Reviews:
 ·HughesNet Satell..
| Phantom Traffic - it's BitTorrent (also 2% pktloss and RSTs) Whew, boy, I don't even know how to start on this one.
So after the outage, I had 2% packet loss and random "Connection Resets" in Firefox. I had a lot of errands to run so I didn't get to explore it until last night.
First thing I noticed: a constant 60KBit/s download on my WAN interface. See graph:
I fired up a network monitor and saw that there were several THOUSAND connections to my WAN IP address. They were all bouncing off my firewall, but they were still using my bandwidth. (Hint: a month's worth of constant 60KBit/s is about 17GB!) Some work with a packet analyzer revealed it to be BitTorrent traffic.
But I don't use BitTorrent, and neither does anyone in the family. (I can guarantee these both for several long-winded reasons I won't explain here.) I can also guarantee that no one is using my wireless network without permission. After examining the LAN-side interfaces, I could tell this traffic was entirely unsolicited.
Here's my notion: the outage changed my IP address. When the modem rebooted, it associated with a different IP Gateway and got a different IP address...and whoever had been using this IP address before me (they *are* dynamic, you know) was heavily into BitTorrent. I've been told by people who actually know how BitTorrent works (I don't; I have moral objections to using it for illegal purposes and I just avoid it) that it can take a very long time for other peers to forget your IP address. In essence, a few thousand BitTorrent users out there think I have copies of Pearl Jam and The Eagles and are trying to connect to me...using quite a bit of bandwidth in the process.
I'm glad I caught it within a few days, otherwise I would be out a few GB or more.
Now, here's the gem: I rebooted the modem, got a different IP address, and giggled with glee when I noticed that my baseline traffic was back to 0KBit/s, where it should be.
And the 2% packet loss went down to 0%.
And I haven't seen a Connection Reset since.
Since I'm big on theories, here's another one to try on: whatever IP Gateway I had been using (so sorry--I should've written it down!) is saturated by BitTorrent traffic and/or just extremely loaded. It should be obvious that my satellite equipment and network can communicate just fine with the NOC; this rules out everything but the infrastructure between the NOC and the Internet. There *is* a bottleneck somewhere, much as HughesNet refuses to acknowledge it.
I don't consider rebooting the modem repeatedly to be a solution to the problem. Unfortunately, I don't have many suggestions either (whining without at least one suggestion for improvement is not proper). Well, I have one that may prove unpopular: pull a Comcast and start traffic-shaping BitTorrent traffic. While I'm usually quite against any form of Internet censorship, in this case, people really shouldn't be using BitTorrent on a satellite connection anyway. It hurts everyone else, if only in the sheer number of TCP connections it opens. Maybe that's why the CGN boxes are swamped. (Fun fact: default timeout for an open TCP connection is 5 days on a Linux box...)
I posted this on my blog with a complete explanation: »jacksontech.net/index.php/2013/0···officer/ |
|
 gwalkPremium
join:2005-07-27
West Mich. | Wow,
Even rebooting the modem you have no control over which IP you will be dynamically assigned. You could very easily end up with another "afflicted" IP.
A hardware firewall being "after" the modem isn't going to help.
This is truly a job for Hughes Engineering. I cant imagine the time it will take to solve this one. |
|
| reply to JacksonTech
Strange. I would have assumed bittorrent would see the dropped packets and assume the host is unreachable instead of continuing to flood the IP address.
I have seen Spotify do strange things like this. |
|
| reply to JacksonTech
said by JacksonTech: There *is* a bottleneck somewhere, much as HughesNet refuses to acknowledge it.
There sure is. Whenever I get stuck with sub 1Mbps speeds, I reboot the modem and try to get on a different gateway. Your discovery helps explain why this sometimes works. |
|
| Sorry for following up on myself, but what JacksonTech described seems more like an unintended denial of service attack rather than a "bottleneck", right? That's very consistent with what I am experiencing. Sometimes Gen4 works as advertised, and sometimes it doesn't. Sometimes rebooting the modem switches me to another gateway (with speeds restored), and sometimes it doesn't. |
|
gwalkPremium
join:2005-07-27
West Mich. | What he is describing is "hits" on his modem & resulting Bandwidth loses after being assigned a dynamic IP by Hughes that a previous Hughes user used BitTorrent.
|
|
gwalkPremium
join:2005-07-27
West Mich. | reply to JacksonTech
The original thread, more details and any official Hughes response can be found here:
»community.myhughesnet.com/hughes···ned_dish
EDIT:
official reply:
OFFICIAL REP) 14 minutes ago
Hi JacksonTech and thanks for the post. Let us look into the Phantom Traffic and your connection reset concerns. I will touch base as soon as I have some news. Suz |
|
1 edit | reply to gwalk
Even though I know little about BitTorrent, I understood JT's post. It seems like thousands of "hits" on the modem would be similar to a DOS attack, and that would explain the erratic performance of GEN4. I had already figured out that I could "restore" my speeds by temporarily by rebooting the modem, but that's not really a solution.
Apparently, it's difficult to block BitTorrent: »security.stackexchange.com/quest···ications
Thanks for the link to HughesNet community.
EDIT: As a side note, Opera is warning me about a certificate on the HughesNet Community:
|
|
