Re: Application Throttling/Management
 

Interesting... My router doesnt have that, it would be nice to :S

Re: Application Throttling/Management
 

Easynews staff have stated on their support group that VM are known to specifically throttle Easynews connections. Having said that I get full speed via the NNTP server but around 10meg using web + FDM + SSL. Not that it bothers me, nothing is ever that urgent when downloading from usenet and I prefer just downloading a single unrared/unpared file than using NNTP.
Been with them for over 6 years and I get a loyalty bonus and the gigs roll-over so if I can get something from the improved VM news server which doesn't appear to be throtlled, I use that first.

Re: Application Throttling/Management
 

If you have a router which supports snmp you can use mrtg from your PC to graph your WAN throughput/usage

http://oss.oetiker.ch/mrtg/

Re: Application Throttling/Management
 

Take a look at Wallwatcher.. Google it:) Your router may well support it.

Re: Application Throttling/Management
 

If your a windows user PRTG is another alternative.

Mine displays it in the Web ui, but I don't have it save the data over reboots (It can do it but apperently it does cause a fairly high amount of writes to the flash memory)

Re: Application Throttling/Management
 

I dont have much time to post right now...

BUT....Langley/Bromsley...all i know is your going to be a test area soon!

---------- Post added at 17:02 ---------- Previous post was at 17:02 ----------

Which is what they already do for *some* services anyway.

Re: Application Throttling/Management
 

trax makes a very bad smell then leaves the room......again!!!

Re: Application Throttling/Management
 

*yawn*

Re: Application Throttling/Management
 

That will be why I could not connect to a certain "pirate bay" website until after 11pm this evening?? Does anyone know how i could confirm this??

Re: Application Throttling/Management
 

Did you compare it with an alternative route; say an "openreach" connection?

Perhaps it was not accessible at all?

Re: Application Throttling/Management
 

There is no such thing as an 'openreach' connection as they are not a CP, I did however compare it with a BT Retail connection who have no problem accessing the site

Re: Application Throttling/Management
 

The site does go down for varying periods on occasion.

Throttling wouldn't make it inaccessible...

Re: Application Throttling/Management
 

1 day to go and I am free from VM and their shoddy service. If playing games on XBL degrades their fantastic "fibre optic" cable network then its a complete joke :)

Re: Application Throttling/Management
 

i have tested this myself many times & TraxData is correct. for example if i download from Rapidshare i dont get throttled but if i use Utorrent i do. thats all the proof that i need.

Re: Application Throttling/Management
 

That's not proof; there are too many uncertain factors in the case of torrents. It may have been poorly seeded, your ports may not have been forwarded or you forwarded the wrong ones, or the tracker was unresponsive and you were only getting DHT peers. You might also have hit the STM limit.

Re: Application Throttling/Management
 

Quick test from me, from a torrent with 2x100Mbit seeders and 1x1Gbit seed box.

VM connection (at gfs) download starts off @ 100Kb/s, sometimes touches 200Kb/s but wont go any higher.

Hook up her ADSL+2 connection, download starts at 2.3MB/s straight away and stays that way, now you could say adsl+2 connection has much better routing to the seedbox/seeders, however, the seedbox is in the UK and has a good link up to VM (http links direct from the seedbox are fine, btw).

Nothing funky going on there? course not :td:

Torrenting On VM @ her house is impossible, poor speeds, poor upload speeds.

Yet fine with HTTP (usenet even goes up/down now...lol..)

Re: Application Throttling/Management
 

got screen shot trax?

Re: Application Throttling/Management
 

One of the most infuriating things about Virgin is their policy of messing around with peoples connections and not saying anything on the basis it's a trial :mad:

One other question Trax - if you shift the usenet connection to SSL do you see the same results?

Re: Application Throttling/Management
 

It wouldnt be hard for them to Thorttle SSL usenet based on destination alone, i'm sure most ISP's which SSL traffic is usenet if its going to one of the major providers Ip ranges.

Re: Application Throttling/Management
 

I'm not suggesting it would be difficult - throttling by destination is easier than throttling by protocol, but it's whether they are throttling or not.

