StarDestroyer.Net BBS

Over the past weeks more and more Comcast users started to notice that their BitTorrent transfers were cut off. Most users report a significant decrease in download speeds, and even worse, they are unable to seed their downloads. A nightmare for people who want to keep up a positive ratio at private trackers and for the speed of BitTorrent transfers in general.

Comcast Throttles BitTorrent Traffic, Seeding ImpossibleISPs have been throttling BitTorrent traffic for almost two years now. Most ISPs simply limit the available bandwidth for BitTorrent traffic, but Comcast takes it one step further, and prevents their customers from seeding. And Comcast is not alone in this, Canadian ISPs Cogeco and Rogers use similar methods on a smaller scale.

Unfortunately, these more aggressive throttling methods can’t be circumvented by simply enabling encryption in your BitTorrent client. It is reported that Comcast is using an application from Sandvine to throttle BitTorrent traffic. Sandvine breaks every (seed) connection with new peers after a few seconds if it’s not a Comcast user. This makes it virtually impossible to seed a file, especially in small swarms without any Comcast users. Some users report that they can still connect to a few peers, but most of the Comcast customers see a significant drop in their upload speed.

The throttling works like this: A few seconds after you connect to someone in the swarm the Sandvine application sends a peer reset message (RST flag) and the upload immediately stops. Most vulnerable are users in a relatively small swarm where you only have a couple of peers you can upload the file to. Only seeding seems to be prevented, most users are able to upload to others while the download is still going, but once the download is finished, the upload speed drops to 0. Some users also report a significant drop in their download speeds, but this seems to be less widespread. Worse on private trackers, likely that this is because of the smaller swarm size

Although BitTorrent protocol encryption seems to work against most forms of traffic shaping, it doesn’t help in this specific case. Setting up a secure connection through VPN or over SSH seems to be the only solution. More info about how to setup BitTorrent over SSH can be found here.

Last year we had a discussion whether traffic shaping is good or bad, and ISPs made it pretty clear that they do not like P2P applications like BitTorrent. One of the ISPs that joined our discussions said: “The fact is, P2P is (from my point of view) a plague - a cancer, that will consume all the bandwidth that I can provide. It’s an insatiable appetite.”, and another one stated: “P2P applications can cripple a network, they’re like leaches. Just because you pay 49.99 for a 1.5-3.0mbps connection doesn’t mean your entitled to use whatever protocols you wish on your ISP’s network without them provisioning it to make the network experience good for all users involved.”

Customers on the other hand like to fully use their connection, and don’t agree that traffic shaping is the correct solution. One reader commented: “If you pay for an internet connection, that’s what you should get from your ISP — an internet connection. Not a connection that will let you browse the web and check email, but little else. If an ISP has issues with the amount of data a customer is transferring, then the ISP needs to address that issue with that customer, and not restrict every user in one class of traffic.”

I guess this battle will go on for a while and I would advise Comcast users to try setting up a VPN connection to get around the traffic shaping, other users who find out that they are throttles might try BitTorrent encryption first, that seems to work quite well in most cases.

“The fact is, P2P is (from my point of view) a plague - a cancer, that will consume all the bandwidth that I can provide. It’s an insatiable appetite.”

Just because you pay 49.99 for a 1.5-3.0mbps connection doesn’t mean your entitled to use whatever protocols you wish on your ISP’s network without them provisioning it to make the network experience good for all users involved.”

MKSheppard wrote:Or that they actually sell only the bandwidth they have available, instead of overselling it and causing everyone to suffer.

MKSheppard wrote:Anyway, I bet the Bittorrent clients will figure out a way to fuck comcast back over in a couple of days.

phongn wrote:Not if Comcast is doing this properly. There are all sorts of deep packet inspection tricks that can be done

Howedar wrote:Well that explains some things. Motherfucking Comcast has been deciding what uses are and are not acceptable for the bandwidth I've already purchased from them.

Every ISP in the world oversubscribes. It's not feasible to actually provide, say, 6 megabits to the backbone for every customer at any given time - nor an efficient use of resources.

Praxis wrote:It's understandable that they can't provide that constantly to every customer, but if a customer DOES use all the bandwidth allotted to him, the company can't treat that customer like an enemy who is doing them a disservice; he's using what he paid for.

Starglider wrote:I've fought in the front lines of this war; I've been employed to design firewall-penetrating and packet-shape-defeating IP based protocols at three seperate companies now. Ultimately the ISPs are only hurting themselves - we can and will defeat any packet inspection techniques they deploy, and what's more the techniques used to do this add overhead and end up wasting even more bandwidth and router CPU cycles. It's like DRM - it can't work in the long run, the only result is to temporarily inconvenience consumers, drive up costs (manufacturing for DRM, comms infrastructure in this case) and piss off software engineers by making product design harder.

phongn wrote:Yeah, but you don't have to totally stop it - just raise the bar and make like harder to do.

