dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
305212
share rss forum feed


Roundboy
Premium
join:2000-10-04
Drexel Hill, PA
reply to dfxmatt

Re: Comcast is using Sandvine to manage P2P Connections

it worked out pretty well for me... it didn't take long to seed a good ratio at all...

dfxmatt

join:2007-08-21
Evanston, IL
yes but were they comcast members?

how many were dropped about 15secs after connection?


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to espaeth
said by espaeth:

Reset injection is not something all that flashy and new; our 8E6 content filters have been doing this for a couple years now.
Then you're a bad player, stop doing that! -- There are solutions. Read this informative RFC:

RFC 3360: Inappropriate TCP Resets Considered Harmful

RST abuse is relatively new. The author of that RFC was talking about this:

said by »list.nfr.com/pipermail/firewall-···672.html :
Of 24,000 or so web servers that we tested as part of the TBIT project, only 300 or so were behind firewalls that send TCP resets in this case, so clearly most of the world seems to be maintaining reasonably adequate security without sending TCP Resets in this case.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to espaeth
said by espaeth:

Since we're back to talking technical details -- what do you propose for a better solution?
Well, let's get one thing perfectly straight: the RST forgery/injection is wrong and must be stopped -- even if there is no other solution to replace it.

But there are solutions:

- Be public about the problem, and enlist the customers' assistance in solving it. "This is a shared service and heavy uploading by one or two customers impacts the entire neighborhood." That's not hard to say -- Wireless ISPs and Satellite ISPs make this fact very clear to their customers. The reason they're not being public about the problem is because they have to compete with DSL and FIOS, which balances a lot more bandwidth across a much larger field of customers. As a result, DSL/FIOS can tolerate a larger percentage of heavy uploaders before their other customers begin to be affected.

- Those that do not cooperatively manage their usage can be put in a penalty box, like the port 25 issue is handled on Comcast. If the account is uploading at a sustained rate over 60%-80% of his tier for two hours, then limit the account to an upload of 128 kbps and send an e-mail to account holder. The account holder gets a Computer-Based Training lesson about about "fair use" of a "shared connection," clicks a link, and he is restored to full service by noon the next day.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.


hobgoblin
Sortof Agoblin
Premium
join:2001-11-25
Orchard Park, NY
kudos:11
"Those that do not cooperatively manage their usage can be put in a penalty box, like the port 25 issue is handled on Comcast. If the account is uploading at a sustained rate over 60%-80% of his tier for two hours, then limit the account to an upload of 128 kbps and send an e-mail to account holder. The account holder gets a Computer-Based Training lesson about about "fair use" of a "shared connection," clicks a link, and he is restored to full service by noon the next day."

Then we can have a 20 page thread about that eh?
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to pflog
said by pflog:

44. 715536 rule 11/0(match): block in on em0: 69.252.A.B.36881 > 71.162.C.D.6900: R 1765380375:1765380375(0) win 0

This is during an active torrent download, and I've verified with sockstat that I have an established connection with this host. Note the R there. My firewall dropped this packet, I guess somehow pf knows this RST packet was not part of the existing established connection. I'm a bit rusty on TCP/IP, but doesn't the RST packet need to honor the existing TCP sequence numbers? If not, it appears as though Sandvine is just sending an RST without a valid TCP sequence number.
Sandvine determines and then forges in the correct sequence number, so that wasn't Sandvine. Stateful firewalls often generate a lot of unnecessary RST responses to the closing of a previous connection. (They RST the last FIN,ACK of a 3-way handshake, for example.) We would have to see more about that packet in the context of a conversation before we could say for sure why it happened.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

1 edit
reply to hobgoblin
said by hobgoblin:

Then we can have a 20 page thread about that eh?
Yeah, exactly! This one, probably: »Comcast Bandwidth Abuse/Limits - Discuss here only


pflog
Bueller? Bueller?
Premium,MVM
join:2001-09-01
El Dorado Hills, CA
kudos:3
reply to funchords
Understood, but in watching the traffic for a good half hour on a busy torrent, that was the only RST packet I saw destined for the port I was running rtorrent on. Could just be coincidence, but that it was a Comcast IP made me think of this thread.
--
"The Dude abides."


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
said by pflog:

Understood, but in watching the traffic for a good half hour on a busy torrent, that was the only RST packet I saw destined for the port I was running rtorrent on. Could just be coincidence, but that it was a Comcast IP made me think of this thread.
With apologies, I have to retract. It could be Sandvine. I almost always get 2 RST packets from Sandvine -- one that has the right Sequence Number (which does tear down the connect), followed by one that has a Sequence number that is completely strange.

If your firewall does track sequence numbers, it would have passed the first one through and rejected the second one.

