Comcast also screwing with Gnutella and Lotus Notes (!?!)

EFF's staff technologists, Seth Schoen and Peter Eckersley, have been running experiments on Comcast's network. They've discovered that Comcast isn't just screwing around with BitTorrent packets, they're also jamming Gnutella and (according to another researcher) Lotus Notes packets. Lotus Notes! As in, corporate enterpriseware that suits use to synchronize their projects.
But when you try to run a Gnutella P2P node on your machine, things start getting strange. Gnutella operates in two stages: first of all, your node starts a conversation with other nodes on the network. Once that conversation is happening, nodes can say things to each other to organise searches for and downloads of files. We saw forged TCP reset packets that stop some of the nodes from being able to converse with each other in the first place...

It isn't just BitTorrent and Gnutella that are affected. Kevin Kanarski has reported that Lotus Notes (a suite of software that many businesses use for email, calendaring and file sharing) is also being interfered with. We haven't tested this ourselves yet, but Kanarski's packet traces look a lot like the ones we've collected with BitTorrent and Gnutella.

Link (via Isen)

See also:
Why Comcast's BitTorrent-fux0r is bad for quality of service How the AP busted Comcast for blocking BitTorrent
Comcast actively blocks P2P traffic



  1. They might be blocking gnutella as it is being used for command and control of the storm worm et al. That is, naturally, an over reaction, but it is not as if they like P2P networks anyway.

  2. what possible reason would the be messing with Lotus Notes? if true, i will be on Verizon FIOS fast as will many other IBMers.

  3. “what possible reason would the be messing with Lotus Notes?”

    Can you say industrial espionage? I knew you could.

  4. They may be doing the same thing that Rogers Cable in Canada has been doing: throttling encrypted traffic. One of the ways to get around the bittorrent blocking is to encrypt your torrent packets. Rogers Cable’s solution to that was to throttle encrypted traffic which also slows down ssh sessions and a bunch of other things. I expect that Lotus Notes traffic is encrypted.

  5. I’ve been reading posts from Comcast customers who use Apple’s iChat for video conferences. According to them, the image quality becomes degraded to the point where the conferencing can’t continue.

  6. Thorzdad (#6): It’s apparently because iChat (trying to be as auto-configuring as possible, like many Apple products) checks the end-to-end bandwidth at the start of the conference and tunes its settings appropriately. Then, a few minutes later when Comcast starts whomping your throughput with their traffic shaping, you’re trying to shove 500kbps through a “192kbps” connection…and your video quality goes to hell.

    The “fix” is to tell iChat to use a bandwidth limit of 200kbps (it’s in Preferences → Video) so that it doesn’t think it has a fast pipe.

    The fix is to get a different Internet provider, if you can; between cable monopolies and Verizon yanking copper pairs during FiOS installs, you may not have much of an option….

  7. i cancelled my Comcast several months ago because i had terrible third-party VOIP problems. inspecting the SIP control packets and QOS data with ngrep revealed likely bogus ‘network congestion’ messages. considering nothing else was using my line and Voxbone is a world class service which ive had no problems with on other networks, its either a horrible ‘traffic shaping’ experiment gone wrong, or a bug in one of their filtering systems, or g-d knows what..

  8. This is starting to sound more like cock-up rather than conspiracy with every report. It’s probably due to aggressive traffic shaping and a lack of knowledge of uncommon (on a domestic network at least) applications. Notes uses port 1352 for general communication, 389 for LDAP and 993 and 995 for IMAP and POP3 with SSL and its replication processes could be mistaken for some kind of peer-to-peer networking as they do shift a fair bit of data around on strange ports. Still, Comcast seem not to be providing a ‘complete Internet experience’ (to use appalling marketspeak) over and above fair use.

  9. Aggressive traffic shaping, indeed. Maybe the hackerboys can try to find a way to have their P2P connections look like Lotus Notes connections, in hopes of some eventual ‘fix’.

    Cory, why is mention never made in these articles of Rogers Cable? They’ve been doing this same thing up here for a long time now. You’re originally from Toronto.. no love for your old hometown?

  10. Speaking as a person who has had to use it for almost ten years, I think that if Comcast killed Lotus Notes, it would be a good thing.

  11. beerzie: Speaking as a person who has had to use it for almost ten years, I think that if Comcast killed Lotus Notes, it would be a good thing.

    Comparable to the Nazi death camps also killing one or two people who had otherwise gotten away with murder….

    (Yes, I have just Godwinned the thread.)

  12. From my own experience, Comcast seem to be hammering all upstream encrypted traffic. Its plainly visible when transferring anything over ssh, especially using scp which prints the data transfer rates.

    The pattern is that the transfer starts at full speed (close to the advertised uplink speed) and then after a few humdred KB dips dramatically down to less than a fifth of the nominal speed.

  13. I’ve also seen Comcast breaking ED2K through RST spoofing, on and off for several months — it’s pretty much unmistakable. For more details, the magic word to google is “Sandvine”.

Comments are closed.