News Blog Subscribe to News Blog
October 23, 2007 5:37 AM PDT

Comcast to face lawsuits over BitTorrent filtering

Posted by Chris Soghoian

The blogosphere is abuzz over an Associated Press investigative article this past Friday on the subject of Comcast's BitTorrent filtering. Briefly, there were a number of articles in early September which alleged that Comcast was using some fairly sneaky techniques to throttle BitTorrent traffic on its network. Comcast, of course, denied any such behavior. It took a month and a half, but both a mainstream media news organization as well as the Electronic Frontier Foundation have tested and confirmed the previously reported claims. It turns out that Comcast is not only throttling BitTorrent, but Gnutella and, strangely, Lotus Notes are also suffering.

If it ain't the truth....

(Credit: technochick / flickr)

Comcast's PR people gave me the following statement on Monday: "Comcast does not block access to any Web sites or online applications, including peer-to-peer services like BitTorrent...We have a responsibility to provide all of our customers with a good Internet experience and we use the latest technologies to manage our network so that they can continue to enjoy these applications." I was also able to interview a Comcast Internet executive who would only speak on background. He bobbed and weaved, sticking to his talking points, yet a few things were clear: he would not deny that the company was sending out TCP RST packets, but stated that if it were being done, it was at a "low level" where average users would not see it.

A Comcast engineer who spoke to the Tech Liberation Front's Tim Lee confirmed this, stating that "most users wouldn't even be able to detect the traffic-shaping activities they use without special equipment and training." On the subject of why the filtering is done networkwide and not just to individual bandwidth hogs: "Comcast (doesn't) throttle on a user-by-user basis rather than a protocol-by-protocol basis, (as the company is) concerned with the privacy implications of that approach." Thats right folks, Comcast will sell network wiretaps to the feds for $1,000 a pop, but won't calculate a user's total bandwidth per month for "privacy reasons."



When your ISP receives a spam e-mail, and deletes it without delivering the message to your in-box, it is blocking access to your in-box. (This is a good thing.) When you install a firewall on your home computer and someone else tries to connect to you from another network, your firewall software "blocks access" to that other party. The packets attempting to initiate a connection to your machine will either be silently dropped onto the floor, or in some cases, a rejection message will be sent back to the session initiator telling them that their connection attempt was refused.

Comcast LolCat

(Credit: Comcast and LolCat Buildr)

If Comcast deployed networkwide firewall rules that would drop any BitTorrent packets that came in and out of its network, Comcast would be "blocking access." However, it is not doing this. Primarily, because if it did so, the BitTorrent downloads of its customers would fail, and thousands of users would complain. Instead, Comcast is attempting to only target the sharing or uploading portions of BitTorrent, which are not nearly so noticeable for end users. Comcast will still see a significant drop in network traffic by targeting uploads, but is far less likely to suffer the wrath of its users.

So what is Comcast doing? It is letting BitTorrent traffic flow across its network, and thus is not technically "blocking" anything. Instead, it is forging TCP reset packets that are misleadingingly labeled as being sent by one of the two ends of the BitTorrent connection. That is, Comcast is masquerading as its customers, and sending out data with false sender information. When the BitTorrent clients receive the false reset packets, they themselves terminate the connection, as they think the other host has told them to go away. Thus, through sneaky techniques and network-level false statements, Comcast is able to trick users' software into terminating their own transfers.

Interestingly enough, were Comcast applying this same technique to e-mail, and falsifying the header information of e-mail messages, it would soon find itself violating the Can-Spam Act. That law states that "Whoever...materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages...shall be punished...with a fine...or imprisonment for not more than one year."

As for the idea that Comcast is using the "latest technologies" to manage its network--hogwash. The concept of forging TCP reset packets is at least 10 years old, if not older. Purdue professor Gene Spafford and a number of his graduate students developed a "synkill" system to defeat SYN flood attacks that used the very same technique, back in 1996.



What about the argument that Comcast has the right to "manage (its) network so that (all customers) can continue to enjoy (permitted) applications?" The tactics that Comcast is using are 1. Probably a violation of its own terms of service, and 2. are being applied blindly across the whole network, instead of targeting those "heavy users" who use a disproportionate amount of the company's bandwidth.

Comcast's own "terms of use" state that Comcast reserves "the right to refuse to upload, post, publish, transmit or store any information or materials, in whole or in part, that, in (its) sole discretion, is unacceptable, undesirable or in violation of (the) agreement." Thus, if Comcast wished to deploy networkwide firewall rules blocking all BitTorrent traffic (that is, such packets would be either dropped on the floor or rejected by the network's routers), Comcast would be perfectly within its rights as outlined in the agreement. Comcast would probably lose a large number of customers, but it would at least be acting legally and following its own published rules. However, Comcast is not doing that. Nowhere in its terms of service has the company stated that it reserves the right to impersonate its customers, and to send false and misleading data out onto the network originating from or addressed to its customers.

