www.broadbandreports.com
  
Search:  

 
   NewsSite BlogMBBMSWatchBurnfolder
newer
story category University of Colorado Researchers Retract Claims
Updated...Comcast traffic shaping still just impacting BitTorrent
02:42PM Monday Apr 07 2008 by Karl
tags: business · bandwidth · networking · net-neutrality · Comcast
Tipped by Cabal See Profile
Updated!, see below: Network researchers at the University of Colorado have dug more deeply into Comcast's new network management practices. Comcast continues to use forged TCP RST packets (essentially faking communication from your PC saying you aren't there) to derail connections and disrupt upstream BitTorrent traffic. Now, if this report is to be believed, Comcast is applying the same concept to all TCP traffic. From their research notes:
Click for full size
We have recently observed this shift in policy, and have collected network traffic traces to demonstrate the behavior of their traffic shaping. In particular, we are able (during peak usage times) to synthetically generate a relatively large number of TCP reset packets aimed at any new TCP connection regardless of the application-level protocol.
Researcher Kevin Bauer tells us that Comcast essentially just super-sized their previous traffic shaping practices. The researchers claim this broader approach now impacts far more than just BitTorrent traffic, and can now impact e-mail or web browsing:
Surprisingly, this traffic shaping even disrupts normal web browsing and e-mail applications...Users may find it extremely difficult to establish new TCP connections while using any application that has a relatively high rate of TCP connection establishment on a Comcast link.
Comcast, in contrast, tells us this is not the new "protocol agnostic" approach discussed in their recent announcement, and repeated to us that their new traffic shaping system would not be implemented until the end of the year. We're digging into the claims and are seeking additional comment from Comcast.

Update: Comcast spokesperson Charlie Douglas e-mails us this official response:
I can confirm that we have not made any shift in our network management policy yet and have not implemented the protocol agnostic approach that we announced two weeks ago. At that time, we said we would migrate to this new system before the end of the year. We are currently attempting to contact the PhD students and associate professors at the University of Colorado to better understand their analysis.

Update 2: Researchers at the University of Colorado have now retracted their findings after talking about the situation with several network engineers:
A note regarding our findings: Further experiments have led us to believe that our initial conclusions that indicated Comcast's responsibility for dropping TCP SYN packets and forging TCP SYN, ACK and RST (reset) packets was incorrect. Our experiments were conducted from behind a network address translator (NAT). The anomalous packets were generated when the outbound TCP SYN packets exceeded the NAT's resources available in it's state table. In this case, TCP SYN, ACK and RST packets were sent. We would like to thank Don Bowman, Robb Topolski, Neal Krawetz, and Comcast engineers for bringing this to our attention. We sincerely apologize for any inconvenience that this posting may have caused.

Related:
  1. Comcast Sued For Traffic Shaping
  2. The EFF 'Test Your ISP' Project
  3. Comcast Unfazed By Traffic Shaping Media Heat
  4. NY Attorney General Investigating Comcast
  5. Show Us Your 50Mbps!
  6. New Buzz Phrase: 'Protocol Agnostic'
  7. Comcast Gets Investigated While Cox Gets Free Pass
  8. Comcast Installs DOCSIS 3.0 In Two New Markets
Forums » University of Colorado Researchers Retract Claims

Comments
view: topics flat text 
Post a:
page: 1 · 2

BabyBear
Keep wise ...with Night-Owl

join:2007-01-11

Rollin.. Rollin.. Rollin...

Maybe Comcast could just do rolling connection blackouts during peak times to save their poor overloaded network.

en102
Canadian, eh?

join:2001-01-26
Valencia, CA

Re: Rollin.. Rollin.. Rollin...

