative)

click2005 (921437) | more than 7 years ago | (#20469811)

There are a lot of legal bittorrent downloads. Most linux distros are available this way as well as a large number of public domain movies.

http://www.publicdomaintorrents.com/ [publicdomaintorrents.com]
http://www.starwreck.com/download.php [starwreck.com]
http://www.zeitgeistmovie.com/ [zeitgeistmovie.com]

Re:Can you say "class action" ? (0, Troll)

winkydink (650484) | more than 7 years ago | (#20470271)

Major ISP's in the US have told me in meetings that P2P makes up 70-80% of their total traffic. Do you really believe that the majority of this is legal content?

Re:Can you say "class action" ? (5, Insightful)

unity100 (970058) | more than 7 years ago | (#20470365)

and you should have told them they should have invested while they were overselling their lines. it doesnt matter what percentage of p2p is legal or not, the fact is they are not able to provide what they promised. the debate should be on that, not p2p's legality.

Re:Can you say "class action" ? (1)

WindBourne (631190) | more than 7 years ago | (#20470441)

I would think at around 1/2 of it is legal. About 1/2 or more of the music is probably legal. I would guess about 10% video is legal. And probably the vast majority of the software is legal. But does it matter? I think not.

Re:Can you say "class action" ? (2, Interesting)

piojo (995934) | more than 7 years ago | (#20470445)

Major ISP's in the US have told me in meetings that P2P makes up 70-80% of their total traffic. Do you really believe that the majority of this is legal content?
I wonder how much of it is legally grey? For example, anime that is not licensed for distribution (completely unavailable) in the US. Yes, it's still copyrighted, but that doesn't mean it's a copyright violation. Perhaps it's not even copyrighted in the US. I don't know international law that well. My point is that it's a legal grey area (unless I'm totally wrong), and a series of anime consumes a lot of bandwidth. One episode is typically 175-250 MB, and these episodes come out once per week (unless someone is downloading an old series, whereupon they might download all of it at once).

In any case, it doesn't matter whether most bittorrent use is legal. It's not okay to filter a protocol that customers are paying to use (unless they filtered individual torrents, but that's too much work, and it's asking for lawsuits).

Re:Can you say "class action" ? (2, Informative)

cortana (588495) | more than 7 years ago | (#20470497)

I wonder how much of it is legally grey? For example, anime that is not licensed for distribution (completely unavailable) in the US. Yes, it's still copyrighted, but that doesn't mean it's a copyright violation.
Seems like a straightforward case of copyright infringement to me. If the copyright holder has not granted you permission to distribute their work then you simply are not allowed to do so!

Re:Can you say "class action" ? (2, Informative)

PCM2 (4486) | more than 7 years ago | (#20470573)

I don't know international law that well.

The Berne Convention [wikipedia.org] is an international treaty that sets standard copyright terms and prohibitions and has been ratified by most of the countries you've heard of.

Re:Can you say "class action" ? (5, Insightful)

Fujisawa Sensei (207127) | more than 7 years ago | (#20470553)

Major ISP's in the US have told me in meetings that P2P makes up 70-80% of their total traffic. Do you really believe that the majority of this is legal content?

That's not for the ISP to decide.

Re:Can you say "class action" ? (1)

garylian (870843) | more than 7 years ago | (#20470439)

I believe the WoW patcher uses a bittorrent model, as well.

Considering there are something like 2 million plus users in the U.S. alone, that would add up to a lot of traffic each patchday!

Re:Can you say "class action" ? (2, Insightful)

ajs (35943) | more than 7 years ago | (#20469839)

If they attack any and all Torrents this way, then their users should build a case based on the blocking of major Linux distribution downloads from Fedora, SuSE and Ubuntu and make a class action out of it, certainly! This is a clear violation of their ToS, at least as I read it a few years ago when I was a customer. If it has changed, then perhaps someone could post the relevant quote from it here? Please, not the whole thing.

What's it used for? (1)

imstanny (722685) | more than 7 years ago | (#20469675)

Is it just for throttling bit torrent traffic? Can't it also be used to report on potentially illegal bit torrent transfers, as well as legal ones?