In addition to the BitTorrent filtering technique being discussed, Comcast uses other methods to keep the amount of data flowing over its network to a minimum. Customers who use more than their "fair share" of bandwidth will eventually be terminated. How much is too much? Comcast won't tell you.

While this latter method of network management is not so popular with the Slashdot crowd, it at least makes some sense, since it is aimed at those users who are using the most of Comcast's seemingly scarce resources. Comcast's BitTorrent filtering, on the other hand, is being blindly applied to the entire network. Users who download 10 gigabytes of data per day, and little old grandmothers who wish to share a 4.5-megabyte copy of the King James Bible (as the AP did in their test) will both equally be filtered. This is not a technique aimed at abusive overuse by a handful of users, but is an all-out war against particular networking protocols.

I discussed this issue with Fred von Lohmann, a lawyer with the Electronic Frontier Foundation. Von Lohmann stated that "based on (our) own testing, as well as what has been reported, it seems clear that Comcast's techniques are bad for its customers and bad for innovation generally. The fact that Comcast's efforts are reportedly interfering with BitTorrent, Gnutella and Lotus Notes communications makes it clear that they are not narrowly targeted at particular users or protocols."

Regarding the effectiveness of Comcast's techniques, von Lohmann said that: "It's as though they are throwing a spanner in the works of the Internet, hoping that this will somehow reduce bandwidth usage overall.

As I mentioned in an article last month, Comcast's tactics may very well be violating the law. Many states make it illegal for an individual to impersonate another individual. New York, a state notorious for its aggressive pro-consumer office of the Attorney General, makes it a crime for someone to "(impersonate) another and (do) an act in such assumed character with intent to obtain a benefit or to injure or defraud another." (See: NY Sec. 190.25: Criminal impersonation in the second degree). I do not believe that it would be too difficult to prove that Comcast obtains a benefit by impersonating others to eliminate or reduce BitTorrent traffic. Less torrent data flowing over its network will lead to an overall reduction in its bandwidth bill, and thus a huge cost savings.

With regard to Comcast's legal liability, von Lohmann said that he could not comment as he had not yet had a chance to review the New York anti criminal impersonation laws. He did, however, state that "(The EFF has) already been contacted by attorneys who are considering legal action against Comcast." In the meantime, the EFF will "continue to perform tests in hopes of better understanding how this works and how it might effect Comcast subscribers and other Internet users."

While the EFF is holding back for now, it seems clear that other lawyers are circling in the water. They can smell blood. Not only is Comcast actively impersonating its customers on the Internet, but it has continued to deny it for the past two months. Should the court's approve a class action lawsuit, Comcast could be looking at a world of pain--and rightly so.

