I think you might have skipped over my post? They're not hacking your data stream, just profiling your traffic, and resetting your *TCP* connection. Whatever you're running over that connection, BT or not, encrypted or not, is shot down.

Bah.

As I said, a TCP RST (reset) flag is sent and your machine drops the connection.

*shrug*

I believe something is happening, but not as described.

Look, you have to understand that I'm a skeptic at heart, and a journalist as well. In the same way that no "news story" ever reported by the Register or similar rags will ever be "true" in my book, regardless of its veracity, because of their record of printing fiction as news... this story smacks of bullshit.

Let me explain.

If you say to me "the other day, I felt a strange feeling, and all of a sudden a monkey clawed its way out of my ass. Then, a flock of pigs flew by! After that, I saw Paris Hilton giving a dissertation on particle physics, and to top it all off Britney Spears was there, playing with her kids and being a great mom! Oh, and by the way the price of milk went up to $4 a gallon."

Everything you've said is a lie, or unprovable, or highly improbably... so then you get to the milk thing. It's true, but I don't care any more because you're a liar. *shrug*

SOOOOO when they say:

- Comcast is hacking BitTorrent (not likely)
- Oh wait, no see they're sending a TCP Reset (possible)
- They're only sending it when you're seeding (how would they know? utter rubbish)
- They're doing it when you're seeding in eMule too (again, how would they know?)
- They have magic software that KNOWS WHAT YOU'RE DOING WAAAAAAAAAAAAAAH! (crap)

So there's ONE potentially truthful statement amongst a pile of rubbish. I'm not going to sort through the rubbish to get to the nugget, which might or might not be rancid.

There is NO WAY for them to know when you're seeding or not seeding. Just no way. There's ALSO no way for them to tell when you're seeding in eMule, in Kazaa, in Limewire, etc.

So the article is 99.99% crap. Are TCP Resets being sent? Maybe, but the rest of the article is so much crap that I must assume it's ALL crap until shown otherwise.

That's the problem with "journalism" and "reporting" on the Intarwebz. It's crap.

See, and I read it on heise.de, which is very trustworthy (and thus sometimes a bit slow), and I only read about the TCP RST thing. I think somebody is confusing "seeding" with "uploading", whether that's intentional or not. Traffic shaping against eMule is done by some german providers since quite a while, so it is certainly possible. I don't know if this can be circumvented by using different ports; I doubt it's that easy though, because then it wouldn't be a big deal, which it actually is for users on those networks.

Traffic shaping is something else entirely, and happens all the time. The "knowing what you're uploading and who you're uploading to and magically making it stop" is what I call BS on.

You should spend your time reading up instead of denying. First off, the link that started this discussion is to an Associated Press article, not the Register. Second, it's not "oh wait," it's "Gurm didn't understand it the first time."

You're ignoring the evidence: not only anecdotes, but packet traces.

And it's VERY easy to identify BT traffic. Nothing profiles like it. The only thing that seems easier to profile is Skype - it has a very unique signature, I'm told.

Whoever in this thread here said anything to that effect? They block torrent uploads, regardless of what is uploaded (AP tested with a copyright-free bible) by making your computer think its packets get nowhere.

I thought it was very hard to effectively block Skype, at least ithout packet analyzing, because of all the troubles it goes through to get through firewalls, NATs etc. (UDP hole punching, trying very large port ranges when ports appear to be blocked, etc.)

I was talking to some network security guys about it. If there's a Skype machine on the corporate network, they usually can tell pretty quickly, and target the machine for some remote administration.

I'm not misunderstanding. The article claims that they know whether you're downloading that torrent or just uploading it.

That's "magic", because there's just no way to tell how much of your inbound torrent traffic is torrent X and how much is torrent Y.

The article says over and over that if you're downloading it works fine, but "seeding" is what breaks. How do they KNOW you're seeding? Virtually ALL p2p'ers have multiple streams going, multiple files running at once, up AND down. Everyone has both inbound and outbound, all the time. So what this magic software does, then, is somehow susses out which of your torrents you're seeding, which of your eMule downloads you're done with, and when you're done with all your downloads it BREAKS your connection?

It's still "magic", and "magic" doesn't happen on networks.

I believe a reset is being sent. Absolutely. I just don't believe it happens by magic.

Gurm, go read up on NBAR and PISA.

It does exactly this "magic" that you are so ignorantly denying.

Basically what all of this is saying is that we can know exactly what kind of traffic it is down to a single bit in the data portion, not to mention the actual non-data portion of the packet.

EDIT: Forgot to say that not only can we figure out what kind of traffic it is, but we can then do anything we want with it.

Y'all might find the following of some interest:

http://www.techreport.com/discussions.x/13456

So if you torrent the way you're supposed to - by leaving the torrent running for a long time after you finish downloading - it works fine? TO THINK!