SlashDot: "Comcast Gunning for NAT Users"

Mailman List Mirror (Read Only)
1

<snip>

Even this would have problems - there'd probably be a class action if
they required users not to use firewalls and I doubt they'd want to deal
with the support headache in convincing users to give up their wireless
access points.

OK... I think the stuff gone with the <snip> was adequately addressed
by others.

According to the excerpts from the TOS, VMWARE, Firewalls (other than
an in-box firewall like BlackIce, etc.), WAPs and the like are already
prohibited. All of those represent termination of the connection on
a non-comcast LAN. VMWARE connects the vmware systems via a LAN
implemented as a driver in the host operating system kernel (at least
in Linux, I don't know about Windows). Even if there's no physical
equipment outside the computer involved, it's still arguably a LAN.

That having been said, the real bottom line is that their policy
is a bad idea, and one which would prevent me from subscribing to
comcast. If you are subscribing to comcast, you have the following
choices available to you:

  1. Accept the policy and continue on.
  2. Ignore the policy and accept the consequences.
  3. Tell comcast that you feel they should reconsider their
    policy, and cancel your service if they do not. They
    aren't the only ISP available.

The real lesson is that filtering on equipment is a bad way to control
bandwidth usage. Of course, these are the same people who will complain
about something listening on port 80 which transfers 5KB/month but won't
say a thing if you spend 18 hours a day deathmatching and downloading
crap.

Here, I agree 100%. Any attempt at an automated enforcement of the
above TOS is likely to be a DOS attack on their customers who
are not violating the TOS.

Owen

2

Owen DeLong wrote:

According to the excerpts from the TOS, VMWARE, Firewalls (other than
an in-box firewall like BlackIce, etc.), WAPs and the like are already
prohibited. All of those represent termination of the connection on
a non-comcast LAN.

I think that's reading too much into it. Clearly they allow for the use of
LOCAL networks. I mean, why would you need multiple IP addresses,
"expertise setting up a network", and so forth, if they didn't allow for
the use of user-side networks? The reference you mention seems to be
explicitly in the context of a REMOTE network, as in connecting 24x7 to a
pair of Exchange and Oracle servers, sucking up bandwidth all day long.

Let's look at this in their own terms. They allow frat houses, but I would
guess that not many of those only have 3 computers, yet they only provide
3 IP addresses, so NATs would almost certainly be required for most frat
houses. Conversely, they allow dorm rooms, but they don't want the
resident of that ROOM to resell or even provide connectivity to the rest
of the DORM.

In this context, I would say that if they are looking for NATs at all,
they are looking to see if there are dozens of computers hooked up
somewhere that shouldn't be, such as a dorm room reselling pipe, or a
residential house providing connectivity to the entire neighborhood. My
guess would be that they are only looking for this after they have noticed
a utilization issue.

I mean, if you are using 100x the bandwidth of other people in your
neighborhood, they want to figure out which provision you are PROBABLY
violating. Are you running a warez server (forbidden)? Are you providing
connectivity to others in your neighborhood (forbidden) (presumably via
NAT, since they only give you 3 IPs)? Are you running a small business out
of your house (forbidden)?

That seems to be the only context that has any significance in any of
this. Keep your utilization at a point where they don't have to upgrade
pipes AND don't have to listen to complaints from your neighbors, and they
probably won't care what you do with it.