Re:What's it used for? (1)

Fatal67 (244371) | more than 7 years ago | (#20470461)

It most certainly could be.

I could imagine a company that is being sued for blocking bit torrent transfers bringing in the logs to show exactly who you downloaded from (ip anyway), what you downloaded (if it isn't encrypted at all), and when you did so. They can most assuredly show connection requests for specific files whent hat request is not encrypted and passes through their deep packet inspection system.

I would definitely make sure that the folks involved in said lawsuit weren't having illegal file transfers blocked as that could be pretty detrimental to the case, relevant or not.

Re:What's it used for? (3, Interesting)

Penguinisto (415985) | more than 7 years ago | (#20470615)

Is it just for throttling bit torrent traffic? Can't it also be used to report on potentially illegal bit torrent transfers, as well as legal ones?

If any ISP did, it would kiss away any hope of a DMCA safe-harbor claim. As an ISP or other such party, if you know about it, you're supposed to stop it, not throttle it. Not stopping it immediately upon discovery and confirmation IIRC constitutes complicity.

/P

Soviet Russia (1, Funny)

MortenMW (968289) | more than 7 years ago | (#20469685)

In Soviet Russia, TCP packets reset you!

Only thieves use bittorrent (-1, Troll)

Anonymous Coward | more than 7 years ago | (#20469697)

Well, that and retards such as the one who invented it.

Suure... legal action is possible... (4, Interesting)

Creepy Crawler (680178) | more than 7 years ago | (#20469719)

But when these huge companies work with other huge companies AND government agencies like the FBI and CIA, do you think you even have a chance in Hell?

Like many have said before me, we need to go pure encrypted communications to prevent this kind of violation. TOR, WASTE, and Linux based encryption techniques allows us these kind of tools to defend against attackers: our very providers of bandwidth.

Re:Suure... legal action is possible... (0)

Anonymous Coward | more than 7 years ago | (#20469785)

They're not letting me download the latest Christina Agulieraspearsdonna album at peak speeds for free! TIME TO CALL IN THE LAWYERS!

Re:Suure... legal action is possible... (5, Insightful)

Spy der Mann (805235) | more than 7 years ago | (#20469797)

do you think you even have a chance in Hell?

Then again, Rosa Parks [wikipedia.org] had no legal right to keep her bus seat from a white guy. And yet, she did.

If you don't stand up and fight for your rights, who else will?

Re:Suure... legal action is possible... (2, Insightful)

nuzak (959558) | more than 7 years ago | (#20469899)

There are legal torrents. Comcast is certainly screwing you. That said:

I may not have known Rosa Parks, Rosa Parks wasn't a friend of mine, but I can say with pretty god damn clear certainty that you are no Rosa Parks.

Why do you say that? (4, Insightful)

WindBourne (631190) | more than 7 years ago | (#20470531)

First, Spyder was not saying that he was Rosa, but even ignoring that, why do you say with certainty that this is not the same? This is standing up to a MUCH bigger bulley who is trying to take what is not theirs. It was no different than when the geek stood up to a circuit city store and then the police. That is a case that may make a difference, as might this (keeping our rights from those that would gladly steal them). You can bet that at the time of Rosa, the locals just thought it was a silly disturbance.

Re:Suure... legal action is possible... (0)

Anonymous Coward | more than 7 years ago | (#20470621)

But, But, But... My downloads are tired! I ain't gettin off this tube for some rich white man! Nuh uh, sister. Represent.

Re:Suure... legal action is possible... (2, Informative)

ajs (35943) | more than 7 years ago | (#20469903)

But when these huge companies work with other huge companies AND government agencies like the FBI and CIA, do you think you even have a chance in Hell?
Cases are won against the Federal Government on a regular basis. The question is, what kind of service should these users expect? They are sold a service that says they get fast downloads, and so they try to download something and it's not only fast, but blocked. I see no reason that Comcast, even if assisted by the Federal Government, could justify that.

Re:Suure... legal action is possible... (1)

budgenator (254554) | more than 7 years ago | (#20470519)

My SELinux Torrent should trump both the FBI and the FBI, the NSA is way more l33t and spookier than those CIA lamers, NSA RULEZ!

