The Traders' Den  

  The Traders' Den > Where we go to learn ..... > Technobabble
 

Notices

Technobabble Post your general Need for Help questions here.
Lossy or Lossless?
Moderators

Reply
 
Thread Tools
  #1  
Old 2007-09-11, 10:10 PM
cicada's Avatar
cicada cicada is offline
Long Distance Runner
1.32 TB/2.12 TB/1.61
 
Join Date: Sep 2006
Location: north of the medicine line
sandvine workaround

I don't have Comcast, but I understand that there is a sandvine workaround at Wikipedia (listed under Comcast). Here's the link http://en.wikipedia.org/wiki/Comcast . I hope some of you who are stuck with them will figure out how to beat the system. Good luck!
Reply With Quote Reply with Nested Quotes
  #2  
Old 2007-09-11, 10:14 PM
U2Lynne's Avatar
U2Lynne U2Lynne is offline
TTD Staff
474.39 GB/2.01 TB/4.34
 
Join Date: Oct 2004
Location: California
Re: sandvine workaround

Thanks for the link! I thought I would post a direct link here for those that, for some reason, can't wade through the entry and find the link.

http://redhatcat.blogspot.com/2007/0...ith-wipfw.html

Please make sure you read the directions instead of just copy/paste. You need to change the port number they use there for your specific case.
__________________
Five's Checksums Demystified - everything and anything you want to know about checksums
On a Mac? Get XLD to rip your CDs. Please see this guide - X Lossless Decoder (XLD): How to create flawless CD rips on Mac OS X


Reply With Quote Reply with Nested Quotes
  #3  
Old 2007-09-17, 07:41 PM
Tubular
0.00 KB/0.00 KB/---
 
Re: sandvine workaround

Thanks, this is great news!
Reply With Quote Reply with Nested Quotes
  #4  
Old 2007-09-18, 12:13 PM
lgerard's Avatar
lgerard lgerard is offline
Help, I'm Iraq
132.57 GB/235.30 GB/1.77
 
Join Date: Nov 2004
Location: everything
Re: sandvine workaround

how would you rewrite this if you were using a range of ports instead of just one?
__________________
nevermind what jesus would do......what has he done for me lately?
Reply With Quote Reply with Nested Quotes
  #5  
Old 2007-09-18, 12:32 PM
saltman's Avatar
saltman saltman is offline
Shareblue Platinum Member
471.23 GB/591.81 GB/1.26
 
Join Date: Dec 2004
Re: sandvine workaround

From the link

# Drop incoming packets with RST flag on BitTorrent port
# This is what thwarts Sandvine.
add drop tcp from any to me 6883 tcpflags rst



If legit RST traffic is sent it will also be dropped and you will end up with half open connections which in time will timeout.... so I suppose it's not the end of the world. But there will be better workarounds soon I'm sure.
__________________
68 Stat. 775, 50 U.S.C. 841-844
Reply With Quote Reply with Nested Quotes
  #6  
Old 2007-09-30, 12:16 PM
cicada's Avatar
cicada cicada is offline
Long Distance Runner
1.32 TB/2.12 TB/1.61
 
Join Date: Sep 2006
Location: north of the medicine line
Re: sandvine workaround

Hi again... I cannot tell you this is going to work, but I found another possible sandvine workaround, while poking around elsewhere.
Quote:
A solution was suggested to change the dns server from the Comcast default. If you go to www.opendns.com , you can read up on how to change the dns server default to opendns. It is a free service and may help you with torrent seeding.
All I can say is to offer encouragement to all who cannot dump Comcast for whatever reason. And for those of you who can jump to another supplier... what are you waiting for?
Reply With Quote Reply with Nested Quotes
  #7  
Old 2007-10-02, 02:41 AM
rosc2112's Avatar
rosc2112 rosc2112 is offline
Music of the Spheres
81.55 GB/77.39 GB/0.95
 
Join Date: Mar 2007
Location: Poconos
Re: sandvine workaround

Apparently comcrap is sending these bogus RST's to *both* sides of the connection, so, both sides have to filter them. Probably a good practice to start implementing anyway, on general principle (forging packets to disrupt the Internet is just wrong..Any private citizen doing it would likely be arrested for it..Amazing how corporations can commit these crimes and yet be all squeaky clean about it under the guise of an AUP or other such bullshit.)
Reply With Quote Reply with Nested Quotes
  #8  
Old 2007-10-14, 03:40 PM
cicada's Avatar
cicada cicada is offline
Long Distance Runner
1.32 TB/2.12 TB/1.61
 
Join Date: Sep 2006
Location: north of the medicine line
Re: sandvine workaround

Comcast users... Be sure to opt out!
Here is an article that seems to say that everyone got instructions to opt out with their July bill. By not following those instructions they will automatically have to accept arbitration if they attempted to sue (unless they opted out).

headwingnut posted an interesting perspective over at (?)...
Quote:
Press - Nontechnical Summary

Comcast is in violation of Internet standards as well as United States Federal law in its use of devices which send \"specially crafted packets\" to its own users in order to disrupt those users\' Internet Communications.

