Begin forwarded message:
From: Jean Camp <ljeanc@gmail.com>
Date: February 14, 2008 10:57:38 AM EST
To: dave@farber.net
Subject: Re: [IP] Comcast FCC filing shows gap between hype, bandwidth reality
This is ironically exactly the mechanism used by the Great Firewall of China. When China does it, we call it "censorship" . \
Details on the use of TCP resets and how users can ignore forged TCP resets are here:
Richard Clayton, "Ignoring the Great Firewall of China", 6th Workshop on Privacy Enhancing Technologies, Cambridge UK, June 2006
" Abstract The so-called "Great Firewall of China" operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST flag set) are sent to both endpoints of the connection, which then close. However, because the original packets are passed through the firewall unscathed, if the endpoints completely ignore the firewall's resets, then the connection will proceed unhindered. Once one connection has been blocked, the firewall makes further easy-to-evade attempts to block further connections from the same machine. This latter behaviour can be leveraged into a denial-of-service attack on third-party machines. "
On Feb 14, 2008, at 10:07 AM, David Farber wrote:
How does the delay work? Exactly as the AP and the EFF have claimed: TCP reset packets. These are generated from Comcast's network management hardware and tell the uploading computer that some sort of error has developed in the connection and that it needs to start over.According to Comcast, "it is not accurate to describe these reset packets as 'forged'," though it doesn't say why. (To the uploading computer, the packets appear to come from the machine on the other end of the connection.) Comcast also calls critics guilty of "inflammatory hyperbole" on this point.