Typo (1)

MuChild (656741) | more than 7 years ago | (#20469735)

Statute, not "statue." I can't help it, editing is what I do.

Re:Typo (1)

Nimey (114278) | more than 7 years ago | (#20469817)

Do you want to work for Slashdot?

Re:Typo (1)

Surt (22457) | more than 7 years ago | (#20469877)

... If so you're out of luck, because they aren't hiring.

Re:Typo (4, Funny)

BronsCon (927697) | more than 7 years ago | (#20469959)

Obviously not, he edits.

Re:Typo (5, Funny)

Tribbin (565963) | more than 7 years ago | (#20469873)

You made an spelling error last January 22nd:

"un-realisically"

http://slashdot.org/comments.pl?sid=218196&cid=177 12652 [slashdot.org]

You are welcome.

Re:Typo (1)

MuChild (656741) | more than 7 years ago | (#20469967)

Hey, it happens, I was just hoping that someone who could would fix it.

You may disagree with my hyphenation, but, technically, I added it for emphasis, so at least it was on purpose.

Re:Typo (3, Funny)

mazarin5 (309432) | more than 7 years ago | (#20470053)

That's a realisic explanation and I believe you :)

Re:Typo (0)

Anonymous Coward | more than 7 years ago | (#20470063)

You may disagree with my hyphenation, but, technically, I added it for emphasis, so at least it was on purpose.
And the dropping of the t? What about that?

Re:Typo (1)

MuChild (656741) | more than 7 years ago | (#20470183)

Oh...yeah...(shame).

Re:Typo (1)

martinelli (1082609) | more than 7 years ago | (#20470551)

The hyphenation is fine. However, you missed the 't'.

Re:Typo (4, Funny)

DieByWire (744043) | more than 7 years ago | (#20470499)

You made an spelling error last January 22nd:

You made a spelling (or grammar) error today.

You're welcome.

I don't know (4, Funny)

everphilski (877346) | more than 7 years ago | (#20470077)

Maybe they are kinky and really into violating statues ...

Re:I don't know (0)

Anonymous Coward | more than 7 years ago | (#20470433)

fucking hilarious!

Re:Typo (3, Funny)

toddhisattva (127032) | more than 7 years ago | (#20470421)

I was forming such a clear mental picture of a comcast violating a statue. Too bad I can't draw.

Well, true... (1)

Citius (991975) | more than 7 years ago | (#20469737)

It could infringe on both legal and illegal bittorrent traffic. Unless the Bush administration pulls another 'national security' coverup on this lawsuit, which it easily could under some fabricated reason, it's an unlawful invasion of privacy... Then again, I'm not quite sure what Comcast has in its ToS. Perhaps it has some secret clause for fraud and impersonation... =P

Re:Well, true... (1)

JoeInnes (1025257) | more than 7 years ago | (#20470087)

Even if it were to have such a clause, it would be unenforcable. You cannot get around the law using a contract. For example, imagine if I were to hold a gun to your head, and force you to sign a contract saying you agree to being forced to sign a contract, and that by signing the contract, I may kill you whenever I want. Were the contract legally enforcable, then you would be able to kill me. Unfortunately, you cannot sign something that violates the law. I am not allowed to force you to sign a contract, whether you agree to it or not. I am not allowed to kill you, whether you agree to it or not. (N.B. I'm English, and accept that the examples I have provided are not applicable in all countries)

Re:Well, true... (0)

Anonymous Coward | more than 7 years ago | (#20470249)

I heard a story once about some researchers who wired up the sexual pleasure center of a mouse's brain to a "Bush Sucks" button. Once the mouse discovered the button, it pounded the button repeatedly to the exclusion of all other activities, including eating.

Apparently, after the experiment was over, they gave the mouse Internet access to see what would happen next.

Wherefore art thou mod points?! (1)

Ahnteis (746045) | more than 7 years ago | (#20470489)

Yes, yes I did laugh. :)

I deplore it! (0)

Anonymous Coward | more than 7 years ago | (#20469747)

I am totally and unequivocally against this.

Of course, there is always DSL. But, wait, that brings AT&T into the picture, at least in California and several other states.