Executive Summary

Comcast\'s use of the Sandvine devices to prohibit its clients point-to-point Internet traffic is in violation of Internet standards as well as Federal law. Comcast\'s Terms of Service (\"ToS\") do not trump Federal Law. Further, Comcast\'s methods for blocking this traffic negate its claim that it offers \"an Internet connection.\"

Press - Technical Summary

Comcast uses devices manufactured by Sandvine Incorporated (\"http://www.sandvine.com\"). These devices inject specially crafted RST packets purportedly from upsteam P2P peers to Comcast customers, which destroy existing legitimate TCP connections. By doing so Comcast not only violates the TCP standard, but also the Host Requirements standards, and by crafting the packet to appear as if it came from the remote upstream peer is violating Federal Law.

ROADMAP

This memo will address the following:
1. What makes one \"part of the Internet\" or \"connected to the Internet\"
2. What standards and specifications spell out what is allowed and disallowed on the Internet.
3. What laws exist that govern these in the United States
4. What Comcast does which violates these standards and specification.

BEING CONNECTED TO THE INTERNET

Connection to the Internet in 2007\'s \"Broadband America\" is a simple matter of three items:
1. Get a carrier to provide a connection
2. Have a piece of hardware (typically a PC, a Mac, or a Router) which can connect to that connection
3. Make sure that hardware has the right software (Windows, MacOS, or embedded IP) to speak the right protocols.

Getting a Carrier

In most areas, the dominant carrier for \"broadband access\" is the local cable company, most of which have their own dedicated coaxial and fiber infrastructure, and a franchise agreement or otherwise similarly codified effective monopoly. Alternate access may exist in the form of lower-speed via the telephone company\'s Digital Subscriber Loop (\"DSL\") or a wireless Internet Service Providers (\"wISP\"). These latter two offer speeds that rival 1/10th the Cable Companies advertised speeds* to 1/2 at best. Thus definitionally the only true \"broad\" band coverage is that provided only by the cable company. Getting the cable company to install a circuit is a simple matter usually handled by one telephone call, requiring no special contract or signature, and in most cases not even requiring a supervised site visit. (An unsupervised site visit by a technician to remove a high-pass or low-pass filter is sometimes required depending on the cable company\'s network.)

* Based on advertised speeds available in Tucson AZ, June-August 2007

Having a piece of hardware

A Personal Computer (PC) is available ubiquitously, and complete systems are sold throughout the Internet (e.g. eBay, Dell.com, etc.) and in stores (e.g. Best Buy, Circuit City, Walmart, etc.)

Having a piece of software

Most PCs come preloaded with a form of the Windows operating system. Mac systems come preloaded with MacOS. Either can be converted to running the popular and free open-source operating system Linux. Embedded routing devices run their own embedded operating system, often based on Linux.

INTERNET STANDARDS AND SPECIFICATIONS

1. There are standards all hosts on the Internet must adhere to. This includes all routers and end users\' systems. (End-Systems and Intermediate Systems in ISO-speak.)
2. These are protocol standards that specify how a protocol is to be implemented

Hosts Requirement RFCs

RFC 1123 is the Host Requirements RFC. It is an official specification which \"...supplements the primary protocol standards relating to hosts.\"[RFC-1123, para 1 \"Status of This Memo\"]. The \"primary protocol standards relating hosts\" are discussed in RFC-1122, \"Requirements for Internet Hosts -- Communication Layers.\" It \"...supplements the primary protocol standards documents relating to hosts.\" [RFC-1122, para 1 \"Status of This Memo\"].

Transmission Control Protocol RFC
-
The primary specifications document for hosts communicating using the Transmission Control Protocol(TCP) is RFC-793. [RFC-793, Sec 1.3]
This document specifies in which case an RST may be sent. Section 3.2 specifies the TCP state machine, which indicates from which state, specific actions are allowed, and new states attainable. Figure 6 is the TCP Connection State Diagram. [RFC-793 Sec 3.2 Figure 6]. The Routers used by Comcast on its network might also be considered Intermediate Systems, and as such are not participator to the TCP endpoints of the Comcast-Client Remote End System TCP communication. Its TCP state machine for that connection should therefore be considered in \"CLOSED\" state. From that state there are various allowed things, but sending an RST is not one of them. [RFC-793 Sec 3.9, \"CLOSED STATE\"].

