Tell me more x
, there is a new speed test available. Give it a try, leave feedback!
dslreports logo
story category
Cox Also Disrupting P2P Traffic
Using the same forged packet method as Comcast
by Karl Bode 03:35PM Thursday Nov 15 2007
Cox users in our forums have been complaining about peer to peer performance being less than optimal. In particular, they've been noting that their upstream p2p throughput has been "weak and random," though so far this has only been showing up in certain markets. We asked regular user Robb Topolski, who was the first to discover Comcast's traffic shaping practices, to take a look at Cox connectivity a little more closely.

According to Topolski, Cox is in fact using traffic shaping to degrade p2p traffic. In analyzing a user log, he has concluded that Cox is using traffic shaping hardware to send forged TCP/IP packets with the RST (reset) flag set -- with the goal of disrupting eDonkey traffic. He's been unable to tell precisely what hardware Cox is using, but he notes that the technique being used is very similar to Comcast's treatment of BitTorrent.

Click for full size
"This capture was on the eDonkey network between a Cox user and a user in Tel-Aviv, Israel," says Topolski. "In this exchange, the non-Cox user connects, handshakes, and then requests parts, at which time the connection is immediately disrupted by an abort signal (TCP flag RST). The same pattern is repeated for all download requests."

"This is conclusive proof that Cox is interfering with eDonkey uploads by abusing the RST (abort/reset) flag," he says.

We asked Topolski if the same practice was being used to disrupt BitTorrent traffic. He noted that thus far there's just "anecdotal reports that are similar but not proven," but he's hoping to dig deeper. We asked Cox for an official statement on whether they block or otherwise impede either BitTorrent or eDonkey traffic, but they did not respond by press time. We'll of course post their position when we receive it.

Cox and Comcast also both employ caps, though the two companies have taken very different approaches to informing their customers about them. Comcast has traditionally denied that any caps exist, despite the fact they do employ monthly consumption limits that vary based on regional congestion. The company threatens to terminate the connections of users who consume too much, but never specifies what "too much" is.

Cox used to take a similarly cryptic approach to informing customers about caps. However, back in 2003, after fielding numerous customer complaints (most of them from our regular users), the company began stating their service limits very clearly. Customers say these limits are only loosely enforced.

Update: Cox got back to us with a response. From Cox's David Deliman, Product Communications Manager:
To ensure the best possible online experience for our customers, Cox actively manages network traffic through a variety of methods including traffic prioritization and protocol filtering. Cox does not prohibit the use of file-sharing services for uploads or downloads, or discriminate against any specific services in any way. To help our customers make the most out of their Internet experience, we take proactive measures to ensure that bandwidth intensive applications do not negatively impact their service. These network management practices are outlined in our subscriber agreement and Acceptable Use Policy.
While we could argue semantics over their use of the term "discriminate," we'll note that by being somewhat more frank with what they're doing, Cox's traffic shaping practices will probably net only a fraction of the attention given to Comcast (our story is currently struggling to get even the slightest digg attention).

As we've argued previously, it seems like the secrecy Comcast employs when discussing caps and traffic shaping only acts to draw more attention to the practices.


162 comments .. click to read

Recommended comments

Yarmouth Port, MA

3 recommendations

My use of the word 'Abuse'

Some have taken issue with my use of the word 'Abuse' with regards to Cox and Comcast using the RST flag to tear down TCP connections.

It's an 'abuse' of the specific purpose the RST flag in a packet header.

The RST flag is to be used only by an endpoint in response to a SYN packet when a port is not open, or if an endpoint detects an unrecoverable error condition that requires both endpoints to drop the socket and start over. No intermediate devices should be sending RST and because of this fact it is an abuse of the RST flag.

--Robb Topolski

References: IETF RFC 793, BCP 60
Robb Topolski -= =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.

what's up
The Lou

2 recommendations

Your doctor solely communicates with you....

Let's say your doctor solely communicates with you via traditional mail. Everyday, you and your doctor send multiple letters to each other, your residential mailbox to his mailbox. Due to the large amount of message exchanges, you encode each letter with a tracking process to verify that each letter is read with the intended response.

One day, the local letter carrier notices how much mail they are now carrying, and in an attempt to lessen his own burden, he decides to toss a few of your coorespondances (figuring it's not really that important considering the amount of letters that are already exchanged), yet continues to get your bills to you.

After you notice that letters are missing, you and your doctor determine that neither are at fault and conclude that the letter carrier is the problem. When he's confronted, he simply says, "your exchanges makes my job harder to get mail to other mail boxes."

Now, the USPS is responsible for delivering mail through its system. If an object is proved to be dangerous to the system, USPS employees, and end users, they take procautions to prevent damage/harm. Is it really up to the letter carrier, though, to determine that your exchanges are such a burden to effectively deliver that they can simply be long as your other "important" letters are unaffected?
:: my trivial ramblings ::



2 recommendations

Tip of the Iceberg

Until a law is passed that makes it financially unpleasant for providers to block/throttle/discriminate against certain kinds of traffic on the network, providers will continue to play this game with the users.

The key is that significant numbers of users must bitch en masse sufficient to make it a PR nightmare for those providers who base their advertising claims on "lightning fast" speeds when the reality is closer to lightning fast speeds based on the network traffic that the provider arbitrarily decides it will allow on its network. Nothing less than NN will cure these kind of games.