Originally posted at Surveillance State
Christopher Soghoian, a graduate student in the school of Informatics at Indiana University, delves into the areas of security, privacy and e-crime. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure.
Recent posts from News Blog
Yahoo tries to conceal lawsuit documents
HP to launch fall line of teen PC products
Hooray! Yahoo Mail ditches tagline ads
Conde Nast buys Ars Technica
Sugar Labs will make OLPC interface available for Eee PC, others
Add a Comment (Log in or register) 10 comments (Page 1 of 1)
Let the Circling Begin
by portorikan October 23, 2007 3:54 PM PDT
I've was having a problem last night trying to share a file with my sister through the AIM network. Firewalls off and both using iChat. Frustrating to say the least.
Reply to this comment
Impersonating a person...hardly
by mapuge October 23, 2007 4:34 PM PDT
The RIAA just had one of it's star technical experts smacked down for saying that an IP address represented a person. An IP address represents a computer and not a person. Saying that Comcast is impersonating people is a bit of a strech. Also as a side note I believe that Comcast states "no person shall provide a server". Which is what your doing when you seed. However yes Comcast should be upfront about what users can expect when they sign onto a service. P.S.Oh and then next time you see 192.168.0.1 say hi for me. I havn't seen him in while and he really dosn't get out of his house much.
Reply to this comment View reply
Why is this surprising?
by Isshou October 23, 2007 6:26 PM PDT
Cable broadband provider managing their traffic. Why is this so surprising? Does no one understand how cable broadband works? Has no one even given a thought to the new PowerBoost they offer? (Power boost causes more bandwidth allowed for the first 10 mb of a download and 5 mb of an upload: http://www.comcast.com/customers/faq/FaqDetails.ashx?ID=3697) This is traffic management at it's finest for them. For those of you who know little about cable networks learn one thing: Cable networks is a peer network. You're in a "neighborhood" with other computers connecting a shared access point that has a large pipe to the local office, however that pipe is usually not large enough for every single customer to get 6 mbps downloads all the time. This means that you're in direct competition with another customer for a fair slice of that bandwidth. In the past these neighborhoods were so unsecured that if an infected computer was in your neighborhood it could spread the virus as if your two computers were connected to each other directly. I don't like this model of networking, so I avoid it and get an individual bandwidth to the local office (DSL/FiOS/Tx). Also, do none of you remember when your upstream bandwidth was capped to 128 kbps? then 256 kbps? Even now the cap for upstream is only 376 - 768 kbps (as advertised). The only thing different about this is it's using a message packet to facilitate the traffic control. I'll admit it's a bit underhanded and abuses the way bittorrent (and other software) operates when receiving certain packets.
Reply to this comment
Comcast Limit FTP/Upload 25mb per one time ,misleading Service by Comcast
by retro2007 October 23, 2007 9:09 PM PDT
On October 24th 2007 at 11.47pm I contacted Comcast (1-800-266-2278)to complaint on a very slow upload through FTP. After going through all the test and hurdle finally the Tech support (who refused to give me his name or badge id or direct phone no) stated that residential customer can only upload either by email or ftp or anything to 25mb per upload. I asked him where in the service agreement i signed when I opened Comcast service atated that. I repeatedly requesting those information in writing (either by email or mail) which he refused repeatedly. I explain to him when I signed up and paid unlimitted internet service and there was nothing stated on the agreement of upload and download limit. His response was "Yes its unlimited only for Browsing the internet". DUHHHHHHHHH even for browsing the internet you still need upload and download. Again I formally requesting him to send me in writting either by email or by mail all the condition he stated ie: 1. unlimited for internet browing only 2. Upload either by email/FTP/anything is limited 25mb per upload or the connection will either slow down/terminated. And again he refused. Isnt it time for Comcast to be upfront with their service agreement to the customer. Have you ever seen the disclaimer from COMCAST advertising stated the unlimited is only for browsing not for download or upload ? Perhaps its good for Comcast to be SUED for misleading advertisement and services. Any lawyer who are preparing to have a class action lawsuit against comcast SIGN ME UP PLEASE.
Reply to this comment
Cox Cable is also Filtering Internet Traffic
by apsteffe October 24, 2007 8:39 PM PDT
I was wondering when someone with The Media behind them would catch the broadband carriers filtering internet traffic. In February of this year (2007) I caught Cox Cable filtering my Tucson, Arizona internet account. I called tech support, and they confirmed that Cox is blocking internet traffic containing the following port numbers: 25, 80 (incoming), 135--139, 445, 1433, 1434, 1900, 27374. The first two port numbers are obvious: outgoing email traffic (port 25) and incoming web traffic (port 80). They have stupid business reasons for this. They think that they are stopping someone without a static IP address from setting up their own email server or their own web server. They should not be inspecting ANY internet traffic. I am paying them for a connection and connection speed, not for internet services. I have had the same email address and the same email server for over ten years while living in three different states. The tech support person at Cox was baffled at how I could do that. Most people don't understand that your connection provider doesn't have to be your ISP, and if you don't want them to be your ISP you should not be required to use them. I don't need any broadband carrier, be it Cox,Comcast, AT&T, Verizon, or whatever, to be an ISP and neither do you. I can POP my email off any server in the world if I have an account there, and so can you. I don't need an SMTP server to send outgoing email because I can send it directly from my PC, and so can you. That's how I found out that Cox is filtering internet traffic. I tried to send email out directly with the Sendmail program and discovered that Cox is blocking all internet traffic containing port 25. In other words, they're saying that I HAVE TO use their SMTP server or nothing. I contacted law firms, consumer advocate sites and the ACLU, but noone is interested. At last, I think this exposure of Comcast and the BitTorrent filtering will start waking people up to what the broadband carriers are starting to do--behind our backs.
