fieldju Posted November 3, 2007 Report Share Posted November 3, 2007 here is something that i found on a site that I am a member ofmy suggestion is to incorperate the solution below as a check box option into uTorrentthus solving the comcast throttling issue for all uTorrent Users----------------------------------------------------------------------------------Here's a tut from the SBH threads! Hope this helps ya'll on Comcast!A bit of a background to Comcast's Sandvine:Comcast is blocking P2P traffic by using something called a Sandvine. Comcast searches for connections for file-sharing networks. When it finds a connection, comcast sends a "RST" packet to both your computer and the computer you are connecting to. The RST packet is telling both computers to "Reset" or "Close" the network connection. Thus, blocking any data from being sent over the connection. What this tutorial does here is sets your computer up to ignore any RST packets on your bittorrent port. DO NOT IGNORE RST PACKETS ON ALL PORTS - ONLY DO IT ON YOUR BITTORRENT PORT.Make sure you ask questions here before doing anything you are unsure of. You have the ability to completely cut yourself off from the internet using this.ALSO NOTE: You must use a single port for using bittorrent. THis will not work if you have your client use a "random" port.------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Important!This isn't just for Comcast users. It appears that sandvine sends RSTs to both the seeder and the leecher. Therefore, if you want to download from anyone who is on comcast, you have to do this fix, or something similar, as well.-----------I know there are a lot of us using comcast, and the tutorial (http://redhatcat.somewhere.com/2007/09/beating-sandvine-on-windows-with-wipfw.html) leaves out some important stuff... but not to fear, here's a complete guide to setting up WIPFW on Windows 2000 and XP. If you're having any problems, post 'em here and I'll have a solution for you in no time.You MUST do this at a local console, as it will block all VNC/Remote Desktop connections by default.This has only been tested on Windows 2000 & XP, with Vista YMMV.Step 1:Download WIPFW from sourceforge http://downloads.sourceforge.net/wipfw/Step 2:Unzip to C:\Program Files\WIPFWStep 3: If you want a "default deny", double click "install-deny.cmd". Network activity WILL be cut off at this point.If you want a "default allow", double click "install.cmd".A default deny means that ALL data will be BLOCKED by default. If you are behind a router (or any other firewall) that has a firewall already built in, use default allow (Because your router is blocking the bad stuff anyway).Step 4 (Windows XP only):Start -> Control Panel -> Security Center -> Windows FirewallTurn Windows Firewall OFF and click OKThen, in the security center, click "Recommendations..." under the (now red) firewall header.Check "I have a firewall solution that I'll monitor myself" and click OKStep 5: Save the following text in the file %systemroot%\System32\drivers\etc\protocol (%systemroot% is the windows directory). NOTE: This text may already be there. If so, just ignore this step.QUOTE(protocol)# Copyright © 1993-1999 Microsoft Corp.## This file contains the Internet protocols as defined by RFC 1700# (Assigned Numbers).## Format:## <protocol name> <assigned number> [aliases...] [#<comment>]ip 0 IP # Internet protocolicmp 1 ICMP # Internet control message protocolggp 3 GGP # Gateway-gateway protocoltcp 6 TCP # Transmission control protocolegp 8 EGP # Exterior gateway protocolpup 12 PUP # PARC universal packet protocoludp 17 UDP # User datagram protocolhmp 20 HMP # Host monitoring protocolxns-idp 22 XNS-IDP # Xerox NS IDPrdp 27 RDP # "reliable datagram" protocolrvd 66 RVD # MIT remote virtual diskStep 6:Open C:\Program Files\WIPFW\wipfw.conf in notepad and replace the contents with the following:NOTE: Make sure you replace "*****" with the port that your bittorrent client uses!If you are using the Default Deny:QUOTE################### wipfw.conf# Replace ***** with your bittorrent port################### First flush the firewall rules-f flush# Localhost rulesadd 100 allow all from any to any via lo*# Prevent any traffic to 127.0.0.1, common in localhost spoofingadd 110 deny log all from any to 127.0.0.0/8 inadd 120 deny log all from 127.0.0.0/8 to any in# Drop incoming packets with RST flag on BitTorrent port# This is what thwarts Sandvine.add deny tcp from any to me ***** tcpflags rst# Setup stateful filteringadd check-stateadd pass all from me to any out keep-stateadd count log ip from any to any# Allow new incoming BitTorrent connectionsadd pass tcp from any to any *****add pass udp from any to any *****If you are using the Default Allow:QUOTE################### wipfw.conf# Replace ***** with your bittorrent port################### First flush the firewall rules-f flush# Drop incoming packets with RST flag on BitTorrent port# This is what thwarts Sandvine.add deny tcp from any to me ***** tcpflags rstStep 7:If you are using a default deny, you will have to change the config to allow other network data through your network with any of the following rules (just add these rules to the end of wipfw.conf)QUOTE(File & Print Sharing)#Replace 192.168.0.0/24 with your local subnet and mask# Allow Microsoft SMB file sharing w/ NetBIOSadd pass tcp from 192.168.0.0/24 to me 135-139add pass udp from 192.168.0.0/24 to me 135-139# Allow direct-hosted SMB w/out NetBIOSadd pass tcp from 192.168.0.0/24 to me 445add pass udp from 192.168.0.0/24 to me 445QUOTE(VNC)# Enable VNCadd pass tcp from any to me 5800-5801add pass tcp from any to me 5900-5901QUOTE(Remote Desktop)# Allow RDP/Terminal Services connectionsadd pass tcp from any to me 3389QUOTE(SSH server)# Allow incoming SSHadd pass tcp from any to me 22QUOTE(DNS server)# Allow incoming DNSadd pass udp from any to me 53QUOTE(Web server)# Allow incoming WWWadd pass tcp from any to me 80QUOTE(FTP server)# Allow incoming FTPadd pass tcp from any to me 21More ports for other network services can be found here.Save wipfw.conf when you're done.Step 8:Start -> RunType CMD.exe and press enter.run the following two commands>net stop ipfw>net start ipfwAll done!