View Single Post
Old 2007-10-14, 03:40 PM
cicada's Avatar
cicada cicada is offline
Long Distance Runner
Join Date: Sep 2006
Location: north of the medicine line
Re: sandvine workaround

Comcast users... Be sure to opt out!
Here is an article that seems to say that everyone got instructions to opt out with their July bill. By not following those instructions they will automatically have to accept arbitration if they attempted to sue (unless they opted out).

headwingnut posted an interesting perspective over at (?)...
Press - Nontechnical Summary

Comcast is in violation of Internet standards as well as United States Federal law in its use of devices which send \"specially crafted packets\" to its own users in order to disrupt those users\' Internet Communications.

Executive Summary

Comcast\'s use of the Sandvine devices to prohibit its clients point-to-point Internet traffic is in violation of Internet standards as well as Federal law. Comcast\'s Terms of Service (\"ToS\") do not trump Federal Law. Further, Comcast\'s methods for blocking this traffic negate its claim that it offers \"an Internet connection.\"

Press - Technical Summary

Comcast uses devices manufactured by Sandvine Incorporated (\"\"). These devices inject specially crafted RST packets purportedly from upsteam P2P peers to Comcast customers, which destroy existing legitimate TCP connections. By doing so Comcast not only violates the TCP standard, but also the Host Requirements standards, and by crafting the packet to appear as if it came from the remote upstream peer is violating Federal Law.


This memo will address the following:
1. What makes one \"part of the Internet\" or \"connected to the Internet\"
2. What standards and specifications spell out what is allowed and disallowed on the Internet.
3. What laws exist that govern these in the United States
4. What Comcast does which violates these standards and specification.


Connection to the Internet in 2007\'s \"Broadband America\" is a simple matter of three items:
1. Get a carrier to provide a connection
2. Have a piece of hardware (typically a PC, a Mac, or a Router) which can connect to that connection
3. Make sure that hardware has the right software (Windows, MacOS, or embedded IP) to speak the right protocols.

Getting a Carrier

In most areas, the dominant carrier for \"broadband access\" is the local cable company, most of which have their own dedicated coaxial and fiber infrastructure, and a franchise agreement or otherwise similarly codified effective monopoly. Alternate access may exist in the form of lower-speed via the telephone company\'s Digital Subscriber Loop (\"DSL\") or a wireless Internet Service Providers (\"wISP\"). These latter two offer speeds that rival 1/10th the Cable Companies advertised speeds* to 1/2 at best. Thus definitionally the only true \"broad\" band coverage is that provided only by the cable company. Getting the cable company to install a circuit is a simple matter usually handled by one telephone call, requiring no special contract or signature, and in most cases not even requiring a supervised site visit. (An unsupervised site visit by a technician to remove a high-pass or low-pass filter is sometimes required depending on the cable company\'s network.)

* Based on advertised speeds available in Tucson AZ, June-August 2007

Having a piece of hardware

A Personal Computer (PC) is available ubiquitously, and complete systems are sold throughout the Internet (e.g. eBay,, etc.) and in stores (e.g. Best Buy, Circuit City, Walmart, etc.)

Having a piece of software

Most PCs come preloaded with a form of the Windows operating system. Mac systems come preloaded with MacOS. Either can be converted to running the popular and free open-source operating system Linux. Embedded routing devices run their own embedded operating system, often based on Linux.


1. There are standards all hosts on the Internet must adhere to. This includes all routers and end users\' systems. (End-Systems and Intermediate Systems in ISO-speak.)
2. These are protocol standards that specify how a protocol is to be implemented

Hosts Requirement RFCs

RFC 1123 is the Host Requirements RFC. It is an official specification which \"...supplements the primary protocol standards relating to hosts.\"[RFC-1123, para 1 \"Status of This Memo\"]. The \"primary protocol standards relating hosts\" are discussed in RFC-1122, \"Requirements for Internet Hosts -- Communication Layers.\" It \"...supplements the primary protocol standards documents relating to hosts.\" [RFC-1122, para 1 \"Status of This Memo\"].

Transmission Control Protocol RFC
The primary specifications document for hosts communicating using the Transmission Control Protocol(TCP) is RFC-793. [RFC-793, Sec 1.3]
This document specifies in which case an RST may be sent. Section 3.2 specifies the TCP state machine, which indicates from which state, specific actions are allowed, and new states attainable. Figure 6 is the TCP Connection State Diagram. [RFC-793 Sec 3.2 Figure 6]. The Routers used by Comcast on its network might also be considered Intermediate Systems, and as such are not participator to the TCP endpoints of the Comcast-Client Remote End System TCP communication. Its TCP state machine for that connection should therefore be considered in \"CLOSED\" state. From that state there are various allowed things, but sending an RST is not one of them. [RFC-793 Sec 3.9, \"CLOSED STATE\"].


There are two distinct issues involved in the matter.
1. Denial of Service Attack
2. Disrupting legitimate communication

Laws -Denial of Service Attack

18 USC 1030 \"Fraud and related activity in connection with computers\" has several related sections. 1030(a)(5)(A)(i) specifically prohibits \"knowingly\" causing a transmission which \"...causes damage without authorization.\" Destroying a legitimate TCP connection without authorization damages the tranferred item (File, etc.) as well as the connection, as well as the download process.

Laws - Disrupting Legitimate Communication

1030(a)(6)(A) offers an alternative view which is that \"intent to defraud traffics...\" [if] \"such trafficking affects interstate or foreign commerce.\" This means that for those who use point-to-point clients for Commerce (e.g. distribution of software patches, programs, drivers, etc.) and for which these downloads occur over the Comcast network using the Peer to Peer network, the fraudulent IP address destroying its legitimate traffic constitutes a clear violation of this statute.



Comcast owns, leases, or operates devices manufactured by Sandvine Incorporated. 8890 []
These devices craft TCP packets, purportedly from a non-Comcast end-user to a Comcast end-user which affect a TCP RST. These packets have a spoofed IP address, a spoofed TCP control bitfield, and a crafted TCP Sequence Number, a crafted TCP Checksum, and a crafted IP checksum.

Relation to Standards and Laws

(henceforth, TCP packets containing a control bitfield with the RST bit set, and encapsulated within an IP packet and sent over the Internet shall be referred to as simply \"An RST\", and the disrupted peer-to-peer conversation a \"TCP Communication\").

Standard:Only an END-SYSTEM in the LISTEN state may send An RST.
Violation 1: Comcast\'s systems are not END-SYSTEMS party to the TCP Communication
Violation 2: Comcast\'s systems are not in the LISTEN state for the TCP Communication.

Laws: Disrupting other people\'s communications is a bad thing
Violation: Comcast distrupts a perfeclty good TCP Communication with An RST fraudulently disguised as originating from elsewhere.
Violation: In the case of interstate or foreign commerce, Comcast disrupts this commerce with An RST>


Comcast\'s actions violate one or more statutes as well as Internet standards and specifications required for all hosts (end-systems as well as intermediate systems) connected to the Internet.

Comcast should immediately cease and desist these egregious violations and cease perpetrating targeted Denial of Service attacks on its customers.
Reply With Quote Reply with Nested Quotes