October 20, 2007 | By Peter Eckersley

Comcast is also Jamming Gnutella (and Lotus Notes?)

Yesterday, we posted about some experiments showing that Comcast is forging packets in order to interfere with its customers' use of BitTorrent. There have been reports of strange things happening with other protocols, and we've been running some tests on two other file transfers protocols in particular — HTTP (which is used by the World Wide Web) and Gnutella. Comcast has also been strenuous in telling us, "we don't target BitTorrent". Perhaps not. Perhaps what they're doing is even worse.

In the limited tests we ran, we didn't see any interference with HTTP traffic. Comcast's network seems to behave correctly when you run a private web server and share a few of your photos or videos over it (we tested files up to about 25MB).

But when you try to run a Gnutella P2P node on your machine, things start getting strange. Gnutella operates in two stages: first of all, your node starts a conversation with other nodes on the network. Once that conversation is happening, nodes can say things to each other to organise searches for and downloads of files. We saw forged TCP reset packets that stop some of the nodes from being able to converse with each other in the first place.

Forged reset packets are normally the kind of thing that would only be present if a hacker was attacking your computer, but in this case, it's the ISP you pay money to each month that is sending them.

Strangely, the packet forgery only occurs when a non-Comcast node is trying to start a conversation with a Comcast customer's Gnutella node. If the Comcast customer starts the conversation, there is no Reset packet. This means that Comcast customers will not see Gnutella fail entirely — the network just doesn't work properly.

It isn't just BitTorrent and Gnutella that are affected. Kevin Kanarski has reported that Lotus Notes (a suite of software that many businesses use for email, calendaring and file sharing) is also being interfered with. We haven't tested this ourselves yet, but Kanarski's packet traces look a lot like the ones we've collected with BitTorrent and Gnutella.

When an ISP starts arbitrarily zapping some of the protocols that its customers use, they instantly endanger the cascade of innovation that the Internet has enabled. Before this kind of traffic jamming, anybody — huge businesses, small start-ups, college students and children in their bedrooms — could build new, innovative protocols on top of the Internet's TCP/IP platform.

If this type of conduct is allowed to continue, many innovators will have to get active assistance from an ISP in order to have their protocols allowed through the ISP's web of spoofing and forgery. Technologies like BitTorrent and Joost, which are used to distribute licensed movies and are in direct competition with Comcast's cable TV services, will be at Comcast's mercy.

It should also be remembered that in many parts of the United States, Comcast is a duopoly or even a monopoly provider of broadband Internet access. Competition might offer some protection against packet-forging ISPs, but under current market conditions, we can't depend on it.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Look out weekend! Check out the cross-platform video games in Humble Indie Bundle 15 & support EFF's work: https://www.humblebundle.com/

Oct 9 @ 4:58pm

The leaked TPP IP chapter reveals how negotiators have caved to Hollywood demands and betrayed Internet users. https://eff.org/r.do9g

Oct 9 @ 4:30pm

One more California victory for privacy! @JerryBrownGov vetoed bill to put RFID chips in driver licenses: https://eff.org/r.qn8c

Oct 9 @ 4:20pm
JavaScript license information