"Eric A. Hall" wrote:
Comcast has a mail server, they could poke at the HELO banners and other identifiers.
Won't work. Mail clients (like Netscape) often announce a domain in HELO that is derived from the From: address. For instance, my copy at home announces "HELO yahoo.com", because my return address is an @yahoo.com. They do not generally announce raw IP addresses, so you're not going to see any private address space.
HTTP proxies indicating that multiple browsers are in use, especially if multiple platforms (Win95, WinXP, as simple test)
Also unreliable. I regularly run two different browsers at a time on one computer. Sometimes three (Netscape, IE, Mozilla). As for multiple platforms, my home PC can boot into three different operating systems. Also, Mac users can run Virtual PC and run several different OS's at once. None of which are in violation of any ISP's TOS.
More than ~4 simultaneous TCP connections open at once.
I often have several dozen connections at once on a single computer. Like when I'm fetching RedHat updates from their FTP server. Your rules would boot off 90% of the power users on the network, leaving behind only the clueless idiots. Maybe that's OK for you, but I think that would greatly increase the tech-support costs per customer.
None of those would be bothered by firewalls or other legitimate devices, and would probably all be within a legally-defensible purview of ~analysis.
And they would generate tons of false positives.
The thing is that Comcast is trying to make money by selling ~consumer Internet access, and they have a perception problem with shared access (PacBell used to run great "bandwidth hog!" ads). They don't want people using more pipe than ~consumer access would normally imply.
That's what rate limiting is for. If people are chewing up too much bandwidth, then figure out what they are entitled to under their contract, and rate-limit them to that amount when the network gets congested. The number of computers behind a single IP address has no relationship whatsoever to the amount of bandwidth consumed at a given time. -- David