» Blog » Networking » The Battle of the Bandwidths

I’ve been a dedicated Click-Network (Tacoma WA) Cable Internet service subscriber since before I can even remember. A few months ago while attending PAX Prime in Seattle, I received a phone call from home saying that our internet service was no longer functional. After returning home from this event, I contacted the ISP to find out what was up. It turns out that we ran over our 250 GiB/month data cap, something which I had no idea even existed. At the point in time when my household signed up for this service, these data caps were completely non-existent.

It was quite a shocker to find out that Click-Network instigated a 250 GiB/month cap without ever informing us. This “new” data cap wasn’t even new either, as it turns out that it is documented at the very last section of the ISP’s “Acceptable Use Policy” on their web site. Here is a quote from their web site:

Click! may revise this AUP from time to time without notice by posting a new version at www.clickcabletv.com and submitting it to ISPs who use Click! Network services. Accordingly, Users should consult this document regularly to ensure that their activities conform to the most recent version. Please direct any questions or comments regarding this AUP and/or complaints of violations of this AUP to your ISP immediately.

Source: http://www.clickcabletv.com/Internet/AUP.aspx (2012-01-25 10:00PM PST)

From that you can directly see that they have and always had full on intentions of simply changing policies without ever informing their customers, such as in my case.

Now, lets move on to more recent observations.

Since that point in time, I have made significant upgrades to my in-home local area network. Some of these upgrades included a much more powerful router which includes very details reports as well as a highly configurable firewall. While playing around with this router over the past two days, some things started to appear that seemed quite a bit out of place.

This is the 8-hour bandwidth graph for my LAN’s router. Highlighted is the bandwidth consumed from packets that were blocked by the firewall. This amounts to an average of 12.3 MiB every 8 hours.

Lets do some math!

12.3 / 8 = 1.5375 MiB/hour
1.5375 * 24 = 36.9 MiB/day
36.9 * 30 = 1107 MiB/month

And there you have it. Nearly 1.1 GiB of bandwidth per month is going straight to BLOCKED PACKETS. This is all wasted bandwidth. When talking with the ISP about the bandwidth issues before, I made it a point to ask about bandwidth overhead and things like this. They repeatedly confirmed that they count both packet data as well as packet overhead when measuring total consumer bandwidth for a given billing cycle.

Now where is all of this bandwidth going? Luckily my firewall logs tell me this! There is a constant flood of broadcast packets on the WAN address of the router. The source of these packets is originating from the ISP itself. Yes, this is right. The same ISP that instituted the 250 GiB/month limit is also taking away over 1 GiB/month from simply sending out broadcast packets across the whole network. While this only accounts for 0.44% of the total bandwidth allocation per month, this is still phantom bandwidth that has a chance of aiding in the ISP knocking me offline again.

Mischief

Back in the earlier days of the internet before we had Instant Messaging, we used something called Internet Relay Chat (IRC) to communicate instantly with one-another. Most popular IRC servers has “flooding” policies, wherein if you send too many commands to the IRC server in a short enough period of time, the server would disconnect you. One command you could issue is a “ping” command to another user on the network. The other user’s IRC client would then auto-reply with a “PONG” message (these are used to test latency between users).

What could you do with this? Well, if you have multiple systems all sending out PING messages to the same user at the same time, you could in theory get them kicked off of the server! This worked by having you and your friends all setup to send PING messages slower then allowed commands/second ratio the server has setup. Because the receiving client has multiple sets of messages to reply to, the larger quantity of replies would set it over the rate limit, effectively denial of service (DOS) attacking the user.

Now why would I bring up some old technology like that up in a blog post about ISP imposed bandwidth limits? Take a second to think of this scenario.

There are plenty of free and cheap web hosting services out there. It would not take much to setup several of these to all send bogus packets to a single IP address. Because the ISP then tracks the bandwidth consumption of these packets, regardless if the client accepts or rejects them, the customer can then be pushed over their bandwidth limits without their interaction at all.

Here in this next chapter of the internet, I fear this may become the next type of distributed denial of service (DDoS) attack.

If the RIAA/MPAA think you are pirating their media? Simple! Now they can flood your IP address with bandwidth so your ISP knocks you offline!

Say something online that the government takes offense to? No problem, They’ll just flood your IP address now so it looks like someone else is censoring you!

And with all that said, I will now forward the permalink of this post to Click-Network. Odds are they’ll ignore it, much in the same way they’ve ignored every single other email I’ve ever sent them (those other complaints are for a later time).

This entry was posted in Networking, Security. Bookmark the permalink.