I'm glad to be using indie DSL-Extreme.
I have VERY little issue with the connection as long as AT&T doesn't mess with the line.
--
Canada = Hollywood North

BabyBear
Keep wise ...with Night-Owl

join:2007-01-11

Re: Rollin.. Rollin.. Rollin...

said by en102 See Profile :

as long as AT&T doesn't mess with the line.
Yeah guess we'll have to see what those so-called 'piracy' filters decide to drop that AT&T is touting. If they screw that up just half of what they are capable of, could make Comcast's data raping look like a 'hands-off' approach.

hahahaha

@swbell.net

Re: Rollin.. Rollin.. Rollin...

said by BabyBear See Profile :

said by en102 See Profile :

as long as AT&T doesn't mess with the line.
Yeah guess we'll have to see what those so-called 'piracy' filters decide to drop that AT&T is touting. If they screw that up just half of what they are capable of, could make Comcast's data raping look like a 'hands-off' approach.
Since AT&T hands off to DSLExtreme at the ATM layer (layer 2), that's going to be highly difficult.
patcat88

join:2002-04-05
Jamaica, NY

Re: Rollin.. Rollin.. Rollin...

Wrong, it hands off at Layer 1, copper pair. Since in the USA almost all competitor ISPs must provide their own DSLAMs/termination modems. This isn't Canada where you get 1 fiber optic cable with all of your customers' ATM PVCs on it.
Dark_Fiber
Here We Go Again.

join:2004-06-13
Saint Charles, MO

Re: Rollin.. Rollin.. Rollin...

said by patcat88 See Profile :

Wrong, it hands off at Layer 1, copper pair. Since in the USA almost all competitor ISPs must provide their own DSLAMs/termination modems. This isn't Canada where you get 1 fiber optic cable with all of your customers' ATM PVCs on it.
Wrong. Very few "providers" have their own equipment. They would rather piggyback off of the companies that actually build networks! Hnading off at the cable pair would require the non-LEC ISP's to have DSLAMS in every central office.
patcat88

join:2002-04-05
Jamaica, NY

Re: Rollin.. Rollin.. Rollin...

Thats why there is a CLEC like Covad, but Covad and its clones have no interest in throttling. Ma bell does. The CLECs will present a aggregated interface to the ISP.

stfu

@sbc.com

said by patcat88 See Profile :

Wrong, it hands off at Layer 1, copper pair. Since in the USA almost all competitor ISPs must provide their own DSLAMs/termination modems. This isn't Canada where you get 1 fiber optic cable with all of your customers' ATM PVCs on it.
You have no idea what you are talking about. I worked on wholesale DSL for nearly a decade in SBC/ATT. The wholesale subscribers are handed off to the independent ISPs at the ATM level.

MrMoody
Sittin downtown in a railway station

join:2002-09-03
Clayton, NC
Sshh, don't give them ideas.

FicmanS
Premium
join:2005-01-11
Brownsburg, IN
clubs:

Re: Rollin.. Rollin.. Rollin...

Man you would think the Comcast folks would get tired of seeing all these reports... Maybe it's just me...
yaw

join:2004-05-19
Morgantown, WV

Re: Rollin.. Rollin.. Rollin...

I am tired of it, but what am I going to do? It's comcast, dialup, or no internet. Those are the choices. Comcast knows this, so why should they care?
xrobertcmx
Premium
join:2001-06-18
Sterling, VA
clubs:

Re: Rollin.. Rollin.. Rollin...

That was how it was for me for a very long time, finally FIOS became available and away I went.
--
Retaking our country one election at a time.

ropeguru
Premium
join:2001-01-25
Hollywood, FL
clubs:

said by yaw See Profile :

I am tired of it, but what am I going to do? It's comcast, dialup, or no internet. Those are the choices. Comcast knows this, so why should they care?
Hahaha... I am waiting for the "Well you just need to move then" people to show up.

But I know how you feel.
Rhanlav
Dook?

join:2005-01-28
Jacksonville, FL
·EarthLink

I'm in pretty much the same boat. I had DSL, but it was so flakey that I just had to give it the boot. So yeah, I have Comcast, but its only because its the only thing I could get around here. That and it was only 10 bucks more than my DSL for a lot more speed.
puffgussy36

join:2007-01-15
Hampton, NH

Re: Rollin.. Rollin.. Rollin...

Or if Congress and the likes of MS and Google are able to push through more open access. No even better let the NSA get involved. Once they decide that faster and more reliable broadband coast to coast is in the interest of National Security then Comcast (and the others will put up or disappear.

Remember the Defense Advanced Research Projects Agency was set up after the Soviet Union beat the U.S. into space with Sputnik. Its mission was to prevent "technological surprise."

If Uncle Sam says "give em them the best (before the Russians beat us to it again)"...

I'm kidding of course. I have Comcast. Had Verizon DSL and it sucked and cable was about the same price (cheaper with intro rate). I average 6-7 pass through and 4 while surfing with peak spikes of 15 -21. I'm not seeing a huge difference in downloading video or streaming (which could be the source servers) but over all it is faster.

Comcast should stop micro managing the bandwidth and just focus on new subscribers or they'll lose even more market share to FiOS. Ok I'm out of oxygen.
patcat88

join:2002-04-05
Jamaica, NY

Re: Rollin.. Rollin.. Rollin...

said by puffgussy36 See Profile :

Comcast should stop micro managing the bandwidth and just focus on new subscribers or they'll lose even more market share to FiOS. Ok I'm out of oxygen.
Comcast isn't loosing any serious amount of customers to FIOS. What about all the Comcast markets in ATT/Qwest land? They will never see FIOS (or more generically, FTTP). Next issue, Joe Six Pack doesn't care about speed, its not something he can rationalize. Next, people don't like change. Next people will take the cheaper product, retention offers will do wonders.
puffgussy36

join:2007-01-15
Hampton, NH


edit:
April 9th, @09:36AM

Re: Rollin.. Rollin.. Rollin...

said by patcat88 See Profile Comcast isn't loosing any serious amount of customers to FIOS. What about all the Comcast markets in ATT/Qwest land? They will never see FIOS (or more generically, FTTP). Next issue, Joe Six Pack doesn't care about speed, its not something he can rationalize. Next, people don't like change. Next people will take the cheaper product, retention offers will do wonders.
Look at last years white papers. Their revenues were down. They (Comcast) admitted they underestimated FiOS as competition in a Businessweek article. Verizon aside, they still have low market saturation in my state, so I still say they should focus on new customers and leave their current ones alone!

Scree
In the pipe 5 by 5

join:2001-04-24
Mount Laurel, NJ
They will care when many start to go no internet. lol

tc1uscg

join:2005-03-09
Saint Clair Shores, MI
·Comcast
·WOW Internet and C..
·VoiceEclipse

said by FicmanS See Profile :

Man you would think the Comcast folks would get tired of seeing all these reports... Maybe it's just me...
Odd thing, I'm not had a problem (like the one posted) or seen any RESET messages since going to CC a month ago. I spend a lot of time on the internet so I would think I would have seen something by now.
jc100

join:2002-04-10
·RoadRunner Cable

Better idea, why not just bill people and provide no service but lots of promises. Basically, let's advertise say 20mbit download with burstable speeds for X amount a month. In reality, give customers a line that doesn't work and still bill them for it. Why not. Essentially, this is what Comcraptic is doing anyway. They are providing a useless line that now interferes with activities (legal and not) that the customer chooses. I guess since Comcast is now the watchdog, the *AA's should sue them when it comes to customer's usage. Since they feel the need to play police, by all means, let them take the fall when their methods still allow traffic to occur.
patcat88

join:2002-04-05
Jamaica, NY

Re: Rollin.. Rollin.. Rollin...

Since then Joe Six Pack and grandma will drop the service. Then CC is in deep trouble.

dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ

said by BabyBear See Profile :

Maybe Comcast could just do rolling connection blackouts during peak times to save their poor overloaded network.
Or how about this novel idea: UPGRADE THEIR NETWORK!
--
You can never be too rich, too thin or have too much Bandwidth
espaeth
Misanthrope
Premium
join:2001-04-21
Minneapolis, MN
·Embarq
·Comcast

Re: Rollin.. Rollin.. Rollin...

said by dvd536 See Profile :

Or how about this novel idea: UPGRADE THEIR NETWORK!
What makes you think they're not upgrading their network? They just rolled out free upgrades from 6/384 to 6/1 and 8/768 to 8/2 here, and added at 50/5 tier. In the last few months they've increased the markets for which they've rolled out Blast! That doesn't happen without some kind of infrastructure investment.
patcat88

join:2002-04-05
Jamaica, NY

Re: Rollin.. Rollin.. Rollin...

Increase speed without upgrading, then turn on throttling to surpress the congestion created by the speed upgrade. Perfect idea.
espaeth
Misanthrope
Premium
join:2001-04-21
Minneapolis, MN
·Embarq
·Comcast

Re: Rollin.. Rollin.. Rollin...

said by patcat88 See Profile :

Increase speed without upgrading, then turn on throttling to surpress the congestion created by the speed upgrade.
In order to have downstream channel bonding you need DOCSIS 3.0 CMTS hardware with a packet scheduler that understands how to divide the traffic across the channels. You can't fake the new speed upgrades they are starting to roll out.

Cabal
Premium
join:2007-01-21
02101

On the other hand... (thinking more after submitting)

100 SYN packets per second to the same address is what most engineers would consider a SYN flood. Knocking it down is a good thing.
--
Interested in open source engine management for your Subaru?
moonpuppy

join:2000-08-21
Glen Burnie, MD
·Verizon Online DSL

Re: On the other hand... (thinking more after submitting)

said by Cabal See Profile :

100 SYN packets per second to the same address is what most engineers would consider a SYN flood. Knocking it down is a good thing.
Except they still do barely anything about the SPAM coming from infected systems on the Comcast network.
espaeth
Misanthrope
Premium
join:2001-04-21
Minneapolis, MN
·Embarq
·Comcast

Re: On the other hand... (thinking more after submitting)

said by moonpuppy See Profile :

Except they still do barely anything about the SPAM coming from infected systems on the Comcast network.
They deploy port 25 block config files to modems on a regular basis. Unfortunately, it's a reactive approach so it's going to be significantly less effective than other providers who have already walled off external port 25 access.

bleearg13

join:2001-03-03
Gaithersburg, MD

said by Cabal See Profile :

Knocking it down is a good thing.
Except when you have folks with the Fasterfox Add-on for Firefox that can be used to tweak the number of sessions opened per page.

TK Junk Mail
Golf season has returned - hurrah
Premium
join:2002-03-03
Margate City, NJ
·Comcast


edit:
April 7th, @03:01PM

said by Cabal See Profile :

100 SYN packets per second to the same address is what most engineers would consider a SYN flood. Knocking it down is a good thing.
Also, I noticed that if I tune the Firefox addon Fasterfox to a high "max connections per server" value, I can occasionally get a "connection was reset" message. Setting it back to default values eliminated the problem. Maybe all Comcast is doing is adhering to RFC specs and banging those sessions that use too high a value.


Check out the comment on the turbo option.
--
My BLOG .. .. Internet News .. .. My Web Page
espaeth
Misanthrope
Premium
join:2001-04-21
Minneapolis, MN
·Embarq
·Comcast

said by Cabal See Profile :

100 SYN packets per second to the same address is what most engineers would consider a SYN flood.
Exactly - this will trip DoS mitigation hardware from Cisco, Tipping Point, Checkpoint, Arbor, etc.

What next? If I make several connection attempts to DoD network addresses Comcast dispatches the FBI to throttle my connection by taking my hardware?

The number of unrelated events that we can relate to Comcast throttling are endless - time to get creative people!

luminaire
Premium
join:2005-03-22
Oakville, ON
clubs:
·Cogeco Cable

Re: On the other hand... (thinking more after submitting)

said by espaeth See Profile :

said by Cabal See Profile :

100 SYN packets per second to the same address is what most engineers would consider a SYN flood.
Exactly - this will trip DoS mitigation hardware from Cisco, Tipping Point, Checkpoint, Arbor, etc.

What next? If I make several connection attempts to DoD network addresses Comcast dispatches the FBI to throttle my connection by taking my hardware?

The number of unrelated events that we can relate to Comcast throttling are endless - time to get creative people!
We have to make a decision, and I think this should be one of those opt-out kind of deals. On the one hand you have a vast multitude of users who have infected computers, and don't know how to control them. On the other hand you have users who may generate traffic that fits the traffic profile of an infected box, but it legitimate. For the sake of protecting the stability of the internet there should be an option to deploy this type of attack mitigation (syn rate limiting) tech to protect home users. Power users or techs should have a way to opt out and of this and simply get the dumb pipe we all have been craving for lately.

MattE
Obama '08
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
·Corporate Colocation

said by Cabal See Profile :

100 SYN packets per second to the same address is what most engineers would consider a SYN flood. Knocking it down is a good thing.
Doesn't Windows XP in most cases (post-SP2 anyway) have a limit of 10 half-open SYN sessions?

So, in reality, the only people this would affect, is the people who have hacked out that limitation ... which is almost guaranteed to be Johnny Bittorrent and his uber leet buddies who think setting uTorrent to 6000 sessions means faster downloads?

pokesph
It Is Almost Fast

join:2001-06-25
Sacramento, CA
clubs:
·Comcast

RST the RST's

hmm perhaps that why some 'normally regular' sites are not opening on the first or second try..

When will this madness end?

FCC? not likely

Customers? Most won't notice it or care.
--
Webmaster - Steve
- - - - - - - - - - - -
»www.1-gb.net
»www.ppnstudio.com

BabyBear
Keep wise ...with Night-Owl

join:2007-01-11

Re: RST the RST's

said by pokesph See Profile :

Most won't notice it or care.
And there you have your corporate mantra on screwing your customer (Emperor's Club excluded)!
nasadude

join:2001-10-05
Rockville, MD
·Comcast

how to control your network in 3 easy steps

1.invent a "bandwidth hogging" bogeyman that can be claimed to be disrupting "regular" customers and using up "scarce" bandwidth

2. put into place equipment that can see what is going across the network and "break" any attempt to use P2P applications

3. after weathering the resultant storm of publicity, quietly implement the full spectrum of "deep packet inspection" capabilities as "regular" network management.

then, just sit back and block, delay or otherwise interfere with any activity that costs the company money or keeps them from making money.
jester121

join:2003-08-09
Lake Zurich, IL
·ViaTalk

huh?

This seems like a pretty cursory examination to me (7 paragraphs and a few screenshots?)

I haven't noticed any changes in web browsing, file downloads, games, or anything else in my Comcast connection -- if all this nefarious packet tinkering is going on it would certainly be disruptive. Hopefully someone will dig deeper and find out exactly what's going on.
jester121

join:2003-08-09
Lake Zurich, IL

Re: huh?

I am vindicated!

cableties
Premium
join:2005-01-27
Levittown, PA

Codename:

"Sir Lagalot"

A New Comcast Network Protocol management!

dadkins
I Don't Care
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast


edit:
April 7th, @05:20PM

All traffic?

 
 
Uhm... ok.
Why is it that on Blast 16mbps service I still see 17+mbps download and ~2.2mbps upload consistently?

EDIT: Bolded the question so everyone can see that all I did was ask a simple question.
--
Think outside the Fox... Opera

See 34 replies to this post

beeron
White House Blues
Premium
join:2000-06-06
Downingtown, PA
clubs:

Testing on Saturday

I think they were forging all the packets on Saturday because it looked like nothing was there.

SgtPoopalot

@robertmorris.edu

Seems to affect online gaming

I am a hard core FPS gamer, and I think my intermittant game freezes are because of this as well.
stunod2002

join:2003-11-07
Carol Stream, IL

Sounds like Sat.

With all this reset stuff and dropping of connections Comcast is starting to be no better that Satellite.. Sure the speed is great. while you have it. At least with Sat. you know when you are going to get whacked..

MattE
Obama '08
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
·Corporate Colocation

100 SYN?

Nothing but bittorrent generates 100 SYN packets that quickly. So, essentially, they are just stating that if you generate 100 SYN packets WITH ANY PROTOCOL, not just Bittorrent, Comcast is sending fake TCP RSTs. So if you try and establish 100 session to a website (or 1 session to 100 different websites) they'll start throwing TCP RST flags on your sessions.