Reply to this comment
I completely agree - sign me up as well
by nicosharp October 26, 2007 1:48 PM PDT
I have had a problem with them and never get a straight answer from the top tiered tech support about this upload issue. Sign me up, I want to get paid back for the misleading service I have been paying for, and the promised connection I have been neglected.
Reply to this comment
uncomfortablem but sensible
by perfectblue97 October 27, 2007 2:31 AM PDT
Years ago, when I was first getting into networking, shaping and selective bandwidth allocation was supposed to be the next big thing. It was meant to save both corporate networks and the internet. It was sold to me as being a way of ensuring that flagship media services like VOIP and streaming which need constant bandwidth get priority over services like file downloads where a brief pause or a slowdown don't make much of a difference in the long run. To me, this still looks like the way forward, especially as media services are now coming of age. In reality, we're not talking about downloads being blocked. We're talking about people having to wait an extra couple of minutes to download a file. So long as consumers ARE warned in advance, I have no problem with this (though I do expect it to be chronically abused by networks who also have RIAA, etc, connections). Frankly, if this is the cost of having a stable service where my web browsing isn't being slowed down by kids downloading pirate movies over P2P, I'm all for it.
Reply to this comment
It's not just bit-torrent...
by SpacedCowboy October 27, 2007 8:56 AM PDT
From a blog post: The last straw in the litany of failure that is my Comcast internet connection is their unilateral attack on network neutrality. Comcast are interfering with the broadcast of packets between users on the network, if either the source or destination is within their domain. Worse, they're doing it in a particularly vile manner - effectively they're using a computer-hacker attack called the 'man-in-the-middle' attack. When they decide you're using too much bandwidth, they (sitting in the middle of the communication link) fake a packet to *both* of the communicating computers, this packet is an 'RST' packet, or 'reset' packet. What this does is tell the computer that receives it that the *other* computer has dropped the connection. So both computers think something is wrong with the other end, and the communication is terminated. This is pure unadulterated evil. Now I'm not a huge user of P2P (which is where the news broke). I *do* however use iChat to keep in touch with my family across the Atlantic. It's a cool video-conferencing system built into all macs, and since my family all have macs, it works well. Since there's several thousand miles between us, it's one of the few ways we can 'see' each other without major travel. Until a few months ago, iChat worked great. Now, I get less than a minute of great picture, and then everything breaks up! I was putting it down to transatlantic bandwidth issues, but then I tried it from work, and (lo and behold), there's no problem, looking around the net, it seems I'm not alone. This *did* annoy me. I doubt I use even 1% of the bandwidth I pay Comcast for, and when I do want to use some, they have a specific policy preventing me from doing so. It seems I'm allowed to pay Comcast for their services, just not to actually *use* those services ever. I currently pay Comcast the princely sum of $185-$200 per month for both TV and internet, I've just ordered Dish Network, and will be cancelling all the Comcast services as soon as Dish and an alternate internet are installed. Dish ($84/month) will be here on Saturday :) The only real problem was which internet service to go for. I currently have a co-located server in Fremont (serving this very web-page). I pay $245/month for a dedicated 10 Mbit/7U service (which is actually a good deal). I never use the 10MBit/s though, I max out at ~1Mbit, and 95% of the time it's down at a few tens of Kbit/s. So, although I'm very happy with the service, that's a waste of money too. So far, we're up to $430/month to reassign... So, I was looking around, and found Sonic.net's T1-alike. Basically this is 2+ ADSL lines bonded together to provide 1.5MBit/sec dedicated bandwidth in both directions. Together with a managed Cisco router, it costs $299/month. Even if this doesn't pan out, there are plenty (covad.com, garlic.com, core.com, speakeasy.com ...) for around $350/month. Even paying the extra $50, I'm still paying less than the Co- Lo/Comcast Combo, and getting the servers installed in the garage makes maintenance a bit easier than driving down to Fremont... So, the wheels are in motion. Screw Comcast. You just lost another $200/month...
Reply to this comment
no more throttle for me!
by asoke40 December 8, 2007 10:28 PM PST
I've been using http://www.strongvpn.com and it's excellent. 1Gbit speeds they have, so I never hit any throttle, and the VPN bypasses the Comcast port throttle. There are other VPN providers too.
Reply to this comment
Powered by Jive Software
advertisement

  • About News Blog

  • Recent posts on technology, trends, and more.

Add this feed to your online news reader
Google
Yahoo
MSN

News Blog topics

Most popular stories

  1. Images: Microsoft telescope puts universe on your desktop

  2. Photos: Cracking open the Atari 2600

  3. This VC forecast scares the pants off of me

  4. End of Intel, AMD duopoly near? Via readies Isaiah chip

  5. Photos: Microsoft previews 2008 Xbox games

Latest tech news headlines

All News.com headlines »

Featured blogs

Beyond Binary by Ina Fried

Coop's Corner by Charles Cooper

Defense in Depth by Robert Vamosi

Geek Gestalt by Daniel Terdiman

Green Tech

One More Thing by Tom Krazit

Outside the Lines by Dan Farber

The Iconoclast by Declan McCullagh

The Social by Caroline McCarthy

Underexposed by Stephen Shankland

Resource center from News.com sponsors

advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On TechRepublic: 10 ways users mess up their computers
Advanced
search
advertisementStart Doing More with Windows Mobile
Advanced
search
Visit other CNET Networks sites: