dslreports logo
 story category
Bypass Bell Canada's Throttling
As is often the case, encryption can help defeat many forms of traffic shaping, and posters in our Bell Sympatico forum note that the specific way Bell Canada throttles P2P applications can be easily circumnavigated. In a filing with the Canadian Radio-television and Telecommunications Commission (CRTC), a small Canadian company by the name of Per Vices Corporation highlights how the practice hurts their business, and how easy it is for P2P users to bypass the throttling anyway:
quote:
Forced to associate VPN connections with a specific port, they make it trivial for users of peer-to-peer applications to bypass the DPI. A user wishing to download content via BitTorrent needs only to configure their client to use the VPN TCP port to transfer content, associate any remaining UDP ports with the standard IPSec Authentication and Encapsulating UDP ports, and strictly apply protocol encryption to all incoming connections.
Set your bittorrent port to TCP/1723, and put any DHT or tracking on UDP/500, UDP/50, UDP/51. "Throttling started over the last week in London ON for me on sympatico," says one of our users who claims this works -- for now. "I was routinely pulling 500kb/s and all of a sudden went to 30kb/s -- swapped to tcp 1723 and configured for encrypted connections - saw my dl's jump back to 500kb/s again."
view:
topics flat nest 

DaSneaky1D
what's up
MVM
join:2001-03-29
The Lou

DaSneaky1D

MVM

Hopefully they won't block VPN access now

Bell Canada has already wielded a big sword against P2P on wholesale providers' access. Who's to say they won't do the same for VPN access?
Anomaly95
join:2005-12-11
Phoenix, AZ

Anomaly95

Member

Re: Hopefully they won't block VPN access now

Wouldn't that screw the legit users of VPN (businesses, etc.)?
accusync
join:2004-07-16
Rigaud, QC

accusync

Member

Re: Hopefully they won't block VPN access now

said by Anomaly95:

Wouldn't that screw the legit users of VPN (businesses, etc.)?
Since when did that little detail bother Sympatico/ Bell?

Bellundo
@teksavvy.com

Bellundo to Anomaly95

Anon

to Anomaly95
We're talking about Bell Canada they could care less about any legitimate user who uses VPN. As a matter of fact Bell speed throttles all their business customers down to 30 kilobytes per second just like all their residential customers.

Phil
Rojo Sol
Premium Member
join:2001-06-11
Downers Grove, IL

Phil to DaSneaky1D

Premium Member

to DaSneaky1D
They should charge extra for certain ports, VPN included. This in addition to overage charges on low monthly caps sounds like a winning strategy to not spend money on infrastructure and please the customer base.
Uncomm0n
join:2005-04-21
Centreville, VA

1 edit

Uncomm0n

Member

Re: Hopefully they won't block VPN access now

said by Phil:

They should charge extra for certain ports, VPN included. This in addition to overage charges on low monthly caps sounds like a winning strategy to not spend money on infrastructure and please the customer base.
I hope you're being sarcastic. That in no way would "please the customer base." When I pay for Internet access, I expect all outgoing/incoming ports (except incoming on port 80 and outgoing on port 25) to be wide open with no throttling.

Phil
Rojo Sol
Premium Member
join:2001-06-11
Downers Grove, IL

Phil

Premium Member

Re: Hopefully they won't block VPN access now

Yes, I was being quite sarcastic.

steve1515
Premium Member
join:2000-08-07
Peabody, MA

1 edit

steve1515 to Uncomm0n

Premium Member

to Uncomm0n
said by Uncomm0n:

... When I pay for Internet access, I expect all outgoing/incoming ports (except incoming on port 80 and outgoing on port 25) to be wide open with no throttling.
I really hate to see comments like this. I don't really find it acceptable that any ports are blocked. People shouldn't be OK with this. When I pay for Internet access, I expect all outgoing/incoming ports to be wide open with no throttling.

Froggy
@teksavvy.com

Froggy

Anon

Re: Hopefully they won't block VPN access now

You'd love rogers cable internet up in Canada. Almost all the ports are blocked.

quanta
Premium Member
join:2002-05-07
Toronto, ON

quanta to steve1515

Premium Member

to steve1515
Well, you'd want some restrictions on 25 to mitigate spam relaying.

As for port 80...technically web servers are not allowed although Bell adopts a "don't ask/don't tell" policy.
Gerk
join:2008-07-02
Oakville, ON

Gerk

Member

This is old news and doesn't work here

Not sure if it's working for your network segments, but in the Toronto area this hasn't worked for a long while now. Also they are using DPI on ALL ports, all types of traffic, all encrypted traffic here, including VPN is throttled even through other ISPs (this is the whole point of the CAIP CRTC complaint).

VPN, scp, sftp have all but stopped here as well. I really really hope that the CRTC can do something about this.

