Fwd: SlashDot: "Comcast Gunning for NAT Users"

Fri Feb 1 15:45:59 UTC 2002

While most ISPs really don't care if folks use a VPN, there is a reason for
this inclusion in the T&C's. When a service provider is trying to sell 500
accounts to an enterprise, for VPN connectivity, they want to be able to
charge more. There are also support issues, which include the nightmarish
scenerio of a user calling Tech Support, wanting assistance setting up or
using their corporate VPN client. To say that this is beyond the skills of
the average Tech Support staffer, is an understatement. And, of course, it's
not his job to help a user do this.

The other interesting part of this is that the Comcast T&C's DON'T mention
NAT, and it looks like they don't have a "NAT POLICE" group, scouting for
violators on their network. I'm sure this is a crushing blow to the
tinfoil-hat wearing set on NANOG, but it shouldn't be a surprise, except to
those who spend their free time reading slashdot, and cursing the "forces of
corporate evil" who are looking to confiscate their linksys NAT boxes.

:)

- Daniel Golding

> Eric Hall Said...
>
>
>
>
> I'm not sure how I got put into the position of defending their possible
> practices. I've already said that looking for NATs as a practice isn't a
> good idea.
>
> I suggest that people read the following (they seem to be cut-n-pasted
> from the @Home agreements, BTW):
>
> http://www.comcast.net/TermsofService/aup.asp
>
>    Bandwidth, Data Storage and Other Limitations
>
>    Users must ensure that their activity does not improperly restrict,
>    inhibit, or degrade any other user's use of the Services, nor
>    represent (in the sole judgment of Comcast High-Speed Internet
>    Service) an unusually large burden on the network itself.
>
>    [What's an "unusually large burden" (in Comcast's sole opinion)?]
>
>    The Comcast High-Speed Internet Service residential service offering
>    is a consumer product designed for your personal use of the Internet.
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>    Violation of Acceptable Use Policy
>
>    Comcast High-Speed Internet Service does not routinely monitor the
>    activity of accounts for violation of this Policy. However, in our
>    efforts to promote good citizenship within the Internet community,
>    we will respond appropriately if we become aware of inappropriate
>    use of our Services.
>
> http://www.comcast.net/TermsofService/subagree.asp
>
>    6. PROHIBITED USES OF THE SERVICE
>
>  viii ...
>
>    THE SERVICE IS TO BE USED SOLELY IN A PRIVATE RESIDENCE; LIVING
>    QUARTERS IN A HOTEL, HOSPITAL, DORM, SORORITY OR FRATERNITY HOUSE,
>    OR BOARDING HOUSE; OR THE RESIDENTIAL PORTION OF A PREMISES WHICH IS
>    USED FOR BOTH BUSINESS AND RESIDENTIAL PURPOSES.
>
>    [I'm in violation on that, since I have it feeding into my lab]
>
>    THE SERVICE IS FOR PERSONAL AND NON-COMMERCIAL USE ONLY AND CUSTOMER
>    AGREES NOT TO USE THE SERVICE FOR [...] ANY BUSINESS ENTERPRISE, OR
>    AS AN END-POINT ON A NON-COMCAST LOCAL AREA NETWORK OR WIDE AREA
>    NETWORK, OR IN CONJUNCTION WITH A VPN (VIRTUAL PRIVATE NETWORK) OR
>    A VPN TUNNELING PROTOCOL;
>
>    | "Steven J. Sobol" wrote:
>
>    | > 2 x ssh = 2 tcp connections.
>
>    So Steven would be in violation of that, unless he were using SSH
>    to access a MUD. :p
>
> The point is that they do not want people using it for anything other than
> consumer-oriented Internet access. There are ways to cast a net and catch
> such fish. Yes, every system can be fooled, and every fool has a system.
> If you show up on their radar, chances are that they can still yank you
> for something else even if the first filter proves false.
>
> It's also interesting that NATs are not explicitly mentioned in either of
> the above specifications, and I saw no reference anywhere else on their
> web site (not that it matters; violation is within their discretion).
>
> http://www.comcastonline.com/FAQsList.asp?.=.&FAQCategoryID=2#15
>
>    Can I use the service on more than one computer?
>
>       Yes, customers with home networks may order additional network
>       addresses in order to connect several computers to the service
>       through one cable modem.
>
>       You must first subscribe to the basic Comcast High-Speed
>       Internet Service.
>
>       Once you become a subscriber, you can sign up for a second and
>       third address.
>
>       You will need to have access to network expertise because
>       Comcast High-Speed Internet Service neither installs nor
>       supports networks.
>
>       The cost is $6.95 per month for each additional outlet.
>       Customers can have two additional addresses, for a total of
>       three.
>
>       Comcast will install the network card and software on a second
>       and third computer for a change of $49 for each computer.
>
>   http://www.comcastonline.com/howmuch.asp?.=.
>
>       additional IP addresses "$6.95 - 9.95/each"
>
> As far as I can tell, using a NAT is permitted. Running a server, staying
> connected to corporate mail systems 24x7, and doing other non-consumer
> stuff is still the only thing forbidden.
>
> --
> Eric A. Hall                                        http://www.ehsco.com/
> Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/
>