The Comcast Debacle for the Layperson
Since the whole Comcast / Bit torrent has hit the news wires, confusions about what is really happening, and how it happens to be somewhat illegal abound. I'm writing this primer on the particulars on what happens and where things go really wrong.
This is a complex matter, so instead of griping about the dearth of information on what really happens, I'll try my best to document things as I see them.
I'm splitting things up in two sections. REAL and ANALOGY. If the first bit confuses, try the analogy section and see if that helps any. If you have any input on this article or need more information, please reply to this thread over at KCT, or log in with your OpenID account and reply.
First, we'll need a primer on the TCP/IP connection to make the following somewhat more clear to the layperson.
TCP/IP CONNECTIVITY PRIMER
-REAL-
Each IP address on the Internet contains 65535 ports which to access information from. The more popular ports which to send and receive information will be port 80 (HTTP) and port 443 (HTTPS). However, there's still a lot of ports out there in which applications can communicate to each other across the net. Bit Torrent (hereafter BT) binds to ports 6881-6999 and uses them exclusively as transport and communication. This is TCP communication and not UDP communication.
For one system to communicate with another, it requires a specific set of flow control to happen from the initiating system to the server. Assume the one on the left is our client trying to connect to a BT server
[SYN] –>
<–[SYN/ACK]
<–[Communication happens]
[Communication happens]–>
[FIN] –>
<–[FIN]
There's a number of TCP/IP Packet primitives, but here's the ones that I'll be using:
SYN – SYNchronise Packet
ACK – ACKnowledge packet
FIN – No more data from sender
RST – Reset the connection
-ANALOGY-
Take two companies that are trying to communicate to each other via telephone. Both companies have main telephone numbers with a nearly unlimited number of extensions which you can talk to anyone. Normally, x80 and x443 are the most popular, since those both go to the help desk. Mr. Bit Torrent is a busy man, so he has extensions 6881 all the way through to 6999.
For people to talk on the phone, there must me a standard method of communication. Assume that the one of the left is someone who is trying to talk to Mr. Bit Torrent about a business deal
[HELLO?]–>
<–[HELLO, I AM MR BIT TORRENT! THIS IS WHAT I DO ALL DAY (blah blah blah)]
<–[Communication happens]
[Communication happens]–>
[OK, I HAVE TO LEAVE, GOODBYE!] –>
<–[GOODBYE!]
So, that's a normal communication flow in a standard communication that happens trillions of times a day. Now, let's take a look at a (very legal) blocking scenario which Comcast could have performed, but did not.
LEGAL BLOCKING
Blocking two ports can be performed via a firewall, or at the router level. If you do not allow those ports, then no information will be sent via the upstream networking equipment.
-REAL-
[SYN] –> |FIREWALLED| (nothing gets out)
The packets get dropped to the floor and the standard TCP/IP handshake fails. There are methods of circumventing this method- namely by using different TCP/IP ports altogether.
-ANALOGY-
This is easy, call Mr. Torrent's extension and you get a busy signal. Try all of his known extension and get the same busy signal. The only way to make this work otherwise is call a different extension and hope that Mr. Torrent happens to pick up. Since there are 65535 extensions, good luck!
COMCAST (ILLEGAL) BLOCKING
Comcast has went with a different methodology in which they actively break TCP/IP communications via injecting a errant [RST] packet to both the sending and receiving addresses. This is called a MITM (Man-In-The-Middle) Attack. This particular attack is completely unneeded and puts them in liability position since Comcast is masquerading as both ends of the connection and resetting the connection altogether.
-REAL-
[SYN] –>
<–[SYN/ACK]
<–[(Comcast) RST]
[(Comcast) RST]–>
(Connection hits the floor on both sides)
-ANALOGY-
[HELLO?]–>
<–[HELLO, I AM MR BIT TORRENT!]
<–[I'M TERRIBLY BUSY AND CANT TALK ANYMORE! (using Mr. Torrent's voice)]
[I'M TERRIBLY BUSY AND CANT TALK ANYMORE! (using your voice)]–>
(everyone hangs up)
As you see, Comcast is *spoofing* the communication between systems, 'lying' to the other system, and then forcing them to drop the connection. Again, if the relevant ports were blocked, then there would be no liability issue. However, since Comcast makes a point of entering into the conversation and posing as each party, this is fraud and quite illegal.
If Comcast were simply prioritizing packets, that would be one thing. However, the contention is they are spoofing packets back to the clients. Think of it this way, you type in a web address and get back an error message saying the host wasn't available and that error was being generated *by the carrier*, and not the actual website. In that case, the carrier is impersonating the destination and returning false information.
Comcast claims they are not doing this, although some critics have claimed they have irrefutable proof that they are in fact doing that.
Hope this helps.
tom
QnA
What I don't understand is how they can tell what your downloading. Or they can't? They just mess with you if you're downloading anything at all? And who the hell are THEY to police what we do with our (often expensive) cable service?
Since there were reports of people using Lotus notes having problems as well, I can only assume that they are not detecting packets individually (that's something called SPI – Stateful Packet Inspection), but rather just resetting connections if they happen to come across those high ports instead. Using SPI is expensive in terms of time and processing power, whereas just blanket resetting of high port connections is pretty trivial to accomplish.
So basically, if anything hits ports in those regions, Comcast will send a RST to the connection, breaking it. I must strongly reiterate that them performing this is still defrauding users and opening themselves up to liability issues. Block it or don't. But don't play games with the TCP/IP stack in the process.
Links
* http://blog.wired.com/monkeybites/2007/08/its-comcastic-i.html