Friday, 19 October 2007

In Passing

If J.Random Hacker was doing this, he'd wind up in jail

Comcast has been caught running "Man-in-the-Middle Attacks" on its internet service:

Comcast's technology kicks in, though not consistently, when one BitTorrent user attempts to share a complete file with another user.

Each PC gets a message invisible to the user that looks like it comes from the other computer, telling it to stop communicating. But neither message originated from the other computer — it comes from Comcast. If it were a telephone conversation, it would be like the operator breaking into the conversation, telling each talker in the voice of the other: "Sorry, I have to hang up. Good bye." -- Associated Press story via msnbc
It's not just BitTorrent. How about Lotus Notes:
I finally have an end-to-end trace to share which shows that Comcast is filtering the port 1352 traffic. The images... [see linked post] show that Comcast is impersonating and using man-in-the-middle tactics to filter the traffic as stated in the CNet post.
...
...the Notes client saw the RST packets coming from the Domino server IP and the Domino server saw the RST packets coming from the Notes client PC. However the trace doesn't show either one of them sending the RST packets which means something on the network in between was sending them. The Sandvine appliance (or whatever Comcast is using) sends the RST packets to both systems while imitating the other. -- Kevin Kanarski
This warrants far more fuss then the AT&T terms-of-service flap. The AT&T thing was just potential: No one's service had ever been cut off for saying something AT&T didn't like.

Comcast's spoofing is going on right now.


Note that this isn't strictly about network neutrality. Slashdot commenter "isaac" spells out the issue:
Comcast would be well within their rights to drop or deprioritize bittorrent packets, but it's not at all clear that sending TCP reset segments with forged source IP addresses is kosher.

... Comcast is actually forging source addresses on both sides with the effect of concealing their actions and fooling the parties on each end into terminating their connections at (what they believe to be) each other's legitimate request.


Via Slashdot and comment #21042369 (for Kanarski post)


UPDATE 071029 03:15: Coverage at Consumerist:

Posted by: Old Grouch in In Passing at 16:38:27 GMT | No Comments | Add Comment
Post contains 403 words, total size 5 kb.

Comments are disabled. Post is locked.
70kb generated in CPU 0.04, elapsed 0.2216 seconds.
51 queries taking 0.1997 seconds, 207 records returned.
Powered by Minx 1.1.6c-pink.