[NTLUG:Discuss] Help! I'm under attack by my ISP!

[Kyle Davenport]

*** Authentication Certificate ***


hee hee.  I'm sure this has happened to some on this list.  Oh, if you
believe p2p software is illegal, ignore this email.

I've been on TVMAX broadband for years (nee BBNOW, nee OptelNow).
Apparently the internet service has been bought by Comcast, and they are in
the process of converting over.   I've heard horror stories about terms of
service for Comcast et al. but I've been running over a dozen services off
my server/firewall for years (and no, never been hacked), and just about
every p2p client occasionally.  Suddenly tho, they shut me off and I have
to call "Tech Support" (a very loose definition) to find that they have
detected an open port 4662 and "excessive bandwidth utilization".     I
replied there was nothing in the terms of service about p2p software (nor
should there be, as it is not necessarily illegal to trade files), but she
claimed I was affecting the other users.   Of course I wouldn't do it if it
were degrading the network, but in fact I was only running overnet at the
time capped at 10kbps.   Seems to me they're really objecting to my use of
most of my allotted 1Mbps limit (all day long, since I use it from work).

So it occurred to me to find out where their port scans are coming from,
and blocking those.  (That's right - if they're not going to play fair, I
won't either)  I tried pkdump (ouch! not ready for prime time) and
portsentry.  Neither seem to do what I want, which is block hosts scanning
different _unrelated_ ports, ie., the p2p ports, and to do so without being
suspicious.   Unfortunately, I don't know whether the scans are coming from
tvmax.net, interquest.net, or comcast.  I also can't tell from whois what
all their subnets are.

And if any Comcast users would care to comment on the service, and how they
deal with it, I'd appreciate it.

Kyle