As I've stated before, although I don't like STM, throttling, etc. I won't dispute that I'd be classed a heavy user in most ISPs eyes. I'm happy to work within the reasonable boundaries they set (i.e. scheduled overnight) if necessary but if the goalposts are moving quicker than I can shoot I may as well not bother working with them.

And before someone says "if you dont like it leave", I'm pretty much limited ot cable as I'll only get about 2 meg on ADSL where I am. That doesn't mean I have to like VMs policies though.

Re: Application Throttling/Management
 

That is a tad unfortunate.

I'm lucky i get decent ADSL speeds but if i End up somewhere with cable and only slow ADSL speeds available id probably end up making the same desision as yourself.

Re: Application Throttling/Management
 

Ugh, torrenting has become horribly slow here. Can seed with my full connection, but when it comes to downloading, there'll be a burst when starting the torrent, then it'll stick at 20-60KB/s. Newsgroups have become my main source of anime now ;_;

Re: Application Throttling/Management
 

No problems with torrents for me, downloading full speed all the way (until it hits the stm and then it's a quarter, but still no interuption or any other kind of throttling. I'm in the Guildford area, 10Mbits connection.

Re: Application Throttling/Management
 

Well I'm in the Birmingham/Solihull area. Anybody else nearby having problems? I am an extremely heavy downloader, so Virgin might have cut my line priority, but since HTTP and Newsgroup downloads work fine, I don't think that's it.

Re: Application Throttling/Management
 

Torrents started messing up for not downloading at all but last night and this morning is fine

Re: Application Throttling/Management
 

i know how torrents work ffs & iv tested it on my own, so that shows what you know :p:

Re: Application Throttling/Management
 

Easy now ;)

Re: Application Throttling/Management
 

Anyone in Preston / Wigan / Blackpool the usual contestants for this stuff seeing anything going on with P2P on their broadbandings?

Re: Application Throttling/Management
 

Never mind, along with some info on here and some other stuff I've heard from reliable peeps seems Waltham Park is the lucky contestant this time.

Re: Application Throttling/Management
 

Would make sense as it means they then do not need to use stm on 50 meg, Instead use application throttling ?

Re: Application Throttling/Management
 

Yep quite possibly.

'It has no STM, look everyone no STM on our 50Mbit, give us £50 a month for our no STM 50Mbit service!'*

*oh by the way check the AUP, we reserve the right to shape as we see fit.

Re: Application Throttling/Management
 

I really hope they dont do this

Re: Application Throttling/Management
 

Wrong tense on 'hope they don't' to be honest.

Re: Application Throttling/Management
 

Indeed however this is VM we are talking about, This is the same company that said on the newsgroups it was NOT testing STM and then released it 3 days later ?


there is a trace route of this forum that proves they are doing this is you care to look for it .

Re: Application Throttling/Management
 

Looks like I am gonna be disconnecting all Broadband customer that want to disc as I can save customers with thise peice of crap service

Re: Application Throttling/Management
 

Considering there is now DPI being used in that area as well as STM you have to wonder what VM are thinking...

Re: Application Throttling/Management
 

Pound signs. How little bandwidth can we allocate per customer while keeping them vaguely happy.

Shame really. My browsing on VM is the fastest that it ever has been even with a Be connection that was a similar speed, but if I find my occasional bursts of heavier usage crippled, both in terms of volume and the protocol I am using they can have the cable modem back.

As a World of Warcraft player I rely on Bittorrent to bring me updates in a timely fashion. This is a perfectly legal use of the protocol. It's one thing forcing me to try and avoid STM, quite another to cripple my use of the protocol as it's on a not wanted list.

Re: Application Throttling/Management
 

This is a new one on me :mad:

They can go **** themselves

Give me my old 1 mb Telewest back:rolleyes:

Re: Application Throttling/Management
 

you can have it back with virgin bandwidth throttling well for around 10 mins then its back to 512k

Re: Application Throttling/Management
 

Look what's turned up ;)

Re: Application Throttling/Management
 

The letters DPI have appeared in a hostname?

:conspiracy:

Re: Application Throttling/Management
 

The M stands for module, you can work out what DPI stands for ;)

It's not just some random address...

Re: Application Throttling/Management
 

Correct that is a referance to a piece of Network equiptment. first name begins with A i would think. VM have admitted in the past that they have that equiptment, but said they were not using it.

Re: Application Throttling/Management
 

Then an L ? :p::angel:;)

Re: Application Throttling/Management
 

:LOL:

Re: Application Throttling/Management
 

*Imagines Alex Brown cheerleading with pom poms and stuff

Gimme an A, gimme an A, gimme an A L L, gimme an O, gimme an O, gimme an O... T! Yayyyy Allot!!!

You're all paranoid, it's purely there for usage stats collection!

Re: Application Throttling/Management
 

Usage collections of pink pigs flying overhead

Re: Application Throttling/Management
 

i think there is alot of assumptions going on here. If VM start throttling certrain protocols im sure ofcom will have something to say about it !

Impz

Re: Application Throttling/Management
 

Not an assumption at all, ALLOT is now active in 2 areas and is being used for application throttling...

And no, they wont...as its all in their FUP

Re: Application Throttling/Management
 

well if this is true then it really does stoop to a new level of dodgy dealings. so trax can you give me an idea of which protocols are being throttled and what speed they are being throttled too? is there a threshold like with STM ? and do these area's still have STM ?

I am appalled at VM's motives they cannot go on selling a service and charging thier customers only to steal back a percentage of it to sell on to somebody else. its like selling someone a meal and then taking it off you while your still eating it and using some of it to make a sandwich for someone else and selling it on !

I am getting sick of it all. I hardly use my 20meg i am a light user prb only download about 20 gig a month so STM isnt an isssue to me but i still feel cheated by thier tactics !

Impz

Re: Application Throttling/Management
 

throttled to 512k AFAIK torrents and newsgroups and online gaming will be affected by this

Re: Application Throttling/Management
 

Not sure if this was reported elsewhere, but those who expect no application throttling or STM by ISPs might like to look at this article:

http://www.theregister.co.uk/2008/09/02/bennett_fcc/

This reports that the FCC, in the USA, have told Comcast to stop underhand throttling etc, but to simply do things more straightforwardly and introduce volume charging for their net connections.

The headline of the article says it all though ("Why the US faces broadband price hikes") and that is if uncontrolled internet services are provided the price will go up...although proportionally and perhaps more fairly, for those who use more bandwidth.

Interestingly the FCC are not getting involved from the consumers standpoint but because of technical reasons which are debated in the article.

APS

Re: Application Throttling/Management
 

Online gamiling?!?!

What on earth? Gaming is hardly a bandwidth hog so unless they are going to prioritise it that's crazy.

Re: Application Throttling/Management
 

Anything P2P is throttled down to 512K, this includes games which use p2p engine (wow for updates?)

The connection literally gets crippled if you open a p2p app and stays that way until you turn it off.

Usenet (even with SSL) gets throttled down to 512K also from 20/50Mbit.

No one knows the limits or rules as of yet.

It looks as if its turning out to be an all day/evening thing though.

Re: Application Throttling/Management
 

3 millions disconnections coming Virgin Media's way dammit looks like rapidshare will become peoples new home

Re: Application Throttling/Management
 

*sigh*

If it's a straight throttle to 512k just another lazy implementation by Virgin Media. There are ways to make devices subnet aware and control bandwidth utilisation on a per uBR basis which are far more granular and allow bandwidth while it's there to be used, and throttling to be deployed to try and control things when it's not.

OSS systems can be used to inform the devices of when a particular upstream is nearing saturation point and to begin to throttle P2P on a subnet. If you're clever you can even get all the people who are doing the uploading and shove them all on the same upstream then throttle them down accordingly to ensure the upstream remains uncongested.

If opening a P2P app cripples the connection that's a misconfiguration on the unit not allowing enough simultaneous TCP opens, and will also cause people issues with online banking sites and other websites that cause many threads to be opened.

