There are many ways to limit bandwidth. Depending on the way it's done, this makes sense.
DSL, cable, and analog modems all listen, test, and grab parts of the frequency spectrum available on the wire when they boot up or initiate a connection. This is the available bandwidth they have to work with. This is usually a matter of installation, wiring quality, the provider's network design, and possibly the equipment (DOCSIS 2 vs 3, G.DMT vs ADSL2).
After that process, cable modems will download a config file which then tells the modem to apply QoS and policing to the user's data. A 'hacked' cable modem ignores these values. Similarly, DSL modems have a policing mechanism established at the DSLAM, limiting the speed the device will communicate at and what encoding is used.
Further up the chain, QoS and policing can be applied at aggregation routers (or dedicated traffic shapers) based on PPP connections, IP flows, etc. This is how bursting (aka power boost) works. Subscriber modems are allowed to sync at 20Mbps, for example, but a policer is set to limit the data rate to 10Mbps. Bursting may be allowed for the first 1Mbyte of an IP flow or based on the previous data usage.
In Sechs' example, it sounds like Comcast is limiting by IP flow. In many of the networks I work with, this is performed on the circuit via cable modem, sub IP, or PPP connection. It's a lot more work (investment) to perform this type of policing on individual IP flows, but it may be necessary for someone like comcast who wants to limit p2p traffic while not affecting netflix or their own premium services.
