I hate Comcast! Those fuckers are really getting on my nerves. I mean what the hell is this supposed to be? WTF?
I haven’t seen decreases speeds lately, but then again I don’t download that much. I was seeding files just yesterday, and my ratio was 1.6 on both big ISO’s. So perhaps this is just regional and not everyone has their traffic shaped with Sandvine yet. Anyone around here has Comcast? How are your torrent speeds lately?
Sigh… The day your ISP starts meddling with traffic shaping bullshit is the day you should start looking for a new ISP. And not just because downloading torrents will suck – because of the principle. No one is going to tell me what can or can’t I do with the bandwidth I pay for.
Oh wait… Comcast and Sanvine pwnt:
iptables -A INPUT -p tcp –dport $TORRENT_CLIENT_PORT –tcp-flags RST RST -j DROP
I haven’t tried it but supposedly works. If you drop the RST packets sent to your torrent port the seeding issue goes away. Then encryption should fix the rest.
Actually, on the second thought dropping RST packets may not be a good idea, as there are legitimate reasons for sending them. Use at your own risk.
[tags]comcast, comcast sucks, fuck comcast, isp, traffic shaping, comcast throttling bittorrent[/tags]
Sorry, the IP tables command doesn’t work.
iptables -A INPUT -p tcp –dport $TORRENT_CLIENT_PORT –tcp-flags RST RST -j DROP
This just drops tcp resets. It blows my mind that people think that will stop the throttling. Not to mention, I’ve heard again and again that encryption & randomizing the port will get around this. From my experience this is not true. The encryption only hides *what* you are transferring, it doesn’t (and can’t) hide where or how. Bittorrent is a very unique protocol and it is very easy to identify a user, even without real packet inspection. The only thing to get around this is rent a host somewhere that allows bittorrent. Run bittorrent from there and transfer completed items back through ssh, scp, sftp or whatever.
Your options for getting around it are very limited. It would be my guess that Comcast uses a layer2 packet shaper, which has the ability to determine the actual content of an unencrypted packet regardless of port, and the ability to determine the type of traffic regardless of port or content. This has been quite common for years. Chances are you are just going to have to live without torrent, or switch to a provider that doesn’t throttle torrent activity.
I tried to get around this before ISP, I couldn’t. I ran fragroute, which chops up your packets randomly so for sure no one can tell what is in them, and hopefully enough to throw off the signature. No dice. I tried the IP tables rule above, no improvement. I ran traffic over TOR (definitely abuse, sorry TOR people, I’ve mended my ways) and it didn’t help, since any ISP can still identify bt traffic, if not what is in it or where it is going. Encrypting traffic and running it over a port that normally has encrypted traffic (ie 443 for SSL, or 22 for ssh) didn’t work either.
But as an IT guy, I’d have to guess that the growing trend to throttle connections is most likely a QoS issue. While bt users may not intend to suck up all of the bandwidth their ISP has, bittorrent is notorious for eating up the band. This probably matters to Comcast more and more now that they have their own VoIP & IPTV–too many people on bittorrent and their other services may suffer (this isn’t our fault, but it doesn’t mean they won’t make us pay for it). In addition, bittorrent unfortunately has a rather poorly designed protocol (for packet efficiency that is, it is great for moving around lots of the same bits). Bittorrent has the problem of opening a lot of connections (the larger the torrent storm, the more connections). While each of these connections to other seeders/leechers may only be passing small amounts of information, they tend to take up a lot of the routers memory (especially for very slow connections that stay open even though they don’t pass much if not any information). This kills a router. You might not ever notice it at your own home, but having a lot of people on torrents can drop a router fast, and thus reduce the speeds available for all of the other users using your ISP. Kind of like a DOS attack on a router. It is scummy for them to do this, but I thought you guys might want to know the other reasons for throttling this type of bandwidth.
PS – It also seems like they’ve been throttling Vonage for sometime now. Pigs!
Oops. Looks like you double posted. I deleted one copy. Anyway, thanks for the info. After I posted that iptables thing found on slashdot I realized that it is not the best solution. lol
How about a VPN tunel or SSH? Would port forwarding with ssh help, or can they packet shape that too?
Sigh.. If their routers are getting killed it means they should probably get more of them, distribute their traffic and do some sort of load balancing. Throttling customers is just a cheep and easy way out of the problem they got themselves into by overselling their services.
Thanks for getting rid of the double post. VPN or SSH is fine, so long as you have a VPN/SSH tunnel to a machine with an unthrottled connection. All ISPs do a lot of load balancing, so you’re right–this is an easy way out. Heck they could just do the networking equivalent of “partitioning” their bandwidth so their VoIP and IPTV customers don’t get bad reception.
I think it is telling they aren’t throttling based on total use. It isn’t the bandwidth consumption that is the issue (or else they’d throttle based on total consumption, youtube isn’t easy on the “tubes” either)–but just bittorrent. That is what leads me to suspect all of the connections bittorrent makes is dropping routers, or at least gumming them up.