---------------------------------------------------------------------------------- ********* PLEASE NOTE **********the above solution only will work if apllied on a global scale because Quote:As per my understanding of Sandvine, it only works if everyone install that kind of fix. From what I've read, Sandvine sends a perfectly forged RST(-flagged) packet to both parties, which makes both users believe the other one wants to disconnect, e.g.A to B: "gtg, bye"B to A: "gtg, bye"If A installs the fix, A will disregard the RST flag allegedly sent by B, knowing that it's actually Sandvine messing with them.But if B does not have a similar fix, B will not disregard the flag and will disconnect from A.Therefore, both A and B must disregard those packets. Quote:Maybe someone should make a quick App that that only does the "add deny tcp from any to me ***** tcpflags rst" so that non-computer litterate peeps can just install it as a utorrent pluginn or parhaps utorrent can add it in as an option such as they have with encryption, because from what I have read comcast does not internally forge rst packets meaning they do nothing to block traffic from one comcast user to another comcast user. so all parties on the torrent need to be block the RST packets on the uTorrent port Link to comment Share on other sites More sharing options...
Switeck Posted November 4, 2007 Report Share Posted November 4, 2007 This probably won't work, as the OTHER ends of your connection is ALSO sent connection resets. Link to comment Share on other sites More sharing options...
fieldju Posted November 4, 2007 Author Report Share Posted November 4, 2007 you didn't read the whole post because that issue is addressed at the begining and at the end. Basically to sum it up if the solution was intergraded into uTorrent it would work for anyone who used uTorrent. A very large majority of torrent users use uTorrent so it would make a big difference and other clients would follow the lead.I fully believe this is a viable solution to the Comcast Bittorrent Throttling / Blocking issue. Link to comment Share on other sites More sharing options...
Switeck Posted November 4, 2007 Report Share Posted November 4, 2007 You're right, if alot of people did this it would help. Link to comment Share on other sites More sharing options...
Honeyfrog Posted November 4, 2007 Report Share Posted November 4, 2007 Here's a proposal that, if implemented, would aid every future-version uTorrent user without them having to screw around with anything. Link to comment Share on other sites More sharing options...
Gish Posted November 8, 2007 Report Share Posted November 8, 2007 fieldju its working for me but I'm getting Huge up and down speeds. one minute its 40 to 100 kbps then 0 for like 60 seconds.but this is good.... right after I did this my uploads actually started uploading:)Thanks for thisEdit:so now its back to the way it was before..do I need to redo this process? Link to comment Share on other sites More sharing options...
torrenteer Posted November 13, 2007 Report Share Posted November 13, 2007 I just set my connection to encryption enabled (*not* forced), and now it works fine. Link to comment Share on other sites More sharing options...
RandomBob123 Posted November 14, 2007 Report Share Posted November 14, 2007 I didn't see it anywhere in the above posts, so I just wanted to note that what Comcast does affects people who've finished a download and are only seeding that download (and obviously the people they're trying to upload to). The proposal above is a good idea, and I hope it'll be implemented in future releases. If people with Comcast are having trouble seeding, one method that should work (if CC hasn't changed how they're screwing everything up) is to stop a download at 99% (or a little less) and to just "seed" the torrent for a while in that state. You won't actually be designated as a seeder (by Bittorent clients) b/c the download hasn't reached 100%, so you should be able to upload to your full capacity. Obviously you'll want to finish the download at some point so you can use the file, but if you know any programming or have a file splitter you could always copy the file so you can use it, and then cut the end off of the original being seeded so that the next time it's hash-checked it once again goes under the "non-seeding" category. (sry I have run-on sentences >_>)If I understand it correctly Comcast's method works by sending a message to the seeder's computer saying the person they're trying to upload to doesn't need them, and does the same thing for leecher - although how that would make any sense eludes me, as a seeder is supposed to have the whole file so they should be useful to anyone else who isn't also a seeder.W/e, hopefully CC will get their asses sued for Net Neutrality reasons and have to stop what they're doing. Does anyone know if encryption has any affect on this? I guess if the packet that identifies someone as a seeder isn't encrypted than it wouldn't stop CC's method... yeah... not a protocol analyst (yet) Cheers Link to comment Share on other sites More sharing options...