Is this what is called "Hobson's Choice?"

I bet their vendor did not tell them this... (1)

tgatliff (311583) | more than 7 years ago | (#20469759)

I am thinking that the vendor of their routers probably didnt disclose this bit of information.... Opps...

Technical merit? (4, Interesting)

WPIDalamar (122110) | more than 7 years ago | (#20469787)

Legal questions aside, is there some technical merit to sending a RST instead of just blocking the packets? Is it less expensive to the ISP or something? I don't understand why they're doing it.

Re:Technical merit? (4, Informative)

bagboy (630125) | more than 7 years ago | (#20469879)

Blocking bittorrent causes the client to find other open ports (if you are using port-based blocking). As an ISP, by throttling it way back to almost nil, but keeping it as an established connection, you have a better chance at keeping bittorrent traffic from overcoming your own upstream/downstream connection to your provider.

Re:Technical merit? (0)

Anonymous Coward | more than 7 years ago | (#20469883)

A TCP RST forces the connection to close and therefore frees up a slot for a new connection, rather than waiting for the connection to timeout. Less load on the routers.

Re:Technical merit? (1)

pe1chl (90186) | more than 7 years ago | (#20470085)

No. A TCP connection does not put load on routers.
The reason is that to block a packet you need a device that passes-through packets and could get overwhelmed or be broken, while with the RST method you just need to examine pass-by traffic and send an occasional RST. When your device gets overloaded, it will just miss part of the traffic but the traffic itself will not be hindered.

It's better than single-packet blocking. (4, Informative)

Kadin2048 (468275) | more than 7 years ago | (#20470009)

Yeah, it works better. Sending a RST packet closes the TCP connection. Just eating the packet would cause the computer to resend it, creating more traffic on the network. The forged-RST attack is "fire and forget." You identify a TCP connection that has bad traffic in it, and then you target the connection. It doesn't require matching every packet, you can instead look for patterns of packets that indicate types of traffic you dislike, and then just terminate it, and move on to the next connection. It may use deep-packet inspection, but it's not a 'packet blocking' attack. It's better, because it avoids having the computers retransmit packets that just contribute to the traffic you need to screen.

It's a fairly insidious way to block traffic, which is why the Chinese do it. Frankly it's a fundamental weakness of TCP: it wasn't really designed to cope with hostile intermediate nodes. (Flaky ones, sure, but not hostile ones.) You could configure your computer to reject RST packets, but then you'd end up leaving connections open all over the place and cause all sorts of other problems. It's not something that you can trivially work around.

Re:It's better than single-packet blocking. (4, Interesting)

Vellmont (569020) | more than 7 years ago | (#20470593)


You could configure your computer to reject RST packets, but then you'd end up leaving connections open all over the place and cause all sorts of other problems. It's not something that you can trivially work around.


How about just wait until some specified timeout and see if you receive any other packets? If someone sends RST, but you receive a bunch more packets, there's a very good chance the RST was faked. Better yet, wait for timeout1, then wait timeout2 for any more packets. (Since packets can be received out of order). Then if you receive more packets during timeout2, ignore the RST. I'd say that's pretty trivial. It could even be implemented on a NAT router so you wouldn't even have to modify your OS.

Forged RST packets (4, Insightful)

ACMENEWSLLC (940904) | more than 7 years ago | (#20469789)

We use a popular web content filter. The way it works is by doing the same thing. So when we are blocking traffic, we block it by issuing a forged RST. It's either do this, or place the content filter inline ACTIVE. Right now it is passive It does packet capturing and RST to block. If it's down, then traffic still flows. If it were active, we could simply drop the traffic and not forge the RST. But performance and uptime are horrible on many products when these are inline.

Initially this sounded a lot worse to me.

Re:Forged RST packets (0)

Anonymous Coward | more than 7 years ago | (#20469875)

But it is so easy to just filter out the RST packets at the client that you really need to do more than that, or tomorrow your clients go around the content filter with ease...

Re:Forged RST packets (1)

mzs (595629) | more than 7 years ago | (#20469985)

You realize that they can send the RST to both ends right? You realize that unless you are using something like RAW sockets your app won't have a chance to see the RST? Do you really want to re-create a TCP IP stack in your bit torrent client?

