LinkBack URL
About LinkBacks
How to possibly bypass Comcast Sandvine
NOTE! I did not write these guides myself. It's taken from somewhere that will not be mentioned or discussed in any public places what so ever.
A bit of a background to Comcast's Sandvine:
Comcast is blocking P2P traffic by using something called a Sandvine. Comcast searches for connections for file-sharing networks. When it finds a connection, comcast sends a "RST" packet to both your computer and the computer you are connecting to. The RST packet is telling both computers to "Reset" or "Close" the network connection. Thus, blocking any data from being sent over the connection. What this tutorial does here is sets your computer up to ignore any RST packets on your bittorrent port. DO NOT IGNORE RST PACKETS ON ALL PORTS - ONLY DO IT ON YOUR BITTORRENT PORT.
You have the ability to completely cut yourself off from the internet using this. Be careful.
ALSO NOTE: You must use a single port for using bittorrent. THis will not work if you have your client use a "random" port.
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
Important!
This isn't just for Comcast users. It appears that sandvine sends RSTs to both the seeder and the leecher. Therefore, if you want to download from anyone who is on comcast, you have to do this fix, or something similar, as well.
-----------
I know there are a lot of us using comcast, and the tutorial here leaves out some important stuff... but not to fear, here's a complete guide to setting up WIPFW on Windows 2000 and XP.
You MUST do this at a local console, as it will block all VNC/Remote Desktop connections by default.
This has only been tested on Windows 2000 & XP, with Vista YMMV.
Step 1:
Download WIPFW from sourceforge
SourceForge.net: Downloading ...
Step 2:
Unzip to C:\Program Files\WIPFW
Step 3:
If you want a "default deny", double click "install-deny.cmd". Network activity WILL be cut off at this point.
If you want a "default allow", double click "install.cmd".
A default deny means that ALL data will be BLOCKED by default. If you are behind a router (or any other firewall) that has a firewall already built in, use default allow (Because your router is blocking the bad stuff anyway).
Step 4 (Windows XP only):
Start -> Control Panel -> Security Center -> Windows Firewall
Turn Windows Firewall OFF and click OK
Then, in the security center, click "Recommendations..." under the (now red) firewall header.
Check "I have a firewall solution that I'll monitor myself" and click OK
Step 5:
Save the following text in the file %systemroot%System32driversetcprotocol (%systemroot% is the windows directory). NOTE: This text may already be there. If so, just ignore this step.
protocol wrote:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This file contains the Internet protocols as defined by RFC 1700
# (Assigned Numbers).
#
# Format:
#
# <protocol name> <assigned number> [aliases...] [#<comment>]
ip 0 IP # Internet protocol
icmp 1 ICMP # Internet control message protocol
ggp 3 GGP # Gateway-gateway protocol
tcp 6 TCP # Transmission control protocol
egp 8 EGP # Exterior gateway protocol
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # User datagram protocol
hmp 20 HMP # Host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
rvd 66 RVD # MIT remote virtual disk
Step 6:
Open C:\Program Files\WIPFW\wipfw.conf in notepad and replace the contents with the following:
NOTE: Make sure you replace "*****" with the port that your bittorrent client uses!
If you are using the Default Deny:
Quote:
#################
#
# wipfw.conf
# Replace ***** with your bittorrent port
#
#################
# First flush the firewall rules
-f flush
# Localhost rules
add 100 allow all from any to any via lo*
# Prevent any traffic to 127.0.0.1, common in localhost spoofing
add 110 deny log all from any to 127.0.0.0/8 in
add 120 deny log all from 127.0.0.0/8 to any in
# Drop incoming packets with RST flag on BitTorrent port
# This is what thwarts Sandvine.
add deny tcp from any to me ***** tcpflags rst
# Setup stateful filtering
add check-state
add pass all from me to any out keep-state
add count log ip from any to any
# Allow new incoming BitTorrent connections
add pass tcp from any to any *****
add pass udp from any to any *****
If you are using the Default Allow:
Quote:
#################
#
# wipfw.conf
# Replace ***** with your bittorrent port
#
#################
# First flush the firewall rules
-f flush
# Drop incoming packets with RST flag on BitTorrent port
# This is what thwarts Sandvine.
add deny tcp from any to me ***** tcpflags rst
Step 7:
If you are using a default deny, you will have to change the config to allow other network data through your network with any of the following rules (just add these rules to the end of wipfw.conf)
File & Print Sharing wrote:
#Replace 192.168.0.0/24 with your local subnet and mask
# Allow Microsoft SMB file sharing w/ NetBIOS
add pass tcp from 192.168.0.0/24 to me 135-139
add pass udp from 192.168.0.0/24 to me 135-139
# Allow direct-hosted SMB w/out NetBIOS
add pass tcp from 192.168.0.0/24 to me 445
add pass udp from 192.168.0.0/24 to me 445
VNC wrote:
# Enable VNC
add pass tcp from any to me 5800-5801
add pass tcp from any to me 5900-5901
Remote Desktop wrote:
# Allow RDP/Terminal Services connections
add pass tcp from any to me 3389
SSH server wrote:
# Allow incoming SSH
add pass tcp from any to me 22
DNS server wrote:
# Allow incoming DNS
add pass udp from any to me 53
Web server wrote:
# Allow incoming WWW
add pass tcp from any to me 80
FTP server wrote:
# Allow incoming FTP
add pass tcp from any to me 21
You get the idea if you need more services open.
Save wipfw.conf when you're done.
Step 8:
Start -> Run
Type CMD.exe and press enter.
run the following two commands
>net stop ipfw
>net start ipfw
All done!
Reply With Quote
