Jump to content

Linux Based Router To Block ISP Reset Packets/Commands


alocke79
 Share

Recommended Posts

Myself and 2 others are about to start working on a project to build a linux based router. The specific purpose of this box will be to block the reset packets or commands used by Comcast and other ISPs to throttle specific types of traffic, usually file sharing, and force resets of customer owned commercial routers. Comcast still uses Sandvine I believe.

I have read stories on the web of success and failures based on ISP and region. Has anyone had any experience with this? I don't believe its as simple of blocking a specific port. Will update this thread as progress is made.

Link to comment
Share on other sites

If an ISP crafts a reset packet pretending to be from the connections intended recipient... it will be as genuine as a packet can be. You can't block these, all you can do retry and hope they don't intercept your connection next time.

Stopping an ISP from throttling particular types of traffic will basically require you take control of the infrastructure. You can do some things to make it harder for the ISP, but the ISP ultimately has control. The use of TOR or other encrypted proxy services will be the ultimate way to circumvent the throttling imposed on one type of protocol, but that doesn't stop an ISP from throttling the traffic that connects you to your encrypted proxy service or not.

Link to comment
Share on other sites

True. Throttling is not blockable, nor can you do anything about interruptions between yourself and the host you are connecting to. However, specifically the TCP RST commands they somtimes send directly to your router when your connections get to a certain level of excessive can be manipulated by a router capable of running IP tables. Specifically the software package called Sandvine, used by Comcast and Time Warner. I will find the links I was looking at early last week at work for reference.

Link to comment
Share on other sites

http://forum.prisonplanet.com/index.php?topic=80256.0%3Bwap2

The workarounds are primitive or additionally costly. Both are imperfect. But in the DC area, Comcast is so bad that downloading a ISO of Ubuntu in bittorrent will cause at least 3-7 resets of my TCP connection in the 30-40 minutes it takes to download a well seeded torrent of 1gb or less. Each time resulting in firewall and Wireshark logs filled with RST SYN and RST ACK entries.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...