University of Colorado Researchers Retract Claims → On the other hand... (thinking more after submitting)

100 SYN packets per second to the same address is what most engineers would consider a SYN flood. Knocking it down is a good thing.

Except they still do barely anything about the SPAM coming from infected systems on the Comcast network.

Except when you have folks with the Fasterfox Add-on for Firefox that can be used to tweak the number of sessions opened per page.

Also, I noticed that if I tune the Firefox addon Fasterfox to a high "max connections per server" value, I can occasionally get a "connection was reset" message. Setting it back to default values eliminated the problem. Maybe all Comcast is doing is adhering to RFC specs and banging those sessions that use too high a value.

They deploy port 25 block config files to modems on a regular basis. Unfortunately, it's a reactive approach so it's going to be significantly less effective than other providers who have already walled off external port 25 access.

Exactly - this will trip DoS mitigation hardware from Cisco, Tipping Point, Checkpoint, Arbor, etc.

What next? If I make several connection attempts to DoD network addresses Comcast dispatches the FBI to throttle my connection by taking my hardware?

The number of unrelated events that we can relate to Comcast throttling are endless - time to get creative people!

Doesn't Windows XP in most cases (post-SP2 anyway) have a limit of 10 half-open SYN sessions?

So, in reality, the only people this would affect, is the people who have hacked out that limitation ... which is almost guaranteed to be Johnny Bittorrent and his uber leet buddies who think setting uTorrent to 6000 sessions means faster downloads?

We have to make a decision, and I think this should be one of those opt-out kind of deals. On the one hand you have a vast multitude of users who have infected computers, and don't know how to control them. On the other hand you have users who may generate traffic that fits the traffic profile of an infected box, but it legitimate. For the sake of protecting the stability of the internet there should be an option to deploy this type of attack mitigation (syn rate limiting) tech to protect home users. Power users or techs should have a way to opt out and of this and simply get the dumb pipe we all have been craving for lately.