alocke79 Posted September 21, 2009 Share Posted September 21, 2009 Myself and 2 others are about to start working on a project to build a linux based router. The specific purpose of this box will be to block the reset packets or commands used by Comcast and other ISPs to throttle specific types of traffic, usually file sharing, and force resets of customer owned commercial routers. Comcast still uses Sandvine I believe. I have read stories on the web of success and failures based on ISP and region. Has anyone had any experience with this? I don't believe its as simple of blocking a specific port. Will update this thread as progress is made. Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 21, 2009 Share Posted September 21, 2009 If an ISP crafts a reset packet pretending to be from the connections intended recipient... it will be as genuine as a packet can be. You can't block these, all you can do retry and hope they don't intercept your connection next time. Stopping an ISP from throttling particular types of traffic will basically require you take control of the infrastructure. You can do some things to make it harder for the ISP, but the ISP ultimately has control. The use of TOR or other encrypted proxy services will be the ultimate way to circumvent the throttling imposed on one type of protocol, but that doesn't stop an ISP from throttling the traffic that connects you to your encrypted proxy service or not. Quote Link to comment Share on other sites More sharing options...
alocke79 Posted September 22, 2009 Author Share Posted September 22, 2009 True. Throttling is not blockable, nor can you do anything about interruptions between yourself and the host you are connecting to. However, specifically the TCP RST commands they somtimes send directly to your router when your connections get to a certain level of excessive can be manipulated by a router capable of running IP tables. Specifically the software package called Sandvine, used by Comcast and Time Warner. I will find the links I was looking at early last week at work for reference. Quote Link to comment Share on other sites More sharing options...
alocke79 Posted September 22, 2009 Author Share Posted September 22, 2009 http://forum.prisonplanet.com/index.php?topic=80256.0%3Bwap2 The workarounds are primitive or additionally costly. Both are imperfect. But in the DC area, Comcast is so bad that downloading a ISO of Ubuntu in bittorrent will cause at least 3-7 resets of my TCP connection in the 30-40 minutes it takes to download a well seeded torrent of 1gb or less. Each time resulting in firewall and Wireshark logs filled with RST SYN and RST ACK entries. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.