Re:Forged RST packets (1, Interesting)

Anonymous Coward | more than 7 years ago | (#20470041)

For filtering of RST in the client you don't need raw sockets or re-creating a TCP stack; just a simple iptables rule is sufficient.
Of course this will not work when the RST is sent both ways and (in case of a p2p network) the guy at the other end does not have the filter.

Re:Forged RST packets (1)

Kadin2048 (468275) | more than 7 years ago | (#20470147)

No, they won't, and it's not as easy to filter out RST packets as you seem to think it is. TCP RST packets are handled by the network stack, which is part (usually) of the OS kernel, not userland applications. So to block them, you'd need to change things at fairly low levels of the system, and you'd have to change them at both ends of the connection -- the client requesting the content and also the server supplying it (in the case of web traffic that you're trying to block).

And you really do not want to start telling everyone to configure all of their internet-facing machines to ignore all RST packets. That would create a hell of a mess.

Some ways I've been thinking you could get around the RST-injection MITM attack: set up an encrypted tunnel between the two ends of the connection, and ignore all RST commands that aren't sent inside the tunnel. This would require modifications to the network stack on both ends, though, because you'd have to set it up to specifically ignore RST packets on encrypted connections. (So basically you'd need to have a way of ignoring RST packets on particular connections, but then a way for the higher-level application that did the decryption to reset the connection when it received a correctly-formed request INSIDE the encrypted tunnel.)

Re:Forged RST packets (0)

Anonymous Coward | more than 7 years ago | (#20470381)

a) RST filtering is trivial if you're not using Windows or if you use one of the many WRT54G compatible routers where you have full control over the builtin firewall. I wouldn't recommend doing that, but it is not hard at all.

b) A proper VPN is not built on top of TCP, so there's no such thing as RST packets which could tear the tunnel down from the outside.

Re:Forged RST packets (4, Insightful)

Opportunist (166417) | more than 7 years ago | (#20470251)

The difference is most likely that you're the endpoint of the traffic. When traffic comes to me, it's my business what I send in reply. A RST, nothing or a "thanks for sexual services".

Comcast is the carrier. They have no business sending RST packages. Their business is to transfer packets to and from you. If you allow them to manipulate your packets (which this essentially is, injection of packets is by no means different from altering them, it changes the data stream and the information transmitted), you can never be sure that what you sent is what arrived on the other end.

Evidence is already out there (5, Informative)

poetmatt (793785) | more than 7 years ago | (#20469827)

take a look at http://www.dslreports.com/forum/comcast [dslreports.com] and you will note that plenty of examples of this impersonation exist. They disconnect by impersonation after about 10 seconds of seeding, and it seems to be courtesy of Sandvine. Gotta love lack of net neutrality here, although I am not in favor of extreme net neutrality, some would be, well, nice.

Re:Evidence is already out there (1)

MobyDisk (75490) | more than 7 years ago | (#20470141)

Just curious, but what is extreme network neutrality?

EXTREME Neutrality (4, Funny)

Kadin2048 (468275) | more than 7 years ago | (#20470203)

Just curious, but what is extreme network neutrality?
Network neutrality, enforced by roving bands of ninjas.

Re:EXTREME Neutrality (2, Funny)

poetmatt (793785) | more than 7 years ago | (#20470465)

wait though....this is like microscopic/hacking, so wouldn't it be minjas? [youtube.com]

Re:Evidence is already out there (1)

poetmatt (793785) | more than 7 years ago | (#20470353)

forcing ALL packets to be handled equally would be extreme. It just doesn't work that way. Nor does it work if you are not forcing most packets to be treated equally. VOIP needs it, games need it, low bandwith applications do not. There is a need for QOS for certain thing but only when the bandwith is low/slow.

