<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3199" name=GENERATOR>
<STYLE>@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.gmailquote {
mso-style-name: gmail_quote
}
SPAN.EmailStyle18 {
COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-reply
}
.MsoChpDefault {
mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV dir=ltr align=left><SPAN class=869284522-19102007><FONT face=Arial
color=#0000ff size=2>This solution is only partially effective because Comcast's
Sandvine deployment sends a farced RST packet to both sides of the
connection. The solution linked below drops the RST packet on your
firewall keeping the connection from being torn down as far as your client is
concerned, but it is not very likely that the other end will have this as
well.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=869284522-19102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=869284522-19102007><FONT face=Arial
color=#0000ff size=2>This is not to say it can't help. Using HTTPS on the
tracker and data encryption also help. So does any kind of tunneling
including tor or DNS/icmp tunneling, but these have some level
of performance impact that may be undesirable.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=869284522-19102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=869284522-19102007> <FONT
face=Arial color=#0000ff size=2>-Scott</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> owner-nanog@merit.edu
[mailto:owner-nanog@merit.edu] <B>On Behalf Of </B>Clinton
Popovich<BR><B>Sent:</B> Friday, October 19, 2007 4:49 PM<BR><B>To:</B> 'Mark
Owen'; 'Mike Lewinski'<BR><B>Cc:</B> nanog@nanog.org<BR><B>Subject:</B> RE:
Comcast blocking p2p uploads<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'">For
anyone who is not aware this Comcast issue does have a solutions and its called
iptables… works great for those behind either the great firewall of china or the
great firewall of Comcast…<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><A
href="http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-linux-iptables.html">http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-linux-iptables.html</A><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto"><B><SPAN
style="FONT-SIZE: 10pt; COLOR: #1f497d; FONT-FAMILY: 'Arial','sans-serif'">Clinton
Popovich<BR></SPAN></B><I><SPAN
style="FONT-SIZE: 10pt; COLOR: #1f497d; FONT-FAMILY: 'Arial','sans-serif'">Systems
Administrator<BR></SPAN></I><SPAN
style="FONT-SIZE: 10pt; COLOR: #1f497d; FONT-FAMILY: 'Arial','sans-serif'">Nauticom
Internet Services - An NPSI Company<BR>2591 Wexford-Bayne Road, Suite
400<BR>Sewickley, PA 15143<BR>Tel: 724-933-9540<BR>Fax: 724-933-9888<BR>Email:
<A href="mailto:crpopovi@nauticom.net">crpopovi@nauticom.net</A></SPAN><SPAN
style="COLOR: #1f497d"><BR></SPAN><SPAN
style="FONT-SIZE: 10pt; COLOR: #1f497d; FONT-FAMILY: 'Arial','sans-serif'">Web:
</SPAN><SPAN style="COLOR: #1f497d"><A href="http://www.nauticom.net/"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">http://www.nauticom.net</SPAN></A><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><o:p> </o:p></SPAN></P></DIV></BODY></HTML>