Still what do I know, and why waste time trying to keep customers happy when you can just smack them with a hammer :shrug:

Here's hoping that as this deployment matures it becomes a tad more granular and gentle.

Re: Application Throttling/Management
 

makes me laugh Virgin deines p2p throttling and then trial I just hope Trax's is lying and Virgin become a good ISP

Re: Application Throttling/Management
 

Alex has killed a once great ISP...

Bit hard to lie when the hardware is there, enabled, staring you in the face :(

Re: Application Throttling/Management
 

Oh look at that flying pig

Re: Application Throttling/Management
 

Only 1 pig? are you in a good mood today? your being abit too nice here ;)

Re: Application Throttling/Management
 

I have come to the conclusion that VM have decided to kill what was a world beating broadband service and nothing we do will change that. :mad:

Re: Application Throttling/Management
 

so true I think there is allot of pigs flying

Re: Application Throttling/Management
 

They can deep packet all they want, I use Giganews and it is an *encrypted* connection, how does that help them?

Re: Application Throttling/Management
 

encrypted is using ssl, at the end of the day if they want to see what your doing they can, even vpn isn't complete secure. plus if it application management it will no doubt be done via protocol and they will know what protocol usenet uses

Re: Application Throttling/Management
 

duh... they throttle everything going to the giganews FEPs.

So you'll be throttled...

SSL will just stop them seeing what your downloading, not what ur doing ;)

Re: Application Throttling/Management
 

What about when all they see is encrypted traffic to a remote server like this service?

https://www.relakks.com/?cid=gb

Re: Application Throttling/Management
 

sure Zing, but running away as you indicate to BT isnt hitting back is it.

instead of running away why dont you effected people that finally started commenting on this VM policy now it might effect your personal Broadband usage just take the right and only real effective route, and FINALLY challenge this virgin media FUP and STM rule in the small claims courts

is filling in the moneyclaim (aka online small claims county court service, or filling a real paper small claims D1 form down you local county court OC) website form so hard.

plus reading and understanding some basic common law/consumer law text, and appearing in your local county court to get a ruling again the VM UK/US executive bad faith clauses.

so invalidating them and making them unenforceable, thus getting them legally removed ,is that hard to do? NO it's not you just need to make the effort against these companies taking your money for services they tell you they will supply then dont fully complaining your using to much.

but everyone talks about running away tothe other side or ignoring the problems and waits for someone else to do it for them, and so here we are getting slapped again and again as you put it.

https://www.moneyclaim.gov.uk/csmco2/index.jsp

http://search.virginmedia.com/result...ryUK&x=40&y=19

Re: Application Throttling/Management
 

Then they throttle flows going to those VPN endpoints.

SSL is a protocol and what's inside the SSL can't be read unless you proxy the SSL connection and terminate it on the appliance. Secure Sockets Layer - what's running on top of the SSL tunnel can be anything and ISP is none the wiser, so they throttle based on source address, the Giganews FEPs.

VPN is completely secure so long as the encryption is set up appropriately however as mentioned above you don't need to know what's in the VPN to be able to throttle.

Re: Application Throttling/Management
 

I rather you did not talk to me like i am idiot, neither SSL or VPN is 100% secure nor are there 100% invisible there both got vulnerabilities that can be exploited and both can be viewed what the content is but it is not easy to do. I aint done networking for nothing :s

Re: Application Throttling/Management
 

Go break a SHA-1 AES-256 VPN using PFS and IKE or a similarly set up SSL connection and get back to me. The NSA can't so I don't rate your chances.

Find where I talked down to you also, I just explained the technology...

Re: Application Throttling/Management
 

You talk down in the fat the way you where explaining it, like i am complete idiot, if i never knew anything then it be a bit more obvious, i rarely talk in technical terms, one of the thing si am praised for by people i help solve there IT or Network for, i just explain it basic english

Did i say it was easy to do? i said it can be done, and DPI at the isp can in fact decrypt the data but it is not the easist thing to do, they tend to not to do it because it not worth there time. If it was that secure and no problem with it i would not be caring about Phorm i just VPN to something like above.

