Violating my cable service agreement

[asteinmetz]

From my ISP's "Acceptable Use Policy:"

You will not use, nor allow others to use, Your computer as a web server, FTP server, file server or game server or to run any other server applications.

That pretty much leaves out all the remote home monitoring stuff out there. I get the idea of the service agreement (SA). They don't want commercial users sucking up bandwidth while paying for a home plan or people otherwise hosting sites that generate gobs of hits from everywhere.

In my case, I wouldn't be generating any more traffic than I do anyway and it would stay in the family but the SA doesn't contemplate this possibility. It's silly to pay $200/mo for a commercial plan. I could constantly upload home status and camera images to the web page my ISP gives me, which would comply with the letter of the agreement, but that is more of a bandwidth suck than the hitting my home server occasionally. So currently I am a scofflaw. My ISP blocks incoming traffic to port 80 so I forward to other ports.

I'm thinking of writing a letter trying to work things out but I fear the faceless drones in the bowels of my cable company will just start monitoring me closely and try to cut off my service. Why do that when I have a workaround via port forwarding? I'd like to be fully compliant and have modify the SA to reflect the times. Others must surely be in my situation.

Has anybody here have a more enlightened SA or do anything other than "don't ask, don't tell?" Thanks.

 

[linuxha]

From my ISP's "Acceptable Use Policy:"

You will not use, nor allow others to use, Your computer as a web server, FTP server, file server or game server or to run any other server applications.

That pretty much leaves out all the remote home monitoring stuff out there. I get the idea of the service agreement (SA). They don't want commercial users sucking up bandwidth while paying for a home plan or people otherwise hosting sites that generate gobs of hits from everywhere.
...

Has anybody here have a more enlightened SA or do anything other than "don't ask, don't tell?" Thanks.

Warning: IANAL! This is not legal advise.

My AUP clearly states that I am not allowed to have any servers on my home network. Well I can tell you that my ISP can not tell me what to do on my home network. Oh, I'm also not allowed to have more than one computer on my home network either. <_< My servers are not exposed to the internet and what I do on my home network is none of my ISP's business.

Sorry about the rant but what the ISP wants to avoid is the bandwidth suckers and commercial users who run web, game and file servers for all the internet to use. They abuse the tiny upload speeds. For a long time (in years) I had my firewall open to permit ssh access to my home network. My ISP never noticed and I would often stay on for hours. I was running shell access and using scp to copy files back and forth. I'm in no way a bandwidth hog. My friend has some rather neat toys on his home network. He can watch his TV on his AT&T 3G phone or he can watch his web cam of the ocean (lovely view) or control his home.

Don't bother writing a letter, IMO they will just say no. It is difficult to write broad contracts in such a way that the ISP can CYA. The managers won't budge. Nobody is really monitoring all the traffic in the way that many think. Deep traffic inspection eats up the CPU resources of a router and the way these networks are growing CPU resources are at a premium. Oh I'd recommend staying away from. Let's not get into the whole NSA thing as that is a lot more complicated and doesn't really affect you and me (I hope )

 

[sda]

BFD. They're only CYAes so they have a reason to terminate you if you abused the upload bandwith, esp. using P2P stuff like bittorrent. If you want to set up a web server and the ISP blocks port 80, just set up the server to listen on some other port number.

 

[eufreka]

My AUP clearly states that I am not allowed to have any servers on my home network.

Well, who said homeseer, for example, is a "server" application?

The most interesting part of the discussion is *how* does the ISP know what is "originating" from the outside in, versus the inside out? If the port number is the only method...hmmm...

And if the ISP is actually intercepting and reassembling your data for inspection and analysis...big, big hmmmmm...

 

[wuench]

My AUP clearly states that I am not allowed to have any servers on my home network.

Well, who said homeseer, for example, is a "server" application?

The most interesting part of the discussion is *how* does the ISP know what is "originating" from the outside in, versus the inside out? If the port number is the only method...hmmm...

And if the ISP is actually intercepting and reassembling your data for inspection and analysis...big, big hmmmmm...

TCP connections are opened by one side or the other. Most network equipment (firewalls and ACL's) have the ability to allow traffic through in both directions but only allow connections to be established in a single direction. TCP connections are opened with a 3-way handshake. Its:

SYN--->
<----SYN ACK
ACK--->

So they just look for the first SYN packet going in a particular direction and block those. So they do have the ability to monitor traffic in each direction and can block it one particular direction or another.

I would not worry about the contractual stipulations, those are pretty standard and, like mentioned above, those are there to prevent abuse not use. Especially for cable companies because cable bandwidth is shared, so one user can impact others. My personal opinion, though, is blocking well used ports is intolerable, they are protected by contract, and lots of users use inbound for more than just commercial. It really is antiquated thinking and if I were you I would consider dropping your ISP and looking for one that doesn't block ports.

 

[huggy59]

DADT, and if they get their panties in a bunch, have a backup plan (another ISP). Even my ISP, a private telco in a rural area that maintains control of their modem/firewall/router, has finally allowed us to port-forward from outside to have some non-standard ports access for things like HA. (I run my own firewall inside theirs to make sure they are on the level.)

 

[linuxha]

My AUP clearly states that I am not allowed to have any servers on my home network.

Well, who said homeseer, for example, is a "server" application?

In TCP/IP any device that accepts the start of a connection is a Server, a client is a device that initiates a connection (of course there is no such thing in UDP ). And for those who know networking, yeah it's a simplified view but I don't want to get into the nitty-gritty.

The most interesting part of the discussion is *how* does the ISP know what is "originating" from the outside in, versus the inside out? If the port number is the only method...hmmm...

