2

I am trying to better understand the net neutrality debate. Some have accused ISPs of sending RST packets to end hosts in order to block BitTorrent traffic. What exactly does this mean?

I have a basic understanding of HTTP and TCP/IP (I'm a programmer) but server administration is something I am definitely not an expert in. Thanks.

user23390
  • 123
  • 5

2 Answers2

6

There are several flags in a TCP packet (SYN, ACK, PSH, RST and FIN). These are normally used as part of the setup and tear down of normal TCP connections. One of the flags (RST) is used when there's been a problem with the connection and one end needs to abnormally abort the connection. When the other end receives a RST connection, it immediately tears down the connection. This is what is happening when you get "Connection reset by peer" error messages.

This means you can close any TCP connection if you can insert a RST packet into the TCP stream. To do this though, you need to be able to either intercept a valid packet or make a guess at various counters used to keep track of individual TCP connections.

David Pashley
  • 23,151
  • 2
  • 41
  • 71
1

The TCP protocol is controlled by a finite state machine implemented in the operating system's networking stack. Being a programmer, the concept of an FSM ought to be at least somewhat familiar.

Forging a TCP RST packet (that is, an IP datagram with a forged source IP address showing as coming from the remote server, containing a TCP segment with the RST bit set and the appropriate SEQ/ACK numbers) is something that anyone along the route from client to server can do to cause a TCP connection to be closed by the receiving operating system. The client receives the packet and the finite state machine "resets" the connection, closing it and preventing further data transfer.

The forged packet is indistinguisible from a "real" TCP RST packet coming from that remote host. Without using a protocol that provides authentication (IPSEC AH or similiar) there's nothing you can do to prevent any intermediate party from creating such forged packets.

Some ISPs are (allegedly?) forging such TCP RST packets to prevent "excessive" utilization of their "pipes" to the Internet by users of applications such as Bittorrent. They use a variety of hardware / software to perform the "deep packet inspection" (see http://en.wikipedia.org/wiki/Sandvine for an example of one vendor of such a "solution") to detect such traffic flows.

There's a lot of politics around the "net neutrality" debate, much of which go far beyond the scpoe of a discussion Server Fault. At the heart, I think, it's just another manifestation of the Netheads versus Bellheads battles that have been raging for years.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • I was a bit hesitant to post on SF, but realized I'm simply looking for a technical explanation of something, not good vs bad bullet points. I appreciate (all of) your response(s). – user23390 Oct 19 '09 at 19:53