Blocking Sandvine via WIPFW/iptables.

[Stavros]

I'm not sure how aware some of you are on ISPs forging reset packets when an ISP (specifically utilizing Sandvine) detects P2P uploading.

I have reason to suspect that my ISP (Comcast) has been utilizing traffic shaping via Sandvine (by briefly cutting my connection for a fraction of a second) to prevent me from torrenting some of my favorite pieces of software.

I'm not completely clear on what exactly Sandvine is, but I know that it has to do with preventing P2P traffic among other uses. Here's Wikipedia's take on Sandvine. Regardless, I know this much; when an anti-p2p ISP detects uploading it will forge an rst (reset) packet and send it to the uploader resetting the connection and preventing uploading. I did a bit of digging and found two useful firewall settings to block rst packets on a torrent port.

All directions are self explanatory.
#1 WIPFW firewall settings under Windows
#2 iptables firewall settings for Linux

Before I give my final verdict I'm going to see if this helps my torrents from dropping. I'll give my final verdict after this torrent is finished (roughly 1 day 20 hours if all goes well). Other people are welcome to test this out.

[ayu]

Interesting =O

My ISP doesn't do this so i don't think i will be able to test. But i would love if you could keep us updated with your tests if possible since this sounds very interesting =)

[Stavros]

Well, I'm not really sure what to make of it. I still had connection drops albeit not nearly as frequent. After I made set that up it delayed the connection drop from every 5 minutes to anywhere from 15 to 30 minutes. I did a little bit more digging an saw that this method claimed to not work. I went on utorrent's forums and read a little and dropped my global connection from an whatever I had (in the hundreds) to 50 and that helped significantly. Not enough to run it while chatting, but it did not interfere with web surfing. I ran it at night as to not raise my blood pressure while trying to chat or game, but it did help. I have reason to suspect that that specific torrent was giving me trouble as the current torrent has been running stable as far as I can tell. I'll report back in a few days to give a more complete picture.

[n3rd]

Stav, I just seen a article that proved that comcast was killing p2p 24/7

http://gizmodo.com/390947/comcast-block ... ours-a-day

some more links

http://broadband.mpi-sws.mpg.de/transparency/results/

http://news.yahoo.com/s/ap/20071019/ap_ ... tion_tests

http://www.eweek.com/c/a/Government/Mar ... hrottling/

[Stavros]

Yea, I've been quite aware of this. Comcast has been in hot water with the FCC for roughly a year (if not longer). However, since I finally got that troublesome torrent, I've since completed one torrent without any interruptions and I'm working on another 3 day torrent and have had no interruptions on this one either.

Along with other listed fixes, I've also flashed my router with another compatable, older model D-Link makes and that fixed and unrelated, yet still annoying problem of the wirless turning itself off. Other than that I made sure the port was forwarded, enabled encryption, lowered my global connection settings, turned off resolve country, set net.outgoing_port and net.outgoing_port_max to my torrent port. I can't think of all that I kept because I've tried a lot of things and changed some of it back.

[Xonet]

If my ISP would start traffic shaping I would seriously start looking for a new one. So are there reasons to stay at Comcast (decent offer, price w/e)? Maybe you could consider it since once they start they probobly won't stop traffic shaping.

all these kind of things really piss me off lately, traffic shaping, questioning net-neutrality

[Stavros]

I would, if there was competition. Comcast is the only cable provider in my area and the fact that I'm not paying for it (dad is). And as far as I know, the phone company still hasn't got their shit together to put DSL out in my area.

I've not had trouble since I finally got the troublesome torrent downloaded. The only problem I'm having now is finding torrents with too many leechers and not enough seeders.

[rhysh]

I would, if there was competition. Comcast is the only cable provider in my area and the fact that I'm not paying for it (dad is). And as far as I know, the phone company still hasn't got their shit together to put DSL out in my area.

I've not had trouble since I finally got the troublesome torrent downloaded. The only problem I'm having now is finding torrents with too many leechers and not enough seeders.

lol

just get the ips and make a judgment on whos leeching whos not and ddos em or something...if your that desperate to dl the file lol

[nemo-111]

I'm very interested in this thread, and I start to wonder about cryptation, because if they can't analyze the info in the packets that are sent, then they shouldn't be able to stop it or?

I would like to know more about how this work and I would be happy if I could get to know more about this little project of yours =)

[DNR]

nemo,

Encrypting what is being sent is only half the solution, since traffic on a internet cable is huge they can't really take the time to stop and read each packets anyways.
The way they try to manage the traffic is by Ports. It is easier to track and control traffic by ports, rather than filtering by packet content.
Since the ISP owns the network you use, they can decide to block or reduce speed on certain ports. They can block port 25 traffic because they don't want their customers hosting a spam server, they can reduce speed on port 21 to discourage file trading on FTP. They certainly can try to block known ports by P2P - using the claim that p2p is trading in copyright violated materials. The ISP has to mention this in the fine print, and even then they got CYA because "terms and conditions can change" clause they got.

So, in short, you would also need to hide the port traffic into another port's traffic, i.e. spoof the p2p traffic into a legit media streamer' traffic.

DNR