Wuench did a good job of describing the inside/out stuff so I don't need to add more.

And if the ISP is actually intercepting and reassembling your data for inspection and analysis...big, big hmmmmm...

What you are talking about is stuff like the NSA or the information gathering. The ISP would rather not get involved with that... but an ISP doesn't have to dig very far into a packet to determine what's going on. To determine what you are 'saying' then they need to dig deeper and the ISPs don't want to do that (it's very expensive). IMO, the business with resetting P2P connections is something they're trying to do to keep their networks flowing. Though I think Comcast (?) handled the problem poorly. P2P takes it's toll on a network designed with asymmetric speeds. CoS/QoS is a very difficult thing to do on a router as it eats up the router's resources. This is the kind of testing I do at work(business services) though none of my work can be applied to consumer services (very different design criteria).

 

[Rustytek]

Everyone violates the generic TOS. A couple of examples:

1. Game servers (i.e. Call of Duty)
2. Homeseer
3. Internet Cameras
4. Windows Home Server

As mentioned in the previous posts - don't worry.

 

[AutomatedOutlet]

Everyone violates the generic TOS. A couple of examples:

1. Game servers (i.e. Call of Duty)
2. Homeseer
3. Internet Cameras
4. Windows Home Server

As mentioned in the previous posts - don't worry.

Also, use of VOIP violates most of the contracts out there....... - Unless you buy it from them!

 

[wuench]

Everyone violates the generic TOS. A couple of examples:

1. Game servers (i.e. Call of Duty)
2. Homeseer
3. Internet Cameras
4. Windows Home Server

As mentioned in the previous posts - don't worry.

Also, use of VOIP violates most of the contracts out there....... - Unless you buy it from them!

Those are good points. The contracts are pretty much behind the times. But with the proliferation of P2P, I doubt they will go away, and they may have no other choice than to start enforcing them. Technically I can think of no other way since P2P can randomize ports and SSL encrypt, theres no good way to single it out. If it keeps going the way it is, web traffic will be brought to a halt unless they take action. Unfortunately it isn't solvable by just adding bandwidth to their networks, or raising prices to cover their escalating NNI costs since P2P is almost viral and consumes as much bandwidth as they give it. Don't get me wrong, I like BT, but it really is doing serious damage to carrier networks. If you want to know why your XBOX is lagging or your youtube videos are choppy, you can pretty much blame P2P as the culprit.

And technically speaking, you might be better off buying your VOIP from your ISP because they can run QoS on it and protect it, whereas, they won't do that for other carriers (Vonage etc) VOIP traffic, so it is considered best-effort and must compete like any other traffic. Of course, there are other things such as price and your ISPs VOIP service and reliability to consider.

 

[Spanky]

About half the internet servers are going to have to shut down!!

 

[damage]

i'm sure ISPs would get more bang for their buck if they shut down all the compromised PCs/bot nets/mail relays/open proxies on their networks...

 

[Skibum]

And technically speaking, you might be better off buying your VOIP from your ISP because they can run QoS on it and protect it, whereas, they won't do that for other carriers (Vonage etc) VOIP traffic, so it is considered best-effort and must compete like any other traffic. Of course, there are other things such as price and your ISPs VOIP service and reliability to consider.

QoS is QoS. If your providers hardware supports it, it will work just as well when you QoS tag your packets when connecting to an alternate VOIP provider.

 

[wuench]

And technically speaking, you might be better off buying your VOIP from your ISP because they can run QoS on it and protect it, whereas, they won't do that for other carriers (Vonage etc) VOIP traffic, so it is considered best-effort and must compete like any other traffic. Of course, there are other things such as price and your ISPs VOIP service and reliability to consider.

QoS is QoS. If your providers hardware supports it, it will work just as well when you QoS tag your packets when connecting to an alternate VOIP provider.

Unfortunately that isn't how it works. No carrier is going to honor your QoS tagging. In a QoS design you designate what is called a trust boundary. At that point, usually the first router on their network, the packets are re-tagged for their networks. This is because a tag may mean different things to different networks, they are only locally significant and this is even true in private networks. Company networks don't typically honor tags set by PC's or Servers because they can be modified by the end users or server administrators at will. If you left it up to the end user or server admins everyone would tag their traffic as the highest class. So if you set QoS tags on your DSL router or PC you are basically just wasting CPU cycles.

 

[linuxha]

And technically speaking, you might be better off buying your VOIP from your ISP because they can run QoS on it and protect it, whereas, they won't do that for other carriers (Vonage etc) VOIP traffic, so it is considered best-effort and must compete like any other traffic. Of course, there are other things such as price and your ISPs VOIP service and reliability to consider.

QoS is QoS. If your providers hardware supports it, it will work just as well when you QoS tag your packets when connecting to an alternate VOIP provider.

Unfortunately that isn't how it works. No carrier is going to honor your QoS tagging. In a QoS design you designate what is called a trust boundary.

Correct if you're going to do anything you might consider traffic policing on your outbound traffic but this get complicated as some protocols don't really do throttling and you have may have to play games. Traffic policing is supposed to keep the wire from filling up. A decent knowledge of queuing theory also helps here. Nothing will help you with latency other than shorter distances or removing/replacing the slow equipment. I can do traffic shaping on my WRT54G but I haven't needed to so far.

BTW, Comcast supposedly used packet marking to give out more bandwidth. Some folks claimed to have remarked their packets and had speeds up to 16M (download). They said it only lasted a short time. If it were true it sounds like someone forgot to apply a remark to 0 service policy on the inbound interface of the customer facing routers.

As a rule QoS/Cos is difficult to do properly and you must engineer your network (from end to end) right down into layer two.