LAWS RELATED TO THIS COMMUNICATION

There are two distinct issues involved in the matter.
1. Denial of Service Attack
2. Disrupting legitimate communication

Laws -Denial of Service Attack

18 USC 1030 \"Fraud and related activity in connection with computers\" has several related sections. 1030(a)(5)(A)(i) specifically prohibits \"knowingly\" causing a transmission which \"...causes damage without authorization.\" Destroying a legitimate TCP connection without authorization damages the tranferred item (File, etc.) as well as the connection, as well as the download process.

Laws - Disrupting Legitimate Communication

1030(a)(6)(A) offers an alternative view which is that \"intent to defraud traffics...\" [if] \"such trafficking affects interstate or foreign commerce.\" This means that for those who use point-to-point clients for Commerce (e.g. distribution of software patches, programs, drivers, etc.) and for which these downloads occur over the Comcast network using the Peer to Peer network, the fraudulent IP address destroying its legitimate traffic constitutes a clear violation of this statute.

WHAT COMCAST DOES WHICH VIOLATE THESE STANDARDS, SPECIFICATIONS, AND LAWS

Facts

Comcast owns, leases, or operates devices manufactured by Sandvine Incorporated. http://www.lightreading.com/document.asp?doc_id=11 8890 [lightreading.com]
These devices craft TCP packets, purportedly from a non-Comcast end-user to a Comcast end-user which affect a TCP RST. These packets have a spoofed IP address, a spoofed TCP control bitfield, and a crafted TCP Sequence Number, a crafted TCP Checksum, and a crafted IP checksum.

Relation to Standards and Laws

(henceforth, TCP packets containing a control bitfield with the RST bit set, and encapsulated within an IP packet and sent over the Internet shall be referred to as simply \"An RST\", and the disrupted peer-to-peer conversation a \"TCP Communication\").

Standard:Only an END-SYSTEM in the LISTEN state may send An RST.
Violation 1: Comcast\'s systems are not END-SYSTEMS party to the TCP Communication
Violation 2: Comcast\'s systems are not in the LISTEN state for the TCP Communication.

Laws: Disrupting other people\'s communications is a bad thing
Violation: Comcast distrupts a perfeclty good TCP Communication with An RST fraudulently disguised as originating from elsewhere.
Violation: In the case of interstate or foreign commerce, Comcast disrupts this commerce with An RST>

SUMMARY

Comcast\'s actions violate one or more statutes as well as Internet standards and specifications required for all hosts (end-systems as well as intermediate systems) connected to the Internet.

Comcast should immediately cease and desist these egregious violations and cease perpetrating targeted Denial of Service attacks on its customers.
Reply With Quote Reply with Nested Quotes
  #9  
Old 2007-10-15, 08:57 PM
ccrider895's Avatar
ccrider895 ccrider895 is offline
Fuck 2024
1.58 TB/3.22 TB/2.04
 
Join Date: Nov 2004
Location: Wherever you go, there you are
Re: sandvine workaround

That's some interesting reading, cicada. I don't believe I've gotten one of these notices yet, but I'll check out your other link later.

I could devote an entire thread to the problems I've had with Comcrap this week, and the whole sandvining issue, however it would be more appropriate for the Lounge.

Y'know for language and all......

Anyway, I just want to thank Lynn for sharing that link. I'm using that little firewall now, and was finally able to seed a show on another site. I still can't connect to as many people as before, and I found that I can better connect to people who are using Azureus, utorrent and Bittornado with encryption enabled.

In a large swarm it seems to work pretty well, but not so well when there only a couple seeders/leechers.

I hope the govt. or the EFF takes these bastards to court. Even my mother was savvy enough to read articles on this and drop them as her ISP. I was pretty damn impressed she got it!

I would drop them myself, but very soon I will be moving to another city that is not served by those f*ckers.

Last edited by ccrider895; 2009-01-19 at 08:50 PM.
Reply With Quote Reply with Nested Quotes
  #10  
Old 2007-10-15, 09:05 PM
ccrider895's Avatar
ccrider895 ccrider895 is offline
Fuck 2024
1.58 TB/3.22 TB/2.04
 
Join Date: Nov 2004
Location: Wherever you go, there you are
Re: sandvine workaround

Yikes! didn't mean for that picture to be so big. It didn't look that imposing when I emailed it to somebody.
Reply With Quote Reply with Nested Quotes
  #11  
Old 2007-10-15, 09:15 PM
possessed's Avatar
possessed possessed is offline
the non-nuclear Homer Simpson
202.13 GB/314.80 GB/1.56
 
Join Date: Apr 2006
Location: the mitten state
Re: sandvine workaround

I was originally pissed that my apartment didn't get Comcast (based on speed of their packages vs what I was offered) but the rest of the city did. Now I'm quite happy with my local provider that has given me no trouble with my terabyte of of transfer in the last 11 months. I've had months as low as 9 gig both ways and as high as 185 gigs both ways.

