Fwd: SlashDot: "Comcast Gunning for NAT Users"

Thu Jan 31 22:09:47 UTC 2002

"Bill Woodcock" <woody at zocalo.net> wrote:

>     > Besides the technical difficulties of detecting a household that is
>     > running a NAT...
>
> Can you think of a way of doing it reliably?  Anything that provides
> anything more than a guess?

Several ways:

  Comcast has a mail server, they could poke at the HELO banners and
  other identifiers.

  HTTP proxies indicating that multiple browsers are in use, especially
  if multiple platforms (Win95, WinXP, as simple test)

  More than ~4 simultaneous TCP connections open at once.

None of those would be bothered by firewalls or other legitimate devices, and
would probably all be within a legally-defensible purview of ~analysis.

As to whether or not Comcast does any of this, I do not know. My brother has a
friend who was a 2nd level tech with @Home, and he says they did it, so I
would not be surprised that Comcast would also.

The thing is that Comcast is trying to make money by selling ~consumer
Internet access, and they have a perception problem with shared access
(PacBell used to run great "bandwidth hog!" ads). They don't want people using
more pipe than ~consumer access would normally imply.

This is hard because they are selling bandwidth ("watch video") so they can't
really cap the downloads, and they are selling always-on so they can't measure
by time conveniently either. So they try to get the "bandwidth hogs" through
contractual means. Comcast prohibits VPNs, and prohibits ~"attaching to
another network", as examples. If you use too much bandwidth, they will use
these to drop your service.

--
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/