Re: Application Throttling/Management
 

You're saying I talked down to you because I used basic english, then saying how you rarely talk in technical terms and are praised for it? I'm rather lost, and you're completely wrong. Properly implemented VPNs cannot be broken by any resource the human race has at this time, if it could there would be no secrets and governments would be merrily listening in to one another's 'secure' communications. They don't and can't.

A bit of reading for you, google these:

Internet Key Exchange
Public Key Cryptography
SHA-1 ( Secure Hashing Algorithm 1 )
AES ( Advanced Encryption Standard )

They will give you some insight as to why VPNs are unbreakable even if you own the network in between, as you will not be able to imitate either side of the conversation and the crypto in use is too strong to be broken within a lifetime.

Re: Application Throttling/Management
 

I can assure they can be broke i have seen it be down and conversation between the two computers watched (no this was not illegal done it was legal test to prove nothing is 100%). I will say it again IT IS NOT EASY, it is very hard to break it, the only people that will do it is people wanting the information. but i aint going to argue about it, i know what i know you know what you know.

Re: Application Throttling/Management
 

You'd best tell the US Government this, as their links to Iraq are satellite and easily interceptable they might want to know that their traffic is insecure.

I have given you the information to find out how, where and why. If someone showed you this they were playing games with it somehow. It is not possible to do a man-in-the-middle on VPN connections, if it were they would be pointless.

Anyways I won't argue about it either as millions of VPN users, governments, security agencies and armed forces know I'm right and trust sensitive data to this technology every day. Step away from the indignation and that 'demonstration' and just have a think about what you're saying, which is that there's no such thing as a secure network link so long as the data traversing it can be intercepted in some way. Then think if that actually makes any kind of sense.

What you probably saw was someone doing an SSL proxy with a badly configured browser with no sense of certifcation authorities. That is not invisible either as those proxies can only be self-signed and the certificates would flag to indicate that they are not properly signed and only have a 1 step CA.

EDIT: Just for you I'll get a packet capture later of me logging onto my online banking, I won't miss a packet, and I'll upload it to an FTP server for anyone who wants to download it and try and break it, I'll make sure I get the full setup etc.

Re: Application Throttling/Management
 

sure, but your reading and falling for the PR sales pitch, and not considering the real implications, thats were the likes of phorm came from as the DPI vendors want to increase their income so expand and mission creep their firmwares to add new value to their customer base the ISPs not you as the ultimate paying end user.

as regards whats the point of ...., the same has/is said of the internal Virgin media traffic that doesnt even go outside the VM network.

the VM users internal VM websites ,VM ftp, VM mail etc, ALL THAT GETS INCLUDED in the current STM totals, they do include that traffic too, and that quite clearly is wrong from any POV never mind "in good faith" (legal terms) and unneeded, but they do it anyway....:rolleyes:

---------- Post added at 16:26 ---------- Previous post was at 16:06 ----------

No, thats just a misconception today,its coming from the interested commercial partys the high profile PR campaigns(piracy is bad except when its commercial piracy for prifit from the likes of BT/VM/CPW etc type thinking) etc, and lazy news writers propagate to make headlines they can sell.

P2p hasnt been the top bandwidth use case for a good few years now, Usenet(newsgroups) have always been the far higher data throughput of the internet, and only in the last few years has Video streaming become the new higher data throughput, hence all the recent stories about how they (BBC/youtube etc)dont pay to use our pipes and we want our cut stories.

---------- Post added at 16:43 ---------- Previous post was at 16:26 ----------

sure, and they will continue to do so UNTIL YOU (anyone effected) takes Virgin Media to county court and gets a ruleing to stop them and remove these one sided contractual clauses.

just as the bank charges ripoffs got massive airtime and massive news coverage, so will these personal small claims if you care enough to put together a howto step by step to bringing the UK Broadband STM/FUP bad faith to the masses and small claims (VM/BT contract breachs to the UK consumers detriment)

Re: Application Throttling/Management
 

I now wait with baited breath to see if VM decide that a press release is required over this ?????

#

I bet they dont.

Re: Application Throttling/Management
 

One like this?

http://www.cableforum.co.uk/article/...throttling-p2p

Re: Application Throttling/Management
 

Yep that would be the one.

