I'm not spitting nails now, so I guess I've calmed down enough to post this message. Friday, while waiting for Comcast to get its act together to deal with registration problems involving the replacement cablemodem they brought here (still not resolved), I received the monthly call from their insecurity division, claiming that my computer was "infected with malicious software". Yeah, right. I informed the person that their monthly harassment calls about something they obviously knew nothing about were not appreciated. To date, they have never provided so much as an IP address or a port number that supposedly had been attacked in any way from my system. The person then claimed that my system had been "connecting to botnets", but was unable or unwilling to support that claim with any evidence and unable or unwilling to provide even a port number via which the alleged connections had been made. (All of the port numbers allowed in my exit policy are reserved port numbers by IANA or are tor-related ports or are other special purpose ports limited to particular IP addresses, so they are all legitimate.) That leaves only DoS attacks, and it is difficult for me to imagine conducting any effective DoS attacks via tor because of slowness of doing anything over tor. I repeatedly offered to close any exit ports that had been affected, but that they would have to tell me which ones those were. The person refused. I was also told that IP addresses of the supposedly attacked systems or of the supposedly contacted botnets could not be provided to me either. (It was not clear whether the alleged complaints came from the alleged botnet operator(s) or from the supposed targets of the alleged botnets, but it struck me as bizarre that a botnet operator would file a complaint with an ISP alleging interference with the botnet. I'm quite suspicious that Comcast has made the whole thing up out of thin air.) Next, the conversation took a turn in a different direction. I was told that port 443 (my relay's DirPort) was "open facing the Internet", i.e., that a program was actually listening on that port via the interface that connects to the cablemodem. I was told that having *any* ports "open facing the Internet" was a violation of Comcast's Acceptable Use Policy (AUP) for residential accounts. During this part of the conversation I told the person to look at www.torproject.org. This turned out to be a mistake, probably because the web pages there have never been updated to replace the client- server terminology with router terminology, so the person was immediately convinced that I was running a "server", which the person claimed was a violation of the AUP. This means, of course, that one cannot even run sshd on one's system to allow secure logins from other locations to one's own computer. I was told that I would need to upgrade to a Comcast business-class account if I were going to run a "server", by which they meant having any program(s) listening on ports accessable from the Internet. Please note that Comcast is now running port scanners against their customers' IP addresses to determine whether anything is listening on any ports at those addresses. The person I spoke with did so while talking with me, but had already seen port scan results before calling me. I do not know whether they scan the full range of possible port numbers or only a subset. The person kept mentioning that 443 was "open", but never mentioned 995, which was the ORPort and was getting the vast majority of the traffic. The net result of that conversation was that I had the choice of shutting down my relay, MYCROFTsOtherChild, or having my account terminated for a minimum of 12 months. I chose the former, at least while I investigate other options, of which there are only two or three at my location. A minimal Comcast business account will cost $60/mo. and require either a 12-month contract with an installation fee of over $200 or a 24-month contract with no installation fee. However, the Comcast business service does not *yet* have a monthly cap, whereas I've had to throttle my relay quite severely the past several months due to Comcast's bait-and-switch of last year when the service sold as being "unlimited" suddenly got a 250 GB/mo. cap imposed last October. (Currently, I pay $40/mo. + $3/mo. for cablemodem rental and have no contract.) Verizon residential service is only available at my location if I also buy their telephone service, the combination of which would cost ~$80/mo. and also require a 12-month contract. I have yet to get the details on Verizon business-class service, but it seems unlikely to be any cheaper. Verizon's residential service does not currently have a cap, but I don't know whether they prohibit listening on ports accessable from the Internet. I exist on a shoestring, and even an increase of $17/mo. will come out of my food intake each month, which already averages about 1.5 meals/day. If I can manage to revive MYCROFTsOtherChild in the near future, I will do so, but I don't yet know whether that will be feasible, and it may take a while to make it happen even it can be done. Meanwhile, I see my Comcast addresses of relays on the tor status page, and I suspect that not all of them are on Comcast business accounts. If you are a tor operator on a Comcast residential account, be advised that your relay's days on that account are probably numbered, so you ought to begin looking for a different arrangement before they call to threaten you, too. Now that Comcast has become one of the 800 lb. gorillas among ISPs in the U.S., it has apparently become an enemy of Internet growth, probably to preserve its market share without having to invest competitively to keep up with growth. They apparently do not run Quality of Service software on their routers, which is part of the reason they think they need to have a 250 GB/mo. cap on residential accounts, the other part being their presumed need to inhibit Internet growth. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * ********************************************************************** ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE