Fwd: SlashDot: "Comcast Gunning for NAT Users"

E.B. Dreger eddy+public+spam at noc.everquick.net
Thu Jan 31 22:40:10 UTC 2002

> Date: Thu, 31 Jan 2002 16:09:47 -0600
> From: Eric A. Hall <ehall at ehsco.com>

(Put "SlashDot" in the title, and the thread suffers the

> "Bill Woodcock" <woody at zocalo.net> wrote:
> > Can you think of a way of doing it reliably?  Anything that
> > provides anything more than a guess?
> Several ways:
>   Comcast has a mail server, they could poke at the HELO
>   banners and other identifiers.

Can be overridden by an SMTP proxy.  Relay the message, drop the
old "Received:" lines, and perhaps mutate the message ID.

>   HTTP proxies indicating that multiple browsers are in use,
>   especially if multiple platforms (Win95, WinXP, as simple

Can also be overriden by Squid, among others.

>   More than ~4 simultaneous TCP connections open at once.

I'm known to download four or five large tarballs, run a couple
rsync sessions, and browse the Web with multiple browser
windows... all simultaneously.

> None of those would be bothered by firewalls or other
> legitimate devices, and would probably all be within a
> legally-defensible purview of ~analysis.

Perhaps... but false negatives and positives alike are trivial.

[ snip ]

> This is hard because they are selling bandwidth ("watch
> video") so they can't really cap the downloads, and they are
> selling always-on so they can't measure by time conveniently
> either. So they try to get the "bandwidth hogs" through
> contractual means. Comcast prohibits VPNs, and prohibits
> ~"attaching to another network", as examples. If you use too
> much bandwidth, they will use these to drop your service.

There it is... how many bits is the customer actually moving?

As for the person who mentioned modifying Linux IP code to alter
the port range... it's a simple set of sysctl tunables in BSD
(at least FreeBSD).


Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist at brics.com>, or you are likely to be blocked.

More information about the NANOG mailing list