This won't be noticed by the majority of users out there, as nothing really but bittorrent attempts to open 100 sessions at once.

sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Netcong, NJ

Re: 100 SYN?

said by MattE See Profile :

This won't be noticed by the majority of users out there, as nothing really but bittorrent attempts to open 100 sessions at once.
I would imagine that business users where there's more than a handful of computers could do this with "normal" traffic. Or perhaps a large family with a bunch of kids + computers.

MattE
Obama '08
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
·Corporate Colocation

Re: 100 SYN?

said by sporkme See Profile :

said by MattE See Profile :

This won't be noticed by the majority of users out there, as nothing really but bittorrent attempts to open 100 sessions at once.
I would imagine that business users where there's more than a handful of computers could do this with "normal" traffic. Or perhaps a large family with a bunch of kids + computers.
Business users is a good point. I also didn't think about a decent sized family of 4 or more computers. Hell 3 simultaneous users connecting to MySpace with it's gazillion separate sessions would eat up 100 in no time I bet.

banditws6
Shrinking Time and Distance

join:2001-08-18
Naples, FL
·Comcast


edit:
April 7th, @03:34PM

Interesting...

I've been having a number of new issues with my Comcast connection lately that could be symtompatic of that kind of network management. I'm now getting a high number of "connection was reset" errors while web browsing, and talking via Skype or playing games online has become a constant stream of disconnections and sync problems.

Then again, all I know is what I see.

GTaylor
Premium
join:2002-12-14
Frisco, TX
clubs:

Wonder if Road Runner is doing the same

because as of Thursday I've hit a wall on my browser, it'll work for about 2 minutes then all of a sudden will lag, Firefox will show 60-75 second connections to certain sites(popular and lesser known). All anti-virus/rootkit/adware scans came up empty and system resources seemed normal.

Mchart
Tech Control

join:2004-01-21
Gurnee, IL

Re: Wonder if Road Runner is doing the same

I haven't seen any issues with my RR connection down here in Texas, yet. But you can guarentee the moment I do i'll probably be looking into a DS1 just for file-sharing use.

swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable

I noticed the same, or a similar phenomenon intermittently on the weekend on RR. One should not be too quick to attribute it to traffic shaping, though. There could have been other network problems. If it persists or gets worse I will look into it more.

Hehe

@ssa.gov

"protocol agnostic"

At least they are now "protocol agnostic"!

Should I switch to FIOS?
cornelius785

join:2006-10-26
Worcester, MA

i say the FCC should impose heavy fines

just as the EU does, ignoring any thought/policy/political differences between the US and EU. Maybe it is getting to be the time to clearly define what 'network nuetrality', 'reasonable network management', and internet QoS standards for various connection types and speeds.

It wouldn't blow my mind if other ISPs start pulling crap like this.

Transmaster
Onward Through The Fog

join:2001-06-20
Cheyenne, WY


edit:
April 7th, @03:48PM

I have a friend who is a Electronic Engineer.....


Like Comcast a Kumquat looks good on the outside but is bitter on the inside.
and computer scientist. Who was part of this study he found "Kumquat" even screws up VoIP traffic. He noticed that whenever he was in conference mode on Skype he would get reset at random intervals. We would be talking away with 4 of 5 in a conference on skype and he would periodically dissappear when he looked into it he found it was Comcast that was resetting his connection. He thinks Comcast is doing this to discourage any VoIP use except it's own. It would seem that when ever there is a prolonged heavy use of band width these random resets happen. Imagine Broadband that acts just list a dial up connection. Unforunately he has no other choice for a broadband connection.
--
Send a prayer to Allah, eat Beans.
espaeth
Misanthrope
Premium
join:2001-04-21
Minneapolis, MN

edit:
April 7th, @05:04PM

Re: I have a friend who is a Electronic Engineer.....

How do you use TCP resets to close a UDP-based RTP stream?

Edit: I noticed you said Skype conference mode, which isn't really VoIP, in the same way that TeamSpeak isn't technically VoIP.

funchords
Robb
Premium,MVM
join:2001-03-11
Hillsboro, OR
·