Comcast Packet Forgery

      Comments Off on Comcast Packet Forgery

The latest flap about “net neutrality” started with a test by the Associated Press which found evidence that Comcast is slowing BitTorrent traffic over its network.

If this were really a story about “net neutrality” the report would say that Comcast is identifying BitTorrent packets and transmitting them with lower priority so that they arrive more slowly. But what they actually found is much more disturbing. Comcast actually appears to be generating forged TCP Reset packets from the sender and receiver to trick them into dropping the connection.

My initial reaction was that this must be a mistake. Forged network packets are a standard tool used by malicious hackers to conduct Denial of Service (DOS) attacks. As a major ISP, Comcast must spend a lot of effort trying to detect forged packets and block them from the network. It seemed unlikely that an ISP would stoop to using such tactics itself.

It seemed more likely that the forged packets were being generated by the MPAA or RIAA, or by the sleazy companies that they hire to do their dirty work.

However it is becoming increasingly clear that Comcast is responsible. Tests by the EFF and IBM show forged packets being used to interfere with other P2P applications and with Lotus Notes. (In the case of Notes, sending a large email attachment over a Comcast link will produce forged packets that will give you a dropped connection.)

It is not reasonable to imagine that the RIAA is trying to block Notes. This has to be Comcast, blindly attacking anything that generates a lot of network traffic.

Comcast has issued a weasle-worded non-denial: “Comcast does not block access to any applications, including BitTorrent.” (They don’t say anything about disrupting it.) “Comcast uses the latest technologies to manage our network to provide a quality experience for all Comcast subscribers.” Orwell would smile.

Whatever your opinion about the right of ISPs to assign different priorities to different types of traffic, this is clearly another issue. Generating forged packets that appear to be from another user is no more ethical than forging letters from someone else. It is probably illegal under various anti-hacking laws. If it is not, this is a loophole in these laws that should be closed.

If your monopoly network service provider can insert forged packets into your converstation for the purpose of “network management,” there is really nothing to keep them from doing so for other purposes. Perhaps next they will insert text into a news story that you are reading to make it more favorable to Comcast.

As our society becomes more and more dependent on the Internet it is increasingly important that ISPs transmit all communications accurately and reliably, without censorship or interference. Nothing less can be tolerated. Otherwise they will end up owning us, regulating what we can see, hear, say or do.

(via Ars Technica.)