I forgot to reply to your mention of port forwarding. Port forwarding just lets your box get inbound connections that a NAT router/firewall blocks. If your own router is blocking bt, than yes port forwarding will help. This issue has mostly been worked around with stuff like uPnP and whatnot though.
You can’t run bt traffic over a VPN/SSH connection, unless all the other seeders/leechers were on the same VPN/SSH connection. Even if that was true, ISPs could still throttle based on usage patters as bt is pretty unique.
I don’t know that bt is dropping their routers, I just know it has a tendency to do that. I’m sure they’re running nice cisco powerhouses, so it’d take a lot of bt traffic from a lot of customers on the same switch to drop one, but you can slow one down, or force it to act like a hub if it can’t keep up with the switching (and acting like a hub will start trashing everything around it). Anyway, I don’t know this is the issue, I just think it could be.
All I know is that pretty soon we will have to have a license to use the Internet and won’t be able to access anything but stuff by certified publishers.
Thanks for the info jambarama. Btw, I don’t think I ever had a comment from a BeOS user. Nice!
@Nemarnemelekanelam – between DRM, trusted computing and all those lawsuits it does seem that this is where we are heading. :(
BeOS, well it isn’t as weird as it sounds–it is running in a VM on top of FreeBSD. Glad to be helpful!
Oh. :( Well, that’s disappointing. LOL Oh well, you still get points even if it’s just virtualized.
To tell you the truth, I never used that OS (BeOS, notBSD)./ub
I have tried several things as well. I found the best settings are to just use the default BitTorrent ports and let ‘er rip. I am sure the main trigger is the amount of data coming from your system. This usually means you are running a sever (not many people post that amount of data).
I know its off topic, but it’s kind of weird… look at all the difference here…
Weird OSes: BSD (sort of I guess), Solaris, BeOS
Wierd Browsers: Kazehakase and NetPositive
I wouldn’t consider Solaris and BSD weird. On the other hand though, I haven’t seen BeOS used in the wild until now.
Even though I am a Solaris fanatic, I would consider it weird (or at least rare). Not many people would even think about using Solaris at home.
Then again, I once saw a person hit my blog with Mosaic running on VMS. Now that is weird!
Craig Betts: I can’t help but wonder if people are using fake user agents sometimes. Like right now, I should be seen as using Minimo on a Windows Mobile Device, but I only own a Palm OS PDA. Anyway, first and last time cloaking a user agent just to be fun for the comments here. :)
@Criag – when I was an undergrad we had a whole lab of Spark machines running Solaris. We used them for almost everything since this was the only lab on campus that did not require 20+ minute wait for a machine.
The lab was for CS majors only, and since most of the CS majors were cluless n00bs (ah the joys of .com era, when everyone and their mom wanted to “do computers” and get the low skill, easy money web design jobs) the lab was always empty.
Anyway, now that Solaris 10 runs of x86 architecture more people may decide to run it at home. :) But yeah, Solaris boxes are more likely to be servers than desktop machines.
@Jake – yeah, masking your user agent is easy. I actually routinely “cheat” it because my generic Firefox install on the Kubuntu box registers as Mozilla on Linux. So I put the correct info in general.useragent.extra in about:config.
Or you can use a plugin to mask yourself as IE, Opera and etc. So this is by no means a 100% accurate system. It’s mostly what your browser agrees to tell me about.
Then again it’s usually a good idea to run under correct user agent since some people use it to serve you correct CSS and browser specific scripts.
@Lucas: Yes, I occasionally have to use a different browser to access a site… or so it says. I just tell I’m using Internet Explorer, Netscape, or whichever and I’m fine. The only problem is when I forget to change it back. I want the sever logs to know that I use Linux and Firefox. Not sure why.
Well, it is a little known fact that Solaris x86 was out as far back as 2.5.1. My first taste was with Solaris 7 on an old Pentium Pro 200mhz with 128mb RAM and 4gig Drive. This was my primary workstation from 1999 to 2002, until I graduated to an Ultra 60.
Every now and then, I fire-off Solaris on my MacBook. Now that is getting geeky!
@Jake – locking out users based on their browser is just plain lazy and inconsiderate. I hate when people do that.
[quote comment=”5870″]Every now and then, I fire-off Solaris on my MacBook. Now that is getting geeky![/quote]
Nah. Not nearly as geeky as the people who figure out how to run Linux on their XBox or PSP. :mrgreen:
I must say, Kazehakase is probably the fastest browser I’ve ever used. It renders with Gecko, so it isn’t some non-functioning browser (a la links). As soon as I click the icon, it is up. That fast. If you’re on Linux, give it a shot (ironic I’m in FF now).
Yeah, I tried it. It is really fast. I can’t live without my firefox extensions though. :)