jizam Posted November 21, 2007 Report Share Posted November 21, 2007 I've read rumors of there being a true Sandvine fix just around the corner. Can anyone confirm if that's true or not? Are bt developers working on a fix? Link to comment Share on other sites More sharing options...
Ultima Posted November 21, 2007 Report Share Posted November 21, 2007 Yeah, the developers are working on possible ways to get around the throttling. Guaranteed fix in all cases? I'm not sure; they have come up with some ideas and implementations, though. Link to comment Share on other sites More sharing options...
jizam Posted November 21, 2007 Report Share Posted November 21, 2007 Thanks for the response. I'd be happy to help test in the event there's a need. Link to comment Share on other sites More sharing options...
TheKolkster Posted December 31, 2007 Report Share Posted December 31, 2007 Excellent guide! Works perfectly!There's just one problem. It seems to be blocking my computer from communicating with my DHCP server. Would anyone know how to fix this? Like when I repair the network card that is using my internet connection, it's unable to. Link to comment Share on other sites More sharing options...
mves Posted February 2, 2008 Report Share Posted February 2, 2008 Can this be done with Zone Alarm? Also, does Peer Guardian can block that packets? It's blocking most of the anti-p2p servers. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 2, 2008 Report Share Posted February 2, 2008 Also, does Peer Guardian can block that packets? It's blocking most of the anti-p2p servers.And a lot of legitimate traffic.http://neuron2neuron.blogspot.com/2006/05/blocklist-balderdash.htmlhttp://www.slyck.com/story1593_MediaDefender_Leak_Offers_BlueTack_Users_a_Reality_Check Link to comment Share on other sites More sharing options...
mves Posted February 2, 2008 Report Share Posted February 2, 2008 About Peer guardian... Yes, it's true. It does blocking a lot of legitimate traffic, but then you put allow permanetly on that ip. Problem with me is that I'm behind ruter that over the day is set to block p2p. Forced protocol encryption and problem is partially solved. During that blockade, torrent tracker is blocked. While dht is working, there is not much problems, but if torrent doesn't have dht, that brings me to the manually added peers whose ip's and ports I collected during the night. :/ That also is not a problem with guys with static ip and non-random ports. Then, the question is... does this settings can solve my problem? Or... protocol encription on torent tracker Link to comment Share on other sites More sharing options...
jewelisheaven Posted February 2, 2008 Report Share Posted February 2, 2008 HTTPS increases load on trackers by orders of magnitude I hear. :/ Note when your tracker communication is blocked, IF it tracks your ratio, you CANNOT START OR STOP those affected torrents without "losing" your stats since the last successful announce. Link to comment Share on other sites More sharing options...
mves Posted February 2, 2008 Report Share Posted February 2, 2008 Well, when torrent functioning is in stake... "loosing" stats is the least concern. Bigger problem then is how to wake up offline (timeout) tracker during p2p blockade? While dht enabled, there is no problem, I'll get peers even if tracker is blocked. But if that specific torrent have disabled dht... :/Now, anybody knows, is that related with sending connection reset, to me or to the tracker? And then, does trackers have implemented protection from connection reset? Like I see, turning on my protection from connection reset will do nothing if trackers don't have the same setting... Link to comment Share on other sites More sharing options...
Firon Posted February 2, 2008 Report Share Posted February 2, 2008 load from https is honestly not that high. Link to comment Share on other sites More sharing options...
hermanm Posted June 29, 2008 Report Share Posted June 29, 2008 Hi, did a Sandvine fix make it on a to-do list for µTorrent? Or is it just a wish-list item? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted June 29, 2008 Report Share Posted June 29, 2008 It's on a level that uTorrent doesn't handle. Link to comment Share on other sites More sharing options...
hermanm Posted June 29, 2008 Report Share Posted June 29, 2008 Right, I think I read in the beginning of this thread somewhere. I'm definitely seeing speed improvements on some torrents with the wipfw install, but it is not consistent across torrents. Some peers continue to drop, but other peers I am able to receive requests from and send pieces to. Why would that be? Link to comment Share on other sites More sharing options...
Switeck Posted June 30, 2008 Report Share Posted June 30, 2008 ComCast disruption method doesn't always kill every peer...at least not all at once. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.