It didn't escape attention on Slashdot! (3, Informative)

Cheesey (70139) | more than 7 years ago | (#20469869)

Last time this piece of news was discussed [slashdot.org] , someone helpfully posted a solution [slashdot.org] for your Linux firewall.

read the rest of that thread (2, Informative)

Kadin2048 (468275) | more than 7 years ago | (#20470313)

That solution as written doesn't work [slashdot.org] , and even if it did, might still screw up the connection [slashdot.org] (because you want to un-set the RST flag, not throw away the whole packet). Also, some people have indicated that Comcast is doing more than just forging RSTs, they are also eating packets along the way [slashdot.org] , so it's not a silver bullet.

Even worse, these packets count towards your cap (1, Insightful)

Anonymous Coward | more than 7 years ago | (#20469901)

Causing you to get TOSed earlier.

It's Not A Crime.... (1, Informative)

asphaltjesus (978804) | more than 7 years ago | (#20469905)

If no one prosecutes.

This one stands an extremely low probability of actually improving comcast's service from a consumer-geek perspective. Quick and dirty reasons why:

1. Comcast is in up to their necks with municipal politicians. They need campaign contributions from Comcast.
2. Comcast is in up to their necks with state politicians too.
3. What's the penalty here? Certainly not meaningful enough to warrant the expense of a trial.
4. Since when do consumers Comcast's terms of service? They'll spew the usual free-market pablum as a polite way to tell unhappy customers to go elsewhere. Except they know there may be no elsewhere in many cases.... Not their problem.

For everyone that refuses to believe nothing will come of it, who's going to pay the law firm to drag Comcast into court on a state-by-state basis?

Re:It's Not A Crime.... (1)

BosstonesOwn (794949) | more than 7 years ago | (#20470075)

http://en.wikipedia.org/wiki/Class_action#United_S tates [wikipedia.org]

Looks like most attorneys would take it just drooling at the amount of money they could make on a settlement. My take from this is that no one pays and the lawyers rakes in the cash if they win it. If not they are out some time.

But, this is awsome (2, Funny)

iONiUM (530420) | more than 7 years ago | (#20469923)

I'm so glad I live in Canada.

Net Neutrality (0)

Anonymous Coward | more than 7 years ago | (#20469931)

Of course, net neutrality is the golden solution to everything in the world. But i wouldn't expect it until we move to an open source government [wikipedia.org] .

Good heavens... (2, Insightful)

Otter (3800) | more than 7 years ago | (#20469933)

...forging data to and from customers is a big no-no...

I realize that to the nerdish mind falsifying the sender of an IP packet is equivalent to "impersonating another", but no sane prosecutor would ever make such a case.

MOD PARENT UP (1)

Bryan Ischo (893) | more than 7 years ago | (#20470197)

I agree. This is exactly what I thought when I read the article submitter's summary. If I had mod points I would mod you up.

Re:Good heavens... (0)

Anonymous Coward | more than 7 years ago | (#20470199)

And yet, the RIAA makes the very similar claim that the destination IP address corresponds to a flesh-and-blood person.

Re:Good heavens... (1)

Opportunist (166417) | more than 7 years ago | (#20470309)

Show me a prosecutor who knows a thing about TCP/IP and isn't just listening to the first person talking to him and we'll talk.

Re:Good heavens... (1)

dnebin (594347) | more than 7 years ago | (#20470325)

There's no data impersonation at all. You merely receive a packet indicating reset and start over wrt tcp send/receive communication streams. You're not getting any data from the original host, nothing is being tampered with...

The thing to remember is that you signed a contract with Comcast at the start of your cable net access. Unless there is something in there that indicates they cannot or will not do such a thing, then you've already agreed that they can do it.

Re:Good heavens... (1)

Invidious (106932) | more than 7 years ago | (#20470603)

Actually, there is, because -- as I understand it -- a reset package from any random source won't terminate the connection, it has to come from the source you're currently communicating with. Therefore the intermediary server has to forge a packet appearing to come from the computer you're communicating with. It's a trivial thing to do, but I personally agree with the original poster: this is impersonating someone, and could have significant legal ramifications.

Impersonation only applies to DATA not SIGNALING (0)

Anonymous Coward | more than 7 years ago | (#20469941)

They can do whatever they want with the TCP traffic on their network as long as they don't alter the DATA. If you don't like it, switch to DSL or wireless.

