[100241] in North American Network Operators' Group
RE: Comcast blocking p2p uploads
daemon@ATHENA.MIT.EDU (Scott Berkman)
Fri Oct 19 19:09:36 2007
From: "Scott Berkman" <scott.berkman@reignmaker.net>
To: "'Clinton Popovich'" <crpopovi@nauticom.net>,
"'Mark Owen'" <mr.markowen@gmail.com>,
"'Mike Lewinski'" <mike@rockynet.com>
Cc: <nanog@nanog.org>
Date: Fri, 19 Oct 2007 18:50:24 -0400 (EDT)
In-Reply-To: <03c301c81291$883e20b0$98ba6210$@net>
Errors-To: owner-nanog@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_065B_01C81280.E2D0AEA0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
This solution is only partially effective because Comcast's Sandvine
deployment sends a farced RST packet to both sides of the connection. The
solution linked below drops the RST packet on your firewall keeping the
connection from being torn down as far as your client is concerned, but it
is not very likely that the other end will have this as well.
This is not to say it can't help. Using HTTPS on the tracker and data
encryption also help. So does any kind of tunneling including tor or
DNS/icmp tunneling, but these have some level of performance impact that
may be undesirable.
-Scott
_____
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Clinton Popovich
Sent: Friday, October 19, 2007 4:49 PM
To: 'Mark Owen'; 'Mike Lewinski'
Cc: nanog@nanog.org
Subject: RE: Comcast blocking p2p uploads
For anyone who is not aware this Comcast issue does have a solutions and
its called iptables. works great for those behind either the great
firewall of china or the great firewall of Comcast.
http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-linux-iptables
.html
Clinton Popovich
Systems Administrator
Nauticom Internet Services - An NPSI Company
2591 Wexford-Bayne Road, Suite 400
Sewickley, PA 15143
Tel: 724-933-9540
Fax: 724-933-9888
Email: crpopovi@nauticom.net
Web: <http://www.nauticom.net/> http://www.nauticom.net
------=_NextPart_000_065B_01C81280.E2D0AEA0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:v =3D=20
"urn:schemas-microsoft-com:vml" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word" xmlns:m =3D=20
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.3199" name=3DGENERATOR>
<STYLE>@font-face {
=09font-family: Calibri;
}
@font-face {
=09font-family: Tahoma;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
=09FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","se=
rif"
}
LI.MsoNormal {
=09FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","se=
rif"
}
DIV.MsoNormal {
=09FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","se=
rif"
}
A:link {
=09COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
=09COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
=09COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
=09COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.gmailquote {
=09mso-style-name: gmail_quote
}
SPAN.EmailStyle18 {
=09COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: per=
sonal-reply
}
.MsoChpDefault {
=09mso-style-type: export-only
}
DIV.Section1 {
=09page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=3DEN-US vLink=3Dpurple link=3Dblue>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D869284522-19102007><FONT face=3DA=
rial=20
color=3D#0000ff size=3D2>This solution is only partially effective because =
Comcast's=20
Sandvine deployment sends a farced RST packet to both sides of the=20
connection. The solution linked below drops the RST packet on your=20
firewall keeping the connection from being torn down as far as your client =
is=20
concerned, but it is not very likely that the other end will have this as=
=20
well.</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D869284522-19102007><FONT face=3DA=
rial=20
color=3D#0000ff size=3D2></FONT></SPAN> </DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D869284522-19102007><FONT face=3DA=
rial=20
color=3D#0000ff size=3D2>This is not to say it can't help. Using HTTP=
S on the=20
tracker and data encryption also help. So does any kind of tunneling=
=20
including tor or DNS/icmp tunneling, but these have some level=20
of performance impact that may be undesirable.</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D869284522-19102007><FONT face=3DA=
rial=20
color=3D#0000ff size=3D2></FONT></SPAN> </DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D869284522-19102007> &n=
bsp; <FONT=20
face=3DArial color=3D#0000ff size=3D2>-Scott</FONT></SPAN></DIV><BR>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> owner-nanog@merit.edu=20
[mailto:owner-nanog@merit.edu] <B>On Behalf Of </B>Clinton=20
Popovich<BR><B>Sent:</B> Friday, October 19, 2007 4:49 PM<BR><B>To:</B> 'Ma=
rk=20
Owen'; 'Mike Lewinski'<BR><B>Cc:</B> nanog@nanog.org<BR><B>Subject:</B> RE:=
=20
Comcast blocking p2p uploads<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=3DSection1>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-seri=
f'">For=20
anyone who is not aware this Comcast issue does have a solutions and its ca=
lled=20
iptables… works great for those behind either the great firewall of c=
hina or the=20
great firewall of Comcast…<o:p></o:p></SPAN></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-seri=
f'"><o:p> </o:p></SPAN></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-seri=
f'"><A=20
href=3D"http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-linux-i=
ptables.html">http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-l=
inux-iptables.html</A><o:p></o:p></SPAN></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-seri=
f'"><o:p> </o:p></SPAN></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-seri=
f'"><o:p> </o:p></SPAN></P>
<P class=3DMsoNormal=20
style=3D"mso-margin-top-alt: auto; mso-margin-bottom-alt: auto"><B><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: #1f497d; FONT-FAMILY: 'Arial','sans-serif'=
">Clinton=20
Popovich<BR></SPAN></B><I><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: #1f497d; FONT-FAMILY: 'Arial','sans-serif'=
">Systems=20
Administrator<BR></SPAN></I><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: #1f497d; FONT-FAMILY: 'Arial','sans-serif'=
">Nauticom=20
Internet Services - An NPSI Company<BR>2591 Wexford-Bayne Road, Suite=20
400<BR>Sewickley, PA 15143<BR>Tel: 724-933-9540<BR>Fax: 724-933-9888<BR>Ema=
il:=20
<A href=3D"mailto:crpopovi@nauticom.net">crpopovi@nauticom.net</A></SPAN><S=
PAN=20
style=3D"COLOR: #1f497d"><BR></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: #1f497d; FONT-FAMILY: 'Arial','sans-serif'=
">Web:=20
</SPAN><SPAN style=3D"COLOR: #1f497d"><A href=3D"http://www.nauticom.net/">=
<SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">http://www.nau=
ticom.net</SPAN></A><o:p></o:p></SPAN></P>
<P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-seri=
f'"><o:p> </o:p></SPAN></P></DIV></BODY></HTML>
------=_NextPart_000_065B_01C81280.E2D0AEA0--