My apologies -- it's definitely possible that was a Sandvine RST.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.


pflog
Bueller? Bueller?
Premium,MVM
join:2001-09-01
El Dorado Hills, CA
kudos:3
No worries, you could be absolutely right, it certainly could have been a coincidence Just thought it funny...happened to see the R, and thought "hmm, I wonder..." and sure enough it was a GA Comcast address.
--
"The Dude abides."


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
reply to funchords
said by funchords:

Then you're a bad player, stop doing that! -- There are solutions. Read this informative RFC:

RFC 3360: Inappropriate TCP Resets Considered Harmful
That RFC has very little to do with this discussion. It was drafted largely in response to packets with non-zero reserved bits in the TCP header being rejected by firewalls. Specifically he was concerned with firewalls blocking traffic with hosts that decided to try to implement explicit congestion notification. He did include commentary stating
"We would recommend that the TCP reset not be used as a congestion control mechanism, because this overloads the semantics of the reset message, and inevitably leads to more aggressive behavior from TCP implementations in response to a reset. We would suggest that simply dropping the SYN packet is the most effective response to congestion. The TCP sender will retransmit the SYN packet, using the default value for the Retransmission Timeout (RTO), backing-off the retransmit timer after each retransmit."
There's a bit of an issue with that statement; the goal of Sandvine is to shut down connections, not throttle them. For Sandvine to work transparently it should seem like the host port is closed for connections, and the standard TCP/IP stack response to closed ports is to send a reset! Everybody seems to forget this because nearly everything (including Windows) comes with a firewall these days with a Draconian ruleset that still seems to foster the idea that obscurity has some relation to security. Disable your windows firewall or flush IPtables and try to connect to a closed port -- you'll get a nice RST back indicating the port is not available. From a debugging standpoint this is what you want to see -- some response that will help you determine why things aren't working.

The RFC author's main concern was that TCP implementations would get more aggressive in response to RST packets and start spewing SYNs (he cited the example of a stack that generated 4 connection attempts even after receiving RST responses). It's 5 years later now, and there's no indication that was really a valid concern.

It's important to keep in mind that all RFCs are not standards in and of themselves. Some do gain general acceptance as standards, but anyone can bring forth a document for review. You have to look at RFCs like 1149 or 968 to see that pretty much anyone can submit an RFC about anything, and it doesn't necessarily mean it's right.

said by funchords:

said by espaeth:

Since we're back to talking technical details -- what do you propose for a better solution?
Well, let's get one thing perfectly straight: the RST forgery/injection is wrong and must be stopped -- even if there is no other solution to replace it.
Is it mean? Sure. Is it tricky? Absolutely. Is it wrong? It depends on how you define wrong. We're talking about using valid TCP constructs to initiate the shutdown of a connection.

If Comcast were a carrier this would be a different discussion, but they're not. Carriers don't have to worry about things like DMCA notices because the responsibility for mitigation falls on the networks that represent the endpoints of the conversation. Comcast doesn't have that same luxury, as they are often one of those end-point networks. This has become more of a problem as options like BitTorrent have drastically lowered the knowledge base required to participate in the distribution of copyrighted material. Others in this thread have argued that P2P applications can indeed be used for legal purposes, but lets be realistic, most of the time that's not the case. Talking about the legal uses of P2P in this thread is like hanging out in a bordello and preaching about the virtues of virginity.

said by funchords:

Be public about the problem, and enlist the customers' assistance in solving it. "This is a shared service and heavy uploading by one or two customers impacts the entire neighborhood." That's not hard to say -- Wireless ISPs and Satellite ISPs make this fact very clear to their customers. The reason they're not being public about the problem is because they have to compete with DSL and FIOS, which balances a lot more bandwidth across a much larger field of customers. As a result, DSL/FIOS can tolerate a larger percentage of heavy uploaders before their other customers begin to be affected.
The response to the abuse department talking one-on-one with folks that would be the target of this "education initiative" has been to post videos on YouTube or come on forums like this and talk about how Comcast is an evil company that doesn't let users download anything. Let's be realistic, customer education ain't gonna get this done.

said by funchords:

Those that do not cooperatively manage their usage can be put in a penalty box, like the port 25 issue is handled on Comcast. If the account is uploading at a sustained rate over 60%-80% of his tier for two hours, then limit the account to an upload of 128 kbps and send an e-mail to account holder. The account holder gets a Computer-Based Training lesson about about "fair use" of a "shared connection," clicks a link, and he is restored to full service by noon the next day.
Pushing configs out to cable modems seems like a kludgy way to deal with this, but it might be workable. Otherwise doing differential throttling would mean more complexity to their existing traffic shaping solution. While that sounds trivial, years of experience in networking has shown me that simple things are easier to manage and break less frequently. In my opinion it's not worth trading overall network path stability to implement a Rube Goldberg system that would punish heavy file sharing users with the network equivalent of a young child's "time out".