Wonder if this site is going to ask VM for an update :)

So the long and short of this is that we are now to be stm'd and on top of that if we still dare to use our connection that we paid for they will reduce that to 512 k , Wow way to go Virgin.

Re: Application Throttling/Management
 

And what bullshiiiiiiiii their official statement turned out to be :D:angel:

Re: Application Throttling/Management
 

you know trax ur name was meantion in webuser over this

Re: Application Throttling/Management
 

Yes and i did not appreciate the bad things they tried to say about me, i emailed them but got no response.

Re: Application Throttling/Management
 

i dont think we are Toto, your just useing to much tunnel vision to focus on a single tech point, just because the ISPs have installed the DPI kit to track, collect, process and restrict zings payed for 3d party usenet useage doesnt make it legal.

step back and consider this.

is it legal in the UK/EU to sell you a pound of apples, then give you 3/4 of a pound ,No its not.

is it legal in the UK/EU to sell you a killowatt of power, then give you 3/4 killowatt of power, NO its not.

is it legal in the UK/EU to sell you something thats unfit for purpose and not give you a refund, No its not.

is it legal in the UK/EU to sell you a service and then give you 3/4 or even less, then not give you a refund, no its not.

is it legal in the UK/EU to sell you a service then spy on your personal unique datastream for commercial profit without informed consent, no its not.

see, you just cant get away from this DPI use and long standing consumer legal rights (its just Phorm/NebuAd gave it high profile news coverage) and existing laws, bring it to court and see what the ISPs do, they will remove it before it comes to court if enough people actually fill in the court papers before they run away, as VM/BT etc know full well they cant win a consumer court case given the already existing case law.

Re: Application Throttling/Management
 

Re: Application Throttling/Management
 

You tell em zing

Re: Application Throttling/Management
 

Is this set to be a 24 thing or will there be any break ? it is sucky.

Didnt VM just sign a deal to use easynews NNTP backbone? anyone think this could be part of a deal? Easynews now have a 150 gig 15 quid a month HTTP link to the newsgroups will these be hit by App throttling? can this hardware filter port 80 traffic? if not could this be a shrewd move to push usenet customers to Easynews ? ie you give us access to your servers we could force thousands of customers your way?

Re: Application Throttling/Management
 

Is it the same IPs though or do VM essentially allocate shadow IPs or proxy it so they can differentiate and limit the service as defined in the contract between the 2. (Assuming that VM customers don't get the same access and retention on Easynews as Easynews customers)

Re: Application Throttling/Management
 

Thousands of customers would just up and leave not go to some company vm has connections too.
Really bad show and the final nail in vm's casket if this dpi stuff goes ahead said it a long time ago when this stuff was first mentioned this is no different to what the advertising malarkey were upto, isp's could filter anything (affecting traffic now and creeping to whatever surfaces as the next p2p) they want out with the kit leading in the end to a distrust of the isp using the kit and a 2 tier system and a more encrypted internet.

This could also be used covertly for isp discrimination to certain services or products that the isp's see fit for use (they WILL say they wont but will they?)

Re: Application Throttling/Management
 

I am stuck with them well unless I quit and move house

Re: Application Throttling/Management
 

Deep Packet Inspection/Interception of a UK/EU/US consumers Unique datastream IS NOT legal, UNLESS they have been given written full and informed consent by the owner of that data stream, I.E YOU as the owner and maker of that unique datastream.

You as the owner and maker of that data can remove any of the rights you may have given them at any time with a simple "official notice" in writing to the data controller of the company involved removing that right.

(as the phorm/NebuAd cases are showing and educating the worlds Broadband masses today).

---------- Post added at 18:25 ---------- Previous post was at 18:05 ----------

this is so true, thats why theres such a massive potential for some Uk 3rd party Co-location site to set up a basic free tunneling service to their servers and charge a reasonable price for higher data packages.

if only someone would provide this simple free basic service ASAP (google Uk infrastructure perhaps?) for your average users that dont know how to get or setup their own SSL tunneled Co-location Virtual web servers and related apps for personal remote use.

that way you tunnel from your VM/BT master home machine pluged into your desk BB modem directly to the free 3rd party virtual web server, and run your real datatreams end point from that 3rd party location,and hence VM/BT etc cant easly see these unencypted data end point requests, lets see VM/BT justify STMing that single SSL data pipe to a 3rd party in court.