"Apothis 2036 - Surf the Big One"

Statues? (1)

Hashi Lebwohl (997157) | more than 7 years ago | (#20469947)

"Impersonating statues", definitely a criminal offense.

Re:Statues? (0)

Anonymous Coward | more than 7 years ago | (#20470159)

The other night I was dicking around with this. give it a try yourself. The deluge of malformed and ICMP'ed up packets are fun to sift through

hping3 -I interface x.x.x.x --rand-dest -S,A,P -p 6881-6889

Interesting things come back like this for SYN's ACKS's PSH's, etc...

len=46 ip=x.x.x.x ttl=43 id=17045 sport=6881 flags=RA seq=91 win=0 rtt=52.1 ms
len=46 ip=x.x.x.x ttl=106 id=32844 sport=6881 flags=RA seq=116 win=0 rtt=6584.7 ms

Pro-consumer madness! (1)

Yath (6378) | more than 7 years ago | (#20470033)

New York, a state notorious for its aggressive pro-consumer office of the Attorney General, makes it a crime for someone to "[impersonate] another and [do] an act in such assumed character with intent to obtain a benefit or to injure or defraud another."


Crazy. Almost makes me want to move to New York.

Re:Pro-consumer madness! (1)

Dachannien (617929) | more than 7 years ago | (#20470331)

Forget it. Eliot Spitzer has too much ambition to stay where he's needed most.

Why? (1)

timeOday (582209) | more than 7 years ago | (#20470051)

Technical question: why does Comcast do it this way? Why not do flow control the normal TCP way - drop packets on the floor?

Re:Why? (1, Informative)

Anonymous Coward | more than 7 years ago | (#20470177)

Why not do flow control the normal TCP way - drop packets on the floor?

Because they don't want flow control, they want it to stop. If they just drop the packet, the computer sends it again. And again. And again. Sure, it might slow down, but computers have near-infinite patience, and eventually your customer will have transmitted 50 or 60 GB of that 4.5GB pr0n dvdrip right into the bit bucket and somebody's going to have to clean those filthy bits out.

Re:Why? (1)

Opportunist (166417) | more than 7 years ago | (#20470367)

Probably because then they'd have to peek into every single packet going through them and deciding whether to forward or drop it. This way, they don't have to see every packet, they just have to take a sample every now and then (read: a few times per second) and if it's found to be for a torrent, they just tell you to drag the connection down and discard all further packets coming for this connection.

Yuo qfa9il it?! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#20470065)

'Yes2' to any NIGGER AASOCIATION to them...then our cause. Gay any doubt: FreeBSD fueling internal DOG THAT IT IS. IT Are about 7000/5 I ever did. It

You're nuts -- be grateful they send RSTs (0)

Anonymous Coward | more than 7 years ago | (#20470135)

You're nuts. Sending resets in both directions is the KIND thing to do -- they could more easily silently drop the packets, which only makes life more difficult for the parties on either end.

What ppl really don't like is the fact that their ISP has a say in how they use the network -- and if you want to fight that fight, go ahead. But don't do it by making life harder for yourself, which is exactly what dropping packets instead of sending RSTs would do.

Not unexpected activity (1)

SmoothTom (455688) | more than 7 years ago | (#20470211)

Comcast, like most large companies, tend to do things they wish to do assuming they are right unless they are slapped down.

IANAL, but I hope that Comcast IS running afoul of the law, and that one or more AG offices will bring it to their attention and force them to stop.

(No, I'm not a Torrent user, I just don't like companies assuming they are above the law.)

I won't hold my breath, though - I don't like turning blue and falling to the floor...

--
Tomas

Standard Approach (2, Informative)

madsheep (984404) | more than 7 years ago | (#20470237)

This method is how most content filters do their jobs. Why not just drop the traffic you ask? Well here's why.. if you don't reset the connections, both sides will just continue trying to communicate with one another by retransmitting the packets. That's why it's TCP and not UDP.. the whole trying to guarantee the delivery thing. Now, they're not just blocking on IP addresses. If that was the case they could just drop the traffic altogether and not need to "forge" anything. However, since it's discovering the traffic is P2P related later on, it does it in such a fashion.