I suggest everyone get DUmeter and install it on there rig to monitor there traffic should they ever need to argue with their provider.

http://www.hageltech.com/dumeter/
__________________
1 2010 KBS left!
4 2011 KBS left.
And 6 2009 and 2 2010 Nemesis too.




Quote:
Originally Posted by [email protected] View Post
I hear the Rape is lovely this time of year.
Quote:
hey man if nobody else has helped you out, i can continue to ignore you too
Reply With Quote Reply with Nested Quotes
  #12  
Old 2007-10-15, 11:06 PM
dcbullet's Avatar
dcbullet dcbullet is offline
Greedy Corporation
TTD Staff
73.48 GB/423.76 GB/5.77
 
Join Date: Nov 2004
Location: San Diego / San Francisco, CA
Re: sandvine workaround

Quote:
Originally Posted by possessed
I was originally pissed that my apartment didn't get Comcast (based on speed of their packages vs what I was offered) but the rest of the city did. Now I'm quite happy with my local provider that has given me no trouble with my terabyte of of transfer in the last 11 months. I've had months as low as 9 gig both ways and as high as 185 gigs both ways.

I suggest everyone get DUmeter and install it on there rig to monitor there traffic should they ever need to argue with their provider.

http://www.hageltech.com/dumeter/
Hey thanks, I've tried some other bandwidth monitor programs and haven't like them. I'll try this.
Reply With Quote Reply with Nested Quotes
  #13  
Old 2007-10-16, 12:41 AM
cicada's Avatar
cicada cicada is offline
Long Distance Runner
1.32 TB/2.12 TB/1.61
 
Join Date: Sep 2006
Location: north of the medicine line
Re: sandvine workaround

(pardon my double post) message is below
V V V V V V V V V
Reply With Quote Reply with Nested Quotes
  #14  
Old 2007-10-16, 12:44 AM
cicada's Avatar
cicada cicada is offline
Long Distance Runner
1.32 TB/2.12 TB/1.61
 
Join Date: Sep 2006
Location: north of the medicine line
Re: sandvine workaround

Here is the link that I read which states Comcast has given all it's customers the chance to "opt out" or accept arbitration ... if it should go to court http://www.nbc4.com/money/13770401/detail.html

If you are still with Comcast... be sure to read the fine print on your recent billings. It appears that this meassage was NOT prominent.

Quote:
Comcast customers can opt out of the arbitration notice either online or by mail.

Online:

Go to comcast.com/arbitrationoptout and fill out the form. Subscribers will need a copy of their Comcast bill so they can enter their entire customer account number as it appears on the bill. If they have difficulties they should call 800-COMCAST (800-266-2278) and report the problem. They should keep a copy of the form.

By Mail:

Subscribers should write a note to Comcast that includes their name, address, Comcast account number and a statement that they do not wish to resolve disputes with Comcast through arbitration, and then mail to: Comcast, 1500 Market Street, Philadelphia, PA 19102, ATTN: Legal Department/Arbitration. They should also keep a copy of the letter they send to Comcast.
Reply With Quote Reply with Nested Quotes
  #15  
Old 2007-10-16, 01:04 AM
possessed's Avatar
possessed possessed is offline
the non-nuclear Homer Simpson
202.13 GB/314.80 GB/1.56
 
Join Date: Apr 2006
Location: the mitten state
Re: sandvine workaround

Quote:
Originally Posted by dcbullet
Hey thanks, I've tried some other bandwidth monitor programs and haven't like them. I'll try this.
no problem. I've used DUmeter for years. Simple but effective. And you get daily, weekly, monthly and overall bandwidth usage. Everyone should use it. It gives you a leg up on your ISP if they want to cry foul.
__________________
1 2010 KBS left!
4 2011 KBS left.
And 6 2009 and 2 2010 Nemesis too.




Quote:
Originally Posted by [email protected] View Post
I hear the Rape is lovely this time of year.
Quote:
hey man if nobody else has helped you out, i can continue to ignore you too
Reply With Quote Reply with Nested Quotes
Reply

The Traders' Den > Where we go to learn ..... > Technobabble

Similar Threads
Thread Forum Replies Last Post
Mac Sandvine Fix - U2Lynne Technobabble 2 2008-03-01 05:45 PM
Packet sniffer.....Sandvine fix???? - ep620 Technobabble 1 2007-11-18 12:53 AM
Sandvine - lgerard Technobabble 36 2007-09-10 04:22 PM


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forums


All times are GMT -5. The time now is 04:00 AM.


Powered by: vBulletin, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - , TheTradersDen.org - All Rights Reserved - Hosted at QuickPacket