OC as time moves on, its looking far more viable to look into direct WiMax and wireless gigE to the Co-Location sites around the country and bypass the ISPs invasive snooping all together.

as the Wimax/GigE hardware prices fall through the floor for this old/new wireless kit, all it takes today is a few mates or a small village to club together and run their own cheap Meshed wifi and a single server housed somewere handy to all of them with this wireless WiMax/GigE connection pointing to your friendy Co-Location site and you can do that today, never mind the url story below that will make it even easyer and cheaper later.

http://www.dailywireless.org/2008/09/04/gigabit-wi-fi/

http://www.dailywireless.org/2008/08...most-as-cheap/

Re: Application Throttling/Management
 

The problem is though that it just ends up with any traffic being throttled unless it can be identified as being a 'wanted' protocol, and while that may not be liked it's a perfectly legitimate thing for VM to do. :(

And yes it's not hard to shape things, you don't have to shape based on protocol, you can shape based on destination, number of TCP connections, source, TCP port, whatever you want.

Not sure if the quote was aimed at me or if you were just pointing out the things I mentioned above regarding behavioural shaping and SSL CA chains / self signing / SSL proxying and putting them in a somewhat better way :)

Re: Application Throttling/Management
 

they already did, they "asking ISPs to sign up for a Code of Practice" ... "It's a voluntary code that will be tested using 'mystery shoppers,' " ..."Ofcom is also going to investigate real broadband speeds around the country" with a survey.

"One thing not mentioned is throttling. For example, an ISP could give an accurate speed estimate then deliver a lower speed due to contention or deliberate speed throttling in response to file sharing. The fact that your DSL2 connection can do 7Mbps doesn't mean you're going to get that speed all day every day"

it just fills you with real confidence that Ofcom are really looking after your legal consumer rights doesnt it :rolleyes:

http://blogs.guardian.co.uk/technolo...tish_isps.html

getting yourself a few D1 forms and fact sheets an passing them around your friends will be far more effective in the long term OC.

Re: Application Throttling/Management
 

its not been the case for a long time now, at least for any and all plain text inside the ssl tunnel datastreams and the right kit, but you seem to already understand this point yet skip over it!? but no matter,its still interesting to other readers of the thread later perhaps.

this is a so called "Man In The Middle attack" built directly into industrial ISP grade hardware that business and well funded criminal oufits can purchase off the shelf today and pay an ISP tech to plug in for instance.

Ohh, it seems that later in the thread you concentrate on full decyption of the tunnel, wereas for the purposes of this thread and the reality of why VM and the DPI vendors are doing this is to get just enough information from your encypted datastream to use it in whatever mannor they chose to increase their profit margins at the end users expense...and without regard to the legal or political implications that might bring in the future from their actions.

and by "to close the security loophole that SSL creates" they obviously mean that without this kit they couldnt see much if any of your unique datastream property to profit from its processing...

http://www.intelcommsalliance.com/ks...04daf53086f015
"
Netronome SSL Inspector Transparent SSL Proxy


[img]Download Failed (1)[/img][img]Download Failed (1)[/img][img]Download Failed (1)[/img][img]Download Failed (1)[/img][img]Download Failed (1)[/img]
No ratings yet

Resources

Product Web Page
Datasheet

Categories

Application Software
Other


The Netronome SSL Inspector, the industry's highest-performance transparent SSL proxy, enables network security applications to access the clear text in SSL-encrypted connections and has been designed for security and network appliance manufacturers, enterprise IT organizations and system integrators. Without compromising any aspect of enterprise- or government-regulated compliance, the SSL Inspector allows network appliances to be deployed with the highest levels of flow analysis while still maintaining multi-gigabit line-rate network performance.