Starglider wrote:

phongn wrote:Yeah, but you don't have to totally stop it - just raise the bar and make like harder to do.

They can't even do that. Our toolbox of hacks and tricks is completely hidden from the user once packaged up into a shiny GUI app. On the black hat side, you see this with script kiddies using sophisticated cracks that they don't have a clue about, due to toolkits. I just love the look on the fresh young network admin's faces when you demonstrate to them that protocol specs are just conventions or suggestions, and that just because something has a TCP packet structure or a HTTP header, this in no way implies that it is actually TCP or HTTP or whatever.

Fingolfin_Noldor wrote:Question: Is such software available for the mainstream market?

News.com.com wrote:The blog claimed that some Comcast users had noticed that their BitTorrent transfers were being cut off and that they experienced a significant decrease in download speeds.

Over the past few days, these claims have been widely circulated throughout the Web. But when I spoke to Comcast spokesman Charlie Douglas earlier today, he flat-out denied that the company was filtering or "shaping" any traffic on its network. He said the company doesn't actively look at the applications or content that its customers download over the network. But Comcast does reserve the right to cut off service to customers who abuse the network by using too much bandwidth.

Disclaimer: I am not a lawyer. I'm a cyber-security PhD student and take classes in the Indiana University law school, but this in no way makes me a legal expert. Caveat Lector.

Within the last few weeks, there have been a number of reports by Comcast customers claiming that their BitTorrent downloads and uploads have been capped or worse, blocked. Torrent Freak recently reported that Comcast, a major US cable company, is using an application from Sandvine to throttle such connections.

Many ISPs routinely filter the traffic on their networks. Many forbid customers from running email servers, web servers, and when the ISP detects that a customer's computer has been hacked, they often sever the Internet connection until the machine has been patched. Thus, the fact that a major ISP is now filtering yet another class of Internet traffic should not be major news--except for two factors: BitTorrent traffic accounts for upwards of 25% of US Internet traffic, and the techniques used by Comcast are essentially the same as those used by the Great Firewall of China.

Before we get deeply into this issue, let us step back for a brief, and high-level lesson in TCP/IP, and Internet filtering technologies. Most Internet applications use the TCP protocol to communicate. This protocol uses a three-way handshake to establish a connection.

The very first step in a three-way handshake involves the client sending a SYN packet to the receiving party. Modern firewalls block this packet for banned types of traffic--that is, they prevent the recipient from receiving it, and as such, the connection can never be established. Your home firewall does this, as well as those used by Comcast and other ISPs to prevent you from sending millions of email spam messages from their network.

Assuming that the SYN packet goes through, the three-way handshake is allowed to happen, then the two hosts will be able to begin communicating. Your ISP can still kill the connection later, should they wish to, merely by blocking the transmission of future packets.

According to Torrent Freak, Comcast is not doing this. They are instead sending a reset (or RST) packet to the Comcast customer, pretending to be from the host at the end of the BitTorrent connection. This RST packet is the TCP equivalent of stating "I don't want to talk to you anymore, please terminate the connection". It is extremely important to note that when Comcast creates and sends this packet, they do not identify themselves as the the source of packet, but instead impersonate one of the parties involved in the BitTorrent connection. This is where things get rather shady.

Last year, researchers from Cambridge University analyzed the Great Firewall of China and found that it used falsified RST packets to terminate connections that matched keyword filters. They were able to determine that users could evade the Chinese government's censorship system by ignoring these reset packets.

Ok, so the Chinese government and Comcast are using the same censorship techniques. Why should we care? The Chinese government doesn't have to pay attention to US law, but Comcast, being a US company, does.

Many states make it illegal to impersonate others. New York, a state notorious for its aggressive pro-consumer office of the Attorney General, makes it a crime for someone to "[impersonate] another and [do] an act in such assumed character with intent to obtain a benefit or to injure or defraud another." (See: NY Sec. 190.25: Criminal impersonation in the second degree). I do not believe that it would be too difficult to prove that Comcast obtains a benefit by impersonating others to eliminate or reduce BitTorrent traffic. Less torrent data flowing over their network will lead to an overall reduction in their bandwidth bill, and thus a huge cost savings.

New York is not the only state with such a law. Several other states including Connecticut and Alabama have similar laws on the books. Should any state AG's office decide to go after Comcast, it is quite possible that Comcast could be looking at a world of regulatory pain.

Comcast is perfectly within its right to filter the Internet traffic that flows over its network. What it is not entitled to do, is to impersonate its customers and other users, in order to make that filtering happen. Dropping packets is perfectly OK, while falsifying sender information in packet headers is not.