-Eric


ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN
reply to funchords
Just wanted to say..for those people that haven't read threw all the pages..best way to seed if you have sandvine on your line, is to download something, then just leave it seeding, don't restart it..im still seeding at normal rate for the past 2 hours after my download was done.

dfxmatt

join:2007-08-21
Evanston, IL
aye, minute you restart the seed though it'll do the resets to any non-comcast user

comcast still denies this, and RCN can't give me service in my area since comcast owns all pipes. Viva le monopoly


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
said by dfxmatt:

...RCN can't give me service in my area since comcast owns all pipes. Viva le monopoly
Is there some reason why RCN can't expand their plant into your neighborhood?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

dfxmatt

join:2007-08-21
Evanston, IL
all I got from them was "we are unable"

from the email: "Thank you for your recent interest in RCN. Unfortunately, RCN does not
currently offer service at the address you provided. At the present time,
we do not have an estimated time frame as to whether or not we will become
a service provider in your neighborhood. We will gladly keep your
information on record should service become available.
"


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
My guess is that there isn't an "Monopoly" process in effect, then. I don't see how it is Comcast's fault that RCN won't expend capital to expand their service footprint.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

dfxmatt

join:2007-08-21
Evanston, IL

1 edit
beyond that I am displeased with comcast, they do own all lines in my development. I wish RCN would build some, but they refuse to tell me how many people I'd need to have willing to sign up for service in order for them to build out (I asked for such).


MysticGogeta
The Robot Devil
Premium
join:2005-03-14
Katy, TX
reply to funchords
This isn't actually affecting me I got 70 drop connections in a hour downloading a torrent.
--
Team Discovery-Join the fight

dfxmatt

join:2007-08-21
Evanston, IL
I will test tonight with a new legitimate seed and see what happens - will report back


eatnaders

join:2005-04-07
San Jose, CA
kudos:1
reply to funchords
OK. For anyone having problems seeding torrents. If you are using Azureus as your torrent client. Turn on encryption, which is supported in this application. Sandvine will be unable to determine what type of traffic it is and allow it to go through. It works great for me. Here is how you do it. Enable Advanced Mode and then click on Tools. Open Connection pull down inside tools. Inside you will see a selection called Transport Encryption. Open this setting up. Enable Require encrypt transport. I should point out that if other users that are seeding or leaching do not have encryption enabled then you as the seeder will suffer because they will be unable to connect to you.


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
The Azureus team has really been working on this.

»www.azureuswiki.com/index.php/Av···#Level_5


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to funchords

Re: Something for eMule clients to try- improves Sandvine issues



ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN
Thanks for the updates, funchords, But what about people on Utorrent? I have been doing fine with seeding..i have been just leaving utorrent going after my download is done, i believe im on my 4th day seeding..which is kinda sad to have to leave it seeding that long just to reach a good ratio, MORE upload speed so i can quit seeding faster.

Q: Is Azureus really system sources hungry like i hear it is?


Madcap
Baby's on Fire
Premium
join:2004-06-26
Fpo, AP
I've never noticed Azureus eating system resources in large amounts.


ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN
reply to funchords

Re: Comcast is using Sandvine to manage P2P Connections

Just tried out Azureus..Didn't like it, to much crap they force on you to download with the program. I'll stick to utorrent.

But i do applaud their efforts on isp's throttling to help their users out.


jig

join:2001-01-05
Hacienda Heights, CA
post back if you find utorrent offering a similar update hardening the encryption...


ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN
jig, Best thing to do on utorrent now is download a torrent and just leave it seeding (dont restart utorrent)

Probably sound like a broken record there but it has worked for me since they put sandvine on my line. Its obvious comcast is admitted to their sandvine efforts and are not giving it up anytime soon.

I find it funny though no one seems to have it on their line where "Blast" is available. For those who don't have blast it will probably be on your line in due-time.


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
Do we know whether Blast!==DOCSIS3?


jig

join:2001-01-05
Hacienda Heights, CA
reply to ztmike
said by ztmike:

jig, Best thing to do on utorrent now is download a torrent and just leave it seeding (dont restart utorrent)

Probably sound like a broken record there but it has worked for me since they put sandvine on my line. Its obvious comcast is admitted to their sandvine efforts and are not giving it up anytime soon.
if you don't mind me asking, which version of utorrent are you using?

i'm not on comcast, i'm on TimeWarner/old adelphia. there seems to be some new type of seed filtering going on, say in the past month or so. considering how in bed these companies are in divvying up the clientèle, i can't help but think they'd collaborate on new technology. probably went for a volume pricing deal...


ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN
reply to funchords
I heard Comcast is using Docsis 2 for (Blast!) areas..

Comcast is probably no where near a docsis 3 rollout..

I use Utorrent 1.6.1 (website where i get my torrents only accepts that version.) No higher version is allowed.

But what is weird..Just recently Whenever i start utorrent i now get the red question mark at the bottom..nothing on my system has changed for it to do that..so im sorta at a lost on that front..