[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Comcast throws down gauntlet to residential accounts

     I'm not spitting nails now, so I guess I've calmed down enough to post
this message.  Friday, while waiting for Comcast to get its act together to
deal with registration problems involving the replacement cablemodem they
brought here (still not resolved), I received the monthly call from their
insecurity division, claiming that my computer was "infected with malicious
software".  Yeah, right.  I informed the person that their monthly harassment
calls about something they obviously knew nothing about were not appreciated.
To date, they have never provided so much as an IP address or a port number
that supposedly had been attacked in any way from my system.  The person then
claimed that my system had been "connecting to botnets", but was unable or
unwilling to support that claim with any evidence and unable or unwilling
to provide even a port number via which the alleged connections had been
made.  (All of the port numbers allowed in my exit policy are reserved port
numbers by IANA or are tor-related ports or are other special purpose ports
limited to particular IP addresses, so they are all legitimate.)  That leaves
only DoS attacks, and it is difficult for me to imagine conducting any
effective DoS attacks via tor because of slowness of doing anything over tor.
I repeatedly offered to close any exit ports that had been affected, but that
they would have to tell me which ones those were.  The person refused.  I was
also told that IP addresses of the supposedly attacked systems or of the
supposedly contacted botnets could not be provided to me either.  (It was not
clear whether the alleged complaints came from the alleged botnet operator(s)
or from the supposed targets of the alleged botnets, but it struck me as
bizarre that a botnet operator would file a complaint with an ISP alleging
interference with the botnet.  I'm quite suspicious that Comcast has made the
whole thing up out of thin air.)
     Next, the conversation took a turn in a different direction.  I was told
that port 443 (my relay's DirPort) was "open facing the Internet", i.e., that
a program was actually listening on that port via the interface that connects
to the cablemodem.  I was told that having *any* ports "open facing the
Internet" was a violation of Comcast's Acceptable Use Policy (AUP) for
residential accounts.  During this part of the conversation I told the person
to look at www.torproject.org.  This turned out to be a mistake, probably
because the web pages there have never been updated to replace the client-
server terminology with router terminology, so the person was immediately
convinced that I was running a "server", which the person claimed was a
violation of the AUP.  This means, of course, that one cannot even run sshd
on one's system to allow secure logins from other locations to one's own
computer.  I was told that I would need to upgrade to a Comcast business-class
account if I were going to run a "server", by which they meant having any
program(s) listening on ports accessable from the Internet.
     Please note that Comcast is now running port scanners against their
customers' IP addresses to determine whether anything is listening on any
ports at those addresses.  The person I spoke with did so while talking with
me, but had already seen port scan results before calling me.  I do not know
whether they scan the full range of possible port numbers or only a subset.
The person kept mentioning that 443 was "open", but never mentioned 995,
which was the ORPort and was getting the vast majority of the traffic.
     The net result of that conversation was that I had the choice of shutting
down my relay, MYCROFTsOtherChild, or having my account terminated for a
minimum of 12 months.  I chose the former, at least while I investigate other
options, of which there are only two or three at my location.  A minimal
Comcast business account will cost $60/mo. and require either a 12-month
contract with an installation fee of over $200 or a 24-month contract with
no installation fee.  However, the Comcast business service does not *yet*
have a monthly cap, whereas I've had to throttle my relay quite severely the
past several months due to Comcast's bait-and-switch of last year when the
service sold as being "unlimited" suddenly got a 250 GB/mo. cap imposed last
October.  (Currently, I pay $40/mo. + $3/mo. for cablemodem rental and have
no contract.)
     Verizon residential service is only available at my location if I also
buy their telephone service, the combination of which would cost ~$80/mo. and
also require a 12-month contract.  I have yet to get the details on Verizon
business-class service, but it seems unlikely to be any cheaper.  Verizon's
residential service does not currently have a cap, but I don't know whether
they prohibit listening on ports accessable from the Internet.
     I exist on a shoestring, and even an increase of $17/mo. will come out
of my food intake each month, which already averages about 1.5 meals/day.
If I can manage to revive MYCROFTsOtherChild in the near future, I will do
so, but I don't yet know whether that will be feasible, and it may take a
while to make it happen even it can be done.
     Meanwhile, I see my Comcast addresses of relays on the tor status page,
and I suspect that not all of them are on Comcast business accounts.  If you
are a tor operator on a Comcast residential account, be advised that your
relay's days on that account are probably numbered, so you ought to begin
looking for a different arrangement before they call to threaten you, too.
Now that Comcast has become one of the 800 lb. gorillas among ISPs in the
U.S., it has apparently become an enemy of Internet growth, probably to
preserve its market share without having to invest competitively to keep up
with growth.  They apparently do not run Quality of Service software on
their routers, which is part of the reason they think they need to have a
250 GB/mo. cap on residential accounts, the other part being their presumed
need to inhibit Internet growth.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *