This is ironically exactly the mechanism used by the Great Firewall of China. When China does it, we call it “censorship”.She points to a paper that details that the Great Firewall of China uses exactly the same forged TCP Reset method that Comcast uses, and how to work around such damage:
— Re: [IP] Comcast FCC filing shows gap between hype, bandwidth, Jean Camp, Interesting People, 14 Feb 2008
“Abstract The so-called “Great Firewall of China” operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST flag set) are sent to both endpoints of the connection, which then close. However, because the original packets are passed through the firewall unscathed, if the endpoints completely ignore the firewall’s resets, then the connection will proceed unhindered. Once one connection has been blocked, the firewall makes further easy-to-evade attempts to block further connections from the same machine. This latter behaviour can be leveraged into a denial-of-service attack on third-party machines.”Comcast, even after admitting to the FCC that it uses TCP Resets that appear to come from the other party in a P2P interchange, continues to obfuscate the issue, claiming that that’s not forged and that it’s legitmate network management. I wonder if Comcast will ever get around to admitting a few points:
— Richard Clayton, “Ignoring the Great Firewall of China”, 6th Workshop on Privacy Enhancing Technologies, Cambridge UK, June 2006
- If a packet is deliberately injected into the network to look like it came from some other party, that’s forged.
- There are other network management techniques that are legitimate that Comcast could be using (if Comcast first told its users that it would be using them).
- People wouldn’t be objecting nearly so much to what Comcast is doing if it had said up front that it would do it. When Verizon advertised unlimited service yet terminated customers for using “too much”, New York State fined Verizon a million dollars. How is what Comcast is doing not similar false advertising?
- If we had real competition in first-mile ISPs in the U.S., users could vote with their feet on whether they thought Comcast was providing value for their customer money even while forging packets to terminate the user’s communications.