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

BACONATOR26

Premium Member

Re: This is old news and doesn't work here

said by Gerk:

Also they are using DPI on ALL ports, all types of traffic, all encrypted traffic here, including VPN is throttled even through other ISPs (this is the whole point of the CAIP CRTC complaint).
If you use standard VPN protocols (L2TP and PPTP) on standard ports it works fine.
smcallah
join:2004-08-05
Home

smcallah to Gerk

Member

to Gerk
Yeah, DPI doesn't care about ports. DPI looks at every packet, regardless of port and determines what is in the packet and then categorizes it. That is why it's called, DPI, Deep Packet Inspection.

If Bell Canada's DPI is fooled by a port, then it's not that much of a DPI product. If you set a webserver to VPN ports, DPI would easily still be able to tell that it's a webserver. Just like it should be able to see that BitTorrent or any other P2P application has moved to another port.

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

BACONATOR26

Premium Member

Re: This is old news and doesn't work here

said by smcallah:

Yeah, DPI doesn't care about ports. DPI looks at every packet, regardless of port and determines what is in the packet and then categorizes it. That is why it's called, DPI, Deep Packet Inspection.

If Bell Canada's DPI is fooled by a port, then it's not that much of a DPI product. If you set a webserver to VPN ports, DPI would easily still be able to tell that it's a webserver. Just like it should be able to see that BitTorrent or any other P2P application has moved to another port.
It looks at protocol AND port.
smcallah
join:2004-08-05
Home

smcallah

Member

Re: This is old news and doesn't work here

Then it's not much of a DPI product they're using. Since DPI should not care about ports, as it is looking at every packet regardless of the port and determines what the protocol is by the packet headers and deeper. It should never care about the port, since you can run anything on any port.

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

BACONATOR26

Premium Member

Re: This is old news and doesn't work here

said by smcallah:

Then it's not much of a DPI product they're using. Since DPI should not care about ports, as it is looking at every packet regardless of the port and determines what the protocol is by the packet headers and deeper. It should never care about the port, since you can run anything on any port.
Yes but these Ellacoya boxes they're using are capable of much more than DPI even though it is their main function. The main reason Bell configured it this way I think is because Bell uses port 995 for SSL over pop3. Not only does it do port filtering, they can use it to identify subscribers, measure usage etc.
PerVices
join:2008-07-08

PerVices to Gerk

Member

to Gerk
Hi,

We are located in East Toroto (15min East of downtown core), and this works for us. YMMV.

Regards,

Applied Research
Per Vices Corporation

Devanchya
Smile
Premium Member
join:2003-12-09
Ajax, ON

Devanchya

Premium Member

People who P2P Encrpyt kill the Internet for others

I'm fighting with Bell and Rogers right now because my business lines are getting capped / crippled.

They are treating encrypted traffic as if it is P2P traffic.

I don't believe in throttling.

I am frustrated that people getting "around" throttling has caused my legit use to get throttled.

In this way, all parties are guilty.

yaaaaaawn
@mc.videotron.ca

yaaaaaawn

Anon

Re: People who P2P Encrpyt kill the Internet for others

said by Devanchya:

I'm fighting with Bell and Rogers right now because my business lines are getting capped / crippled.

They are treating encrypted traffic as if it is P2P traffic.

I don't believe in throttling.

I am frustrated that people getting "around" throttling has caused my legit use to get throttled.

In this way, all parties are guilty.
You're choice to use them for business. No one elses. Maybe your review should reflect the true service you are getting and the true value for your money.

adisor19
join:2004-10-11

adisor19 to Devanchya

Member

to Devanchya
HAHAHAHAH

WE are killing the Internet for you ?!! LOL that's a new one. How about BELL/ROBERS/OTHER INCUMBENT ISP that are throttling your encrypted connection in the first place ? Internet should not be throttled based on protocol. You pay a certain amount per month to have a pipe coming in your home that treats all traffic equal. However you decide to treat that traffic and prioritize it is your problem not the ISPs. If you think otherwise, then you deserve what you're getting.

And yes, WTH are you thinkin giving bell such a high review yet you come here to complain about their service ?

Adi

Devanchya
Smile
Premium Member
join:2003-12-09
Ajax, ON

Devanchya

Premium Member

Re: People who P2P Encrpyt kill the Internet for others

Actually I didn't think my bell review was high. In fact it's dropped a lot since I first did one.

Reality is, my home connection is rock solid. The web is always there. My e-mail hasn't died in a year. I can do what I want.

I very specifically stated that there are better ISP for the cost.

What my point is, is instead of going after the ISP and complaining or doing the leg work that is going on with the CRTC... people go for the 'easy route' and this in fact causes issues for others who are using the protocols for the right means.

If there were a decently priced ISP that would offer internet connection for the office I would take it. Rogers only came in and wired it because they were fighting against LOOK for business back then. Bell because we were in the same building as a bank.

I'd move the office but the Lease would cost money to break. Moving costs money. Good employee's might quit if they decide it's to far to move.