Now the other thing is that the IP addresses being used are owned by the ISP. I am not so sure this is really forging something on behalf of the customer that's breaking laws. The customer doesn't own that IP. On top of that (and I am ASS-U-MING HERE) they are probably breaking the acceptable use policy for the ISP. If they don't allow P2P stuff, you're in violation. They could do a lot worse stuff to be a PITA than just reset your connections. :)

Re:Standard Approach (1)

SmoothTom (455688) | more than 7 years ago | (#20470375)

Some companies use torrent aas a distribution method for their legal, legitimate software and movie distributions.

The originating IPs do NOT belong to Comcast.

By impersonating those originating IPs to terminate the connections is Comcast breaking either the law or contracts?

I believe that is the question.

--
Tomas

fighting fire with fire (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#20470241)

So now we get to read all the self-important posts from people who download copyrighted movies games and software complaining because what someone else is doing may break the law?

pot kettle etc.

Nobody who is downloading copyrighted stuff has any right to complain about this. As a content provider, I'm glad this ISP is taking a stand on behalf of people who actually create new content.

Does it mater to you that you are wrong? (1)

SmoothTom (455688) | more than 7 years ago | (#20470317)

MANY legitimate downloads of software and movies are via torrent.

Blocking the legal and legitimate downloads is NOT what the users are paying their provider (Comcast) to do...

--
Tomas

Re:Does it mater to you that you are wrong? (1)

mdozturk (973065) | more than 7 years ago | (#20470423)

I wonder if world of warcraft affected by this. Doesn't WoW use their own version of BT to propagate patches?

Re:Does it mater to you that you are wrong? (1)

garylian (870843) | more than 7 years ago | (#20470571)

They did when I played. Though at this point, probably half their players get it from FilePlanet.

I think Blizzard got a cut from all FilePlanet subscriptions that happened 3+ months after WoW launched.

Silliness (0)

E++99 (880734) | more than 7 years ago | (#20470257)

Sending a RST packet is a perfectly legitimate way to close an unallowed TCP connection. Equating this with the criminal impersonation of another human being is beyond ludicrous.

Re:Silliness (1)

iggymanz (596061) | more than 7 years ago | (#20470435)

no, it's just criminal. I use p2p for dvd and cd of open source software, and the download rates I get are 20 to 50 kbs. nothing the ISP would even notice. I'm paying for connectivity, not censorship based on on a suspicion I might be pirate. I'm glad I don't have comcast anymore, now I'm paying 1/3 the price for adsl.

Re:Silliness (1)

Danse (1026) | more than 7 years ago | (#20470547)

Sending a RST packet is a perfectly legitimate way to close an unallowed TCP connection.
Is there any reason that someone couldn't configure their machine to ignore the reset packets?

*shrug* - who cares? (-1, Flamebait)

moracity (925736) | more than 7 years ago | (#20470495)

I have Comcast have no problems with any type of torrent downloads...as long as there are seeders.

However, I also have no problem with Comcast restricting the type of traffic that comes across their network. It's their network, so they get to decide what they choose to allow on it. It's no different than blocking SMTP traffic to keep people from running mail servers. When you are running bittorrent, you are both a client and a server. If you want unrestricted torrent bandwith, get off your ass and create your own anarchist network. let's see how successful that is.

Let's not pretend that most torrent traffic is legitimate...we all know it isn't. That's like suggesting legalization pot for everyone because it may help with some the side effects of chemo (there is no glaucoma benefit, btw). That argument has nothing to do with the general population.

Frankly, blocking torrent traffic is the only sure way Comcast could secure themselves from lawsuits by copyright holders, which, I am sure, scares them a lot more than some nerds on Slashdot.

I have an idea... (0, Flamebait)

joeytmann (664434) | more than 7 years ago | (#20470523)

How about all the users of bittorent downloading linux distro's and public domain movies convince all the users of bittorrent that download pirated movies/mp3s ripped from CDs/cracked software/etc to stop doing so...then comcasts crap-tastic network wouldn't be saturated with bittorrent traffic and they wouldn't be trying to stop bittorrent at all.

Yeah, not very realistic. Too bad a fuck-ton of rotten eggs are out there ruining it for the rest that want to use the software to download legal software.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?