ISP filter uTP, trackers IPs, TCP/IP, ports, VPN, etc... No way out

[Stan]

Ok... This is getting nicer and nicer. My ISP (that depends from another (mayor?) ISP called fibertel) is getting really meaning lately.

They usually ban common things like Ports, TCP/IP traffic (packets usually used by torrents) and trackers IPs.

But NOW... Now this is crazy. Their (paranoid?) level hits a new level, at least to me, extreme. Now they ban UDP connections!!. Encrypted UDP traffic!!. Hah... I cant believe this. Even MORE. They reset the connection EVEN when you are on VPN. UDP encrypted OVER ENCRYPTED VPN connection!!. This is MADNESS!.

I have NO clue how they do this. I dont even know HOW they filter the encrypted UDP connection!. Obviously they sniff (or something like that) the traffic and see if the packet is a torrent packet and then they drop the connection. But to be honest, I have NO IDEA how they do this.

They have also a sort of schedule, where they filter EVERY p2p connection since 8pm upto 1am. This is where you can REALLY feel the filter, they filter EVERYTHING, I mean, port, packets, trackers IPs, EVERYTHING related to a torrent traffic. When is 1am, they somehow relax this filter and lil by lil unfilter the connection. Starting with the trackers IPs and then the ports, and so on.

The worse part, there is no way out, because in this country there are 2 companies that control the internet traffic and if you try to move to the other (or any dependent of any of this major companies) you would have the same problem.

I really I cant believe this happend.

Its pretty frustrating trying to download a linux distro with this protocol.

[Switeck]

Have you tried experimenting with very low settings in uTorrent to see if you can get under their trigger threshold?

...This is assuming that encrypted regular TCP peer/seed connections are not automatically blocked.

[Stan]

I tried with a connection of 16 seeds (when the torrent has +400) and the filter still.

Seems like in the way I see they just block every encrypted and uncrypted packet used by (in this case) utorrent. They drop the connection and in the best of the cases limit the seeder/peer to a 5kB/s max. Giving me in the best of the case, when the filter/block is full active, a global connection of 10kB/s.

[Switeck]

Did you turn off UPnP, NAT-PMP, DHT, LPD, and Resolve IPs?

Try running tracker traffic through a proxy?

[Stan]

Everything is disabled (UPnP, NAT-PMP, DHT and Local Peer Discovery). The only thing that I dont know how to disable is Resolve IPs, but I dont think that might change the ISP filter/block/ban my connection.

And yes, I try to run thought a proxy and it happend two things, the 1st one, the isnt major improvements in speeds matters and 2nd some trackers dont recognize the proxy IP or in some cases, ban that IP because is a proxy

Seems like in this country we are done...

Something that I cant believe till now is that they can filter/ban/block/drop the connection/etc even when you are over a VPN... Two weeks ago were working pretty good now is the hell on earth.

I dont get the fact they do this, we are a crappy country where there arent a bunch of ppl (like 20 millions) connected at the same time. Even thought, the max connection you can get is (dont laught) is 5MB... Seems like the traffic quota on this (shitty) side of the world is pretty overrated, like everything.

[Switeck]

Turning off Resolve IPs won't hurt...fewer packets flowing in/out related to uTorrent the better. Less for the ISP to identify BitTorrent and block.

Right-click in PEERS window of a torrent for the menu to disable it.

Lowering bt.connect_speed from up to 20 outgoing new connection attempts a second to 1 might make uTorrent a little "quieter". Lowering net.max_halfopen from 8 to 1 (outgoing half open connections uTorrent allows at once) might also give your ISP less for it to recognize the encrypted uTorrent traffic. I even set both bt.connect_speed and net.max_halfopen to 0 often on mine for when I don't want uTorrent making ANY outgoing connections. I have to raise both to at least 1 each for uTorrent to start making outgoing connections again and/or do tracker updates. Because I have the green light in uTorrent and Peer Exchange enabled, I still typically get incoming connections for awhile -- up to 3 days if I'm running busy torrents.

Is encryption set to FORCED outgoing and disable legacy (unencrypted) incoming connections?

Either that or possibly allowing legacy incoming connections will probably work best.

You may have to save peer lists and remove trackers entirely. I put an * in front of each tracker and put them all on the same line separated by spaces so uTorrent won't try them separately. Totally reset the modem and router if you have one. Then add the ip:port back for each peer/seed you had.

You may even want to experiment on what outgoing/incoming ports uTorrent uses -- there may be ports which do other things that use encryption (VoIP? VPNs? games?) that maybe uTorrent could use instead which might escape their notice for now.

If your ISP is blanket-blocking anything that they cannot read (which would be the case with encrypted packets), you are really and truly screwed.

[Stan]

Thanks Switeck for taking your time.

I dont get this part

You may have to save peer lists and remove trackers entirely. I put an * in front of each tracker and put them all on the same line separated by spaces so uTorrent won't try them separately. Totally reset the modem and router if you have one. Then add the ip:port back for each peer/seed you had.

I do use the encryption forced and legacy incoming connections are disabled.

I randomize the port in each start, so, the port I think is not the problem.

Sometimes I tried to use the SSL port used by some sites.

Even I set bt.trasnsp_disposition to 10 (only UDP) and 15 (both).

Nothing of that can bypass this (I guess) hardware blocking

[Switeck]

Then your "ISP" is probably throttling/crippling/disrupting ANYTHING they cannot read and recognize.

[Stan]

I dont get why you use quotes on "ISP" either...

The thing here is, they on the peaks hours (from 1pm to 12am!!!) literally kill every connection with more than 6 peers and each peer that upload more than 2KB/s (yes you read right, 2kilobytes per second) is disconnected.

My computer is connected directly to my modem, there is nothing in the middle, just the cable who connect both devices.

Right now Im experiencing one of the most throttling EVER. Not only the tracker who I connect to is banned but the whole (torrent) traffic. No matter if is encrypted + uTP + VPN. ALL OF THAT together!.

I really dont know how they do this. And in the way I see there is no way to bypass this hell.

And again, if you tell me that Im in one of the majors countries, with more than 40 millions of ppl using the bandwith to download by torrent, I could understand that. But Im in one of the most shitties countries on this 3rd world and seems like throttling is their favorite pie...

[Switeck]

I put ISP in quotes because yours is failing in its primary task of providing internet access to its customers. Disconnecting ips from you and throttling your line far below its rated max is just a sign of that...they may be willing to do far worse.

"Sometimes I tried to use the SSL port used by some sites."

Is even better than my suggestion to remove trackers from the torrents to "hide" the torrents activities from your ISP.

That your ISP is even blocking SSL port to websites and uTP doesn't help...means your ISP isn't worthy of being called an ISP. You have my sympathies there -- ComCast at its worst was nowhere nearly as effective as that at stopping/blocking BitTorrent, nor was it their intent to fully block it. I could use BitTorrent protocol encryption with a little bit of luck and still get peer/seed connections.