The SSL Inspector's unique combination of capabilities removes the risks arising from the lack of visibility into SSL traffic while simultaneously increasing the performance of security and network appliances.

The SSL Inspector Appliance provides existing sniffing (IDS) and filtering (IPS) security appliances with access to the decrypted plaintext of SSL flows. This equips network appliance manufacturers with a mechanism to provide their security applications with visibility into both SSL and non-SSL network traffic, increase their application performance and avoid becoming the source of reduced network throughput. This also allows end-users to add SSL Inspection capabilities to their network security architecture immediately to close the security loophole that SSL creates.

The SSL Inspector is also available in a standard development kit that provides the industry's only open application programming interface.


..."

Re: Application Throttling/Management
 

Popper, those rely on having the proxy configured as a CA on the browsers so that they can create phony certificates to present to the browsers.

They can work on layer 2 however they terminate the SSL tunnel from client to server and server to client. To do this they require the browser to trust them to sign certificates. This can be done in an Enterprise environment where you have control over the security policies on browsers, however in an ISP environment it's not feasible.

EDIT: The other alternative is to get certified as a CA properly so that you get installed into browsers, however use of CA in this manner is not valid and any company doing this will soon find their CA disappears.

Remember how SSL works - in order to properly set up the session you need to have a certified, signed public/private key pair from the server. While it is possible to impersonate the client and decrypt the flow initially it is not possible to impersonate the server unless you have a signed public/private key pair the client trusts through appropriate certification.

Having set up SSL offload appliances all, without exception, require the transferral of the key pair from the server to the appliance or generation of a new key pair which has been appropriately signed and certified on a per server basis. I would suggest the same goes for trying to SSL 'offload' within the ISP network as well.

Re: Application Throttling/Management
 

So you are admitting it is possible? even though you said to me it is impossible? and my point was it wasn't impossible just very hard? no i am not bring this up again just curious to your thoughts.

Re: Application Throttling/Management
 

See my post here: http://www.cableforum.co.uk/board/34632497-post274.html

That's the mechanism by which these appliances work. It's not breaking SSL it's attempting to impersonate each side to the other. It's not difficult at all and open source implementations are available, but will show up on a browser when you go to www.barclays.co.uk and the SSL certificate the server provides is signed by Virgin Media and can't be verified.

It isn't a break of SSL though, is easily detectable, and requires browsers to be set up specifically to accomodate it as in an enterprise environment, so no I'm not admitting anything :)

---------- Post added at 13:17 ---------- Previous post was at 13:14 ----------

Ah forgot to respond to this. I'm well aware of DPI being used with partial decrypts, I've worked on DPI kit with regards to detecting encrypted Bittorrent. As you rightly said only enough 'decryption' was needed to detect what the underlying protocol was. In the case of encrypted BT the encryption was rather weak and although it took a few months researchers did indeed break it to the point where it could be positively identified.

Re: Application Throttling/Management
 

So if I use Giganews with 256bit SSL - can they just take a peak and see what I'm leeching?

I was under the impression that they'd need DPI to do this.

Re: Application Throttling/Management
 

DPI alone will not allow them to see the contents of SSL-encrypted traffic. The would need to use a man in the middle attack, as described earlier in this thread, to decrypt the stream analyse it and reencrypt it before delivering to you. This is not "breaking" SSL and can be detected from the client end.

Ed.

Re: Application Throttling/Management
 

If VM continues to do this there will be no point in having anything above 4mb.

Mind you having seen this:

"I would note there is ALSO a seperate trial going on while controls ports speciifcally for games (Wow etc) which affect the pings for said games."

Which is obviously a lie, it wouldn't surprise me if the rest was.

Re: Application Throttling/Management
 

I'm on 4mb and it's crawling between 25-40k and the most i've seen it at tonight has been about 250k, my signals are good too.

It's been like this a few times over the last 2 or 3 weeks. I wouldn't be surprised if the *******s are up to something in this area.

Re: Application Throttling/Management
 

There's many different factors you have to look at i.e congestion, wireless router, not just VM are throttling your speeds plus are your speeds from torrents,newsgroups,p2p?