While most ISPs really don't care if folks use a VPN, there is a reason for this inclusion in the T&C's. When a service provider is trying to sell 500 accounts to an enterprise, for VPN connectivity, they want to be able to charge more. There are also support issues, which include the nightmarish scenerio of a user calling Tech Support, wanting assistance setting up or using their corporate VPN client. To say that this is beyond the skills of the average Tech Support staffer, is an understatement. And, of course, it's not his job to help a user do this. The other interesting part of this is that the Comcast T&C's DON'T mention NAT, and it looks like they don't have a "NAT POLICE" group, scouting for violators on their network. I'm sure this is a crushing blow to the tinfoil-hat wearing set on NANOG, but it shouldn't be a surprise, except to those who spend their free time reading slashdot, and cursing the "forces of corporate evil" who are looking to confiscate their linksys NAT boxes. :) - Daniel Golding
Eric Hall Said...
I'm not sure how I got put into the position of defending their possible practices. I've already said that looking for NATs as a practice isn't a good idea.
I suggest that people read the following (they seem to be cut-n-pasted from the @Home agreements, BTW):
http://www.comcast.net/TermsofService/aup.asp
Bandwidth, Data Storage and Other Limitations
Users must ensure that their activity does not improperly restrict, inhibit, or degrade any other user's use of the Services, nor represent (in the sole judgment of Comcast High-Speed Internet Service) an unusually large burden on the network itself.
[What's an "unusually large burden" (in Comcast's sole opinion)?]
The Comcast High-Speed Internet Service residential service offering is a consumer product designed for your personal use of the Internet. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Violation of Acceptable Use Policy
Comcast High-Speed Internet Service does not routinely monitor the activity of accounts for violation of this Policy. However, in our efforts to promote good citizenship within the Internet community, we will respond appropriately if we become aware of inappropriate use of our Services.
http://www.comcast.net/TermsofService/subagree.asp
6. PROHIBITED USES OF THE SERVICE
viii ...
THE SERVICE IS TO BE USED SOLELY IN A PRIVATE RESIDENCE; LIVING QUARTERS IN A HOTEL, HOSPITAL, DORM, SORORITY OR FRATERNITY HOUSE, OR BOARDING HOUSE; OR THE RESIDENTIAL PORTION OF A PREMISES WHICH IS USED FOR BOTH BUSINESS AND RESIDENTIAL PURPOSES.
[I'm in violation on that, since I have it feeding into my lab]
THE SERVICE IS FOR PERSONAL AND NON-COMMERCIAL USE ONLY AND CUSTOMER AGREES NOT TO USE THE SERVICE FOR [...] ANY BUSINESS ENTERPRISE, OR AS AN END-POINT ON A NON-COMCAST LOCAL AREA NETWORK OR WIDE AREA NETWORK, OR IN CONJUNCTION WITH A VPN (VIRTUAL PRIVATE NETWORK) OR A VPN TUNNELING PROTOCOL;
| "Steven J. Sobol" wrote:
| > 2 x ssh = 2 tcp connections.
So Steven would be in violation of that, unless he were using SSH to access a MUD. :p
The point is that they do not want people using it for anything other than consumer-oriented Internet access. There are ways to cast a net and catch such fish. Yes, every system can be fooled, and every fool has a system. If you show up on their radar, chances are that they can still yank you for something else even if the first filter proves false.
It's also interesting that NATs are not explicitly mentioned in either of the above specifications, and I saw no reference anywhere else on their web site (not that it matters; violation is within their discretion).
http://www.comcastonline.com/FAQsList.asp?.=.&FAQCategoryID=2#15
Can I use the service on more than one computer?
Yes, customers with home networks may order additional network addresses in order to connect several computers to the service through one cable modem.
You must first subscribe to the basic Comcast High-Speed Internet Service.
Once you become a subscriber, you can sign up for a second and third address.
You will need to have access to network expertise because Comcast High-Speed Internet Service neither installs nor supports networks.
The cost is $6.95 per month for each additional outlet. Customers can have two additional addresses, for a total of three.
Comcast will install the network card and software on a second and third computer for a change of $49 for each computer.
http://www.comcastonline.com/howmuch.asp?.=.
additional IP addresses "$6.95 - 9.95/each"
As far as I can tell, using a NAT is permitted. Running a server, staying connected to corporate mail systems 24x7, and doing other non-consumer stuff is still the only thing forbidden.
-- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/