[ NNSquad ] Re: U. of Colorado: Comcast now resetting wide range of TCPtraffic

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: U. of Colorado: Comcast now resetting wide range of TCPtraffic

To: <nnsquad@nnsquad.org>
Subject: [ NNSquad ] Re: U. of Colorado: Comcast now resetting wide range of TCPtraffic
From: "Robb Topolski" <robb@funchords.com>
Date: Sun, 6 Apr 2008 19:27:51 -0700

AFAICT, what they've published doesn't make much of a case, yet.  But it's
worth watching and definitely worth encouraging them to keep monitoring.

They inject 100 SYN packets per second to an off-net IP address.  Except for
the first 2-3 seconds of restarting a stopped task on a poorly-configured
P2P client (and many are poorly configured), the colorado.edu experiment
does not mirror traffic common to any typical use, including P2P.

It does however mirror a client participating in a SYN flood DDOS attack,
similar to the Blaster worm DDOS behavior.  If the offnet address was
randomized, it would look like such a worm trying to find another host to
infect.  

They describe their findings as a "shift" but they don't mention what the
"before" state was.

I have sent members of their team some suggestions and questions.

Robb Topolski

   [ Agreed, the test behavior appears to represent a highly atypical
     usage pattern, and we need more information.  But a question:
     Is general use of ISP-inserted RST packets ever an appropriate
     traffic management mechanism under the established protocol
     regimes?  If so, when is it appropriate, and when is it not?

       -- Lauren Weinstein
          NNSquad Moderator ]


-----Original Message-----
From: nnsquad-bounces+robb=funchords.com@nnsquad.org
[mailto:nnsquad-bounces+robb=funchords.com@nnsquad.org] On Behalf Of Lauren
Weinstein
Sent: Sunday, April 06, 2008 6:15 PM
To: nnsquad@nnsquad.org
Cc: lauren@vortex.com
Subject: [ NNSquad ] U. of Colorado: Comcast now resetting wide range of
TCPtraffic

 The University of Colorado at Boulder is reporting that Comcast has
shifted from inserting "forged" reset packets solely to disrupt P2P
traffic, to algorithms that can disrupt a wide range of traffic,
apparently irrespective of protocol, including potentially e-mail
and Web browsing.  

If verified, this suggests that instead of developing a sensible
traffic management policy, Comcast may have simply extended their
disruptive reset strategy more generally. 

First-hand reports or other additional info on this are welcome.  

The U. of C. report is at:

http://systems.cs.colorado.edu/mediawiki/index.php/Broadband_Network_Managem
ent

--Lauren--
NNSquad Moderator

References:
- [ NNSquad ] U. of Colorado: Comcast now resetting wide range of TCP traffic
  - From: Lauren Weinstein <lauren@vortex.com>

Prev by Date: [ NNSquad ] U. of Colorado: Comcast now resetting wide range of TCP traffic
Next by Date: [ NNSquad ] Re: U. of Colorado: Comcast now resetting wide range of TCP traffic
Previous by thread: [ NNSquad ] U. of Colorado: Comcast now resetting wide range of TCP traffic
Next by thread: [ NNSquad ] Re: U. of Colorado: Comcast now resetting wide range of TCP traffic
Index(es):
- Date
- Thread