Woke up the other day to find my Net connection was down. A look at flanders told me that the link was up on the cable modem, but no data. Seems that they reallocated IP space to my segment. We went from 24.25.132.0/22 to 68.172.16.0/22. Of course, this caused some problems with my hackneyed firewall, but a manual dhclient restart kicked in the new IP. Following that, I rebuilt the FreeS/WAN <-> PIX tunnel Woke up the other day to find my Net connection was down. A look at flanders told me that the link was up on the cable modem, but no data. Seems that they reallocated IP space to my segment. We went from 24.25.132.0/22 to 68.172.16.0/22. Of course, this caused some problems with my hackneyed firewall, but a manual dhclient restart kicked in the new IP. Following that, I rebuilt the FreeS/WAN <-> PIX tunnel to the office, and the tunnel to Matt’s network. Hm. The office link came up, but no link to Matt. Looks like the intra-segment filtering is alive and well once more: [root@soul root]# nmap -sS -P0 -p 500 68.172.19.128 Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) Interesting ports on nat-68-172-19-128.ne.rr.com (68.172.19.128): Port State Service 500/tcp filtered isakmp Nmap run completed -- 1 IP address (1 host up) scanned in 36 seconds While this is frustrating for many reasons, I’m really curious why providers like TW/RoadRunner, Comcast, et al, believe that data should only flow in a single direction. It’s possible that their history in unidirectional delivery, such as cable TV, is the reasoning. Of course, the concept of one-way communication on the Internet is anathema to the very design of the net, but why should Time Warner care about that? I’m sure they’re all pissed that IP doesn’t include provisions for per-packet metering.The most aggravating thing is that when talking to an absolutely clueless RR support rep a few months ago, he very clearly stated his animus towards users that run servers on their cable links. He said “They’re stealing from the rest of us”. We are? Amazing. Undoubtedly he was regurgitating the FUD spread during his training, but that’s even worse. It seems that the word “theft” gets a new definition every other day. I’m having a hard time dealing with the 384k uplink, but the 3Mb downlink is really nice. To move to a synchronous connection would quadruple the cost, but would also limit me to 768k up/down. I’m already paying TimeWarner $115/mo for cable TV and Internet access. What takes the cake, though, is Adelphia selling business-class Internet service via cable, then prohibiting servers on those links. Who are they kidding? (Yes, this really happened. I didn’t believe it until I saw it myself.)What’s at the core of this problem is the corporate desire to control the Internet. We’re seeing more consolidation in the broadband market, more anti-competitive behavior from Verizon and the other RBOCs, and the departure of the small ISP. We’re also seeing the advent of the true wire-speed layer-7 firewall. Add one application-layer packet filtering appliance on the uplinks from residential cable segments, and we have a recipe for corporate censorship. What’s to stop Comcast from filtering out any data stream that contains keywords that they don’t want their customers to see? What happens if those filters are compromised? It’s not like the FCC will step in, now is it?