So.... here I am, fighting with 2 giant corporations regarding throttled encrypted connections... because someone decided they wanted to get faster P2P speeds.

Understand,... this Rant is not directed towards those who use P2P in legitimate reasons. It's towards those who do P2P pirating, have tons of seeds going, and just leave the computer running 24x7 because they don't give a crap for their fellow man.

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

1 edit

1 recommendation

BACONATOR26 to Devanchya

Premium Member

to Devanchya
said by Devanchya:

I'm fighting with Bell and Rogers right now because my business lines are getting capped / crippled.

They are treating encrypted traffic as if it is P2P traffic.

I don't believe in throttling.

I am frustrated that people getting "around" throttling has caused my legit use to get throttled.

In this way, all parties are guilty.
I don't believe in throttling either.

We aren't causing it, it's the ISPs. It's also very easy to bypass with the right hardware and ISP.

I'm only guilty because my telco is making me guilty.

Troll Deflector
@dsl.bell.ca

Troll Deflector to Devanchya

Anon

to Devanchya
said by Devanchya:

I am frustrated that people getting "around" throttling has caused my legit use to get throttled.

In this way, all parties are guilty.
Please point us to the law or regulation that makes the use of the bittorrent protocol or finding a way to make it work under a defective ISP's service illegitimate.

Some people use http to communicate illegal things. By your logic, you just as guilty as them since you used the http protocol to make your post here.
jfmezei
Premium Member
join:2007-01-03
Pointe-Claire, QC

jfmezei

Premium Member

This may be a strategic tactic

Per Vices's filing may affect how Bell makes it next filing. Bell has already admitted that their DPI is able to find BitTorrent that hides under a well known port (Bell uses "masquerading" but that would imply BitTorrent emilate the protocol of another application which it doesn't)

Bell may be forced to admit that instead of looking for BitTorrent signatures, it may throttle everything by default, and then unthrottle certain well known protocols when the application signature and the port match the protocol.
PerVices
join:2008-07-08

PerVices

Member

Additional Information

Hi,

We've put together a quick technical brief detailing more clearly how to bypass the throttling, and giving specific examples using two sample bit-torrent clients (uTorrent, KTorrent).

You can find it here:

»www.pervices.com/docs/th ··· rief.pdf

Right now, we have tested this on a third party ISP (Tek Savvy). We are not sure if this can be extended to Sympatico retail customers. It may also be that the DPI device is configured to grey list bit torrent users temporarily.

We appreciate any feedback - specifically your ISP, and if you have success using this method.

Warm Regards,

Victor Wollesen
Applied Research
Per Vices Corporation
PerVices

PerVices

Member

Re: Additional Information

We have received independent confirmation that this applies to retail Sympatico customers.

Victor Wollesen
Applied Research
Per Vices Corporation
imis
join:2006-11-15
Kanata, ON

imis to PerVices

Member

to PerVices
The guide lists ports 1723 and 1753, just wondering which is the correct one to use?
PerVices
join:2008-07-08

1 edit

PerVices

Member

It is supposed to be TCP/1723 - that is the registered VPN port. The KTorrent client configuration is correct, and we have fixed the errata. Our apologies; we don't normally use WindowsXP, we just installed uTorrent for the purpose of demonstrating how to setup the ports.

Thank you for the heads up,

Applied Research
Per Vices Corporation

mdev
@teksavvy.com

mdev to PerVices

Anon

to PerVices
I love you. Thank you. Thank you ever so much.

yolarry
join:2007-12-29
Creston, WV

yolarry

Member

Sweet

Lets hack Hughesnet so we could do the same.

Ginko
@63.velcomdsl.ca

Ginko

Anon

it works for Velcom

I was not paying attention to all of this but noticed today in Etobicoke that everything started to slow down in Azureus to about 30kB/s up 30kB/s down. Velcom had some maintenance last night and I thought it had to do with that. I did a search and found this site/discussion and followed these instructions. Immediately my downloads went back up to a 'normal' 475kB/s and uploads back up to about 75kB/s which is where they always seemed to level off before today.

So it worked for me. The change was instantaneous. I hope it lasts!

~d
davidbrown9
join:2005-05-31
Toronto, ON

1 edit

davidbrown9

Member

Nothing new

Now to burst the bubble.

Its a placebo effect nothing more.

When you make changes it takes the throttling hardware/software time to adjust.

How long it takes varies on how closely the area is being looked at and how major the change is.

If your lucky it well take some time to catch up but it well catch up and if you unlucky then it well do it in very short order.

This method is nothing new as was used sometime back.
It would seem the researcher didn't do the research since its common knowledge encryption is next to useless in this case.

••••••••

batkinson001
join:2006-08-07
Oshawa, ON

batkinson001

Member

huh utorrent, cant find the options to change

how do i get this to work with utorrent? cant find the options....