5335093
story
Comments: 342 +- Technology: AT&T Blocks Part of 4chan on Monday July 27, @01:00AM
Posted
by
timothy
on Monday July 27, @01:00AM
from the do-you-hear-that-tremendous-whining-noise? dept.
from the do-you-hear-that-tremendous-whining-noise? dept.
background: url(//a.fsdn.com/sd/topics/topicinternet.gif); width:70px; height:73px;
internet
background: url(//a.fsdn.com/sd/topics/topiccensorship.gif); width:44px; height:55px;
censorship
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
holdenkarau writes "Several news sources (Mashable, The Inquistr, etc.) are reporting that AT&T is blocking img.4chan.org in the southern United States. That server is used for the infamous /b/ board (the home of anonymous). TechCrunch calls the decision to block 4chan 'stupid,' noting that they may have 'opened perhaps the most vindictive, messy can of worms.' The Inquisitr suggests that 'The global internet censorship debate landed in the home of the free.' moot (who runs 4chan) asks users to call AT&T, while some others suggest more drastic action (like cutting AT&T fiber)." Update: 07/27 09:23 GMT by T : Readers' comments below suggest that a) the purpose of the block was to curtail the effects of a serious DDoS attack and b) that the block has now been lifted, at least for some regions.
Related Stories
If you are what you eat, does that mean Euell Gibbons really was a nut?
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Before we act too hastily.. (Score:5, Informative)
http://www.merit.edu/mail.archives/nanog/msg19609.html [merit.edu]
The president of unWired (a much more reputable ISP) has also blocked the same server. A DDoS was apparently attacking said server which wast travelling over both lines. According to this post, the block was due solely to stop the DDoS.
Re:Before we act too hastily.. (Score:5, Interesting)
So to stop a DDoS attack on a server, they remove any and all access to that server?
Am I the only one seeing the irony here?
Parent
Re:Before we act too hastily.. (Score:5, Informative)
I was confused until I read this.
http://mailman.nanog.org/pipermail/nanog/2009-July/012198.html [nanog.org]
If IP source headers are spoofed to somewhere else, say to AT&T networks, it makes sense to block them
Parent
Re:Before we act too hastily.. (Score:5, Insightful)
So the problem isn't AT&T, and the problem isn't really even the users (or more likely zombie bots) who are DDoSing AT&T, the real problem is the networks that are allowing the spoofed packets out. Because if you receive an IP packet from an end user with a source address that's not from your network, you should assume that it came from a new legitimate routing path and forward it right up. Because it's normal for your end users to set up crazy routing without even having an AS.
A big problem on the internets is ISPs that are run by idiots or assholes who don't understand (or care about) basic TCP/IP etiquette. It's not just spoofed packets, it's also spoofed BGP announcements. And freely allowing outbound port 25 access.
(I noticed recently when I was setting up and testing SMTP auth on my own mail server that AT&T apparently now blocks outbound port 25 for dynamic IP users, hooray for them. It still works from my AT&T static IP, though.)
Parent
ACK Attack (Score:5, Informative)
So to stop a DDoS attack on a server, they remove any and all access to that server? Am I the only one seeing the irony here?
The post you responded to is misleading. According to this: http://img193.imageshack.us/img193/2523/1248672053880.png [imageshack.us], this was an ACK attack, which causes problems not only for the directly attacked host, but for other users as well.
Ordinarily, a TCP connection is set up when you send a SYN packet to a website, such as 4chan, and then 4chan responds with a ACK, and then you respond again with a SYN-ACK.
Here is how an ACK attack works. I, the attacker, will send a SYN packet to 4chan, but I am pretending to be you, or your IP address. 4chan then sends an ACK packet to you, excepting a SYN-ACK in response. However, you did not initiate the connection, so you send a RST back to 4chan (or nothing at all, depending on your firewall settings).
Then I do it again. And again. I effectively flood both you and 4chan with meaningless traffic. Your traffic problems are even worse, because if you have a firewall blocking the RST packets, then 4chan will send you 4 ACK packets (depending on configuration) for every SYN packet I send them.
In this case, AT&T and other ISPs decided that the simplest solution to ending this DOS against their users was to block packets to and from 4chan (or a specific part of 4chan).
Parent
Not blocking 4chan.org for all users (Score:4, Informative)
So, AT&T, is not blocking img.4chan.org, the company is only blocking some of its users. Check 4chan status [4chan.org]. Quote: "UPDATE: Some coverage on TechCrunch [techcrunch.com], Digg [digg.com], reddit [reddit.com], and Google News [google.com]. Also, note that AT&T has yet to contact us."
Parent
Re: (Score:3, Insightful)
Mission Accomplished!
Re:Before we act too hastily.. (Score:5, Funny)
Parent
Re:Before we act too hastily.. (Score:5, Funny)
My God man, are you insane? That would be like crossing the streams and I don't mean like Ghostbusters, more like broke back mountain.
Slow day
Parent
Re:Before we act too hastily.. (Score:5, Insightful)
But, we've already sharpened the pitchforks and lit the torches.
What are we supposed to do now?
Parent
Re:Before we act too hastily.. (Score:5, Funny)
Pick an ethnic minority and have a party?
Parent
Re:Before we act too hastily.. (Score:5, Informative)
Parent
Re:Before we act too hastily.. (Score:5, Insightful)
That's clearly an attempt to draw an analogy, so it really isn't as offtopic as it sounds. And yes, in the case of repeated rape of the same girl by the same person, you might. It's called protective custody [wikipedia.org].
In this case, though, AT&T almost certainly isn't doing it to protect 4chan's server. I'm sure they couldn't care less about that. They do, however, care about the huge zombie botnet on their network that is probably racking up huge bandwidth bills for them with their upstream providers.
Parent
Re:Before we act too hastily.. (Score:5, Insightful)
If they REALLY cared about what a zombie botfarm AT&T has become, they'd start cutting the users that allowed their machines to turn into spam- and DDoSbots. Instead they block access to a server. And not to protect this server, because of the very nature of the attack, AT&T bears the same if not the higher load of the DDoS.
They don't give a shit about hosting a zombie botnet. If they did, they'd cut their users, but that in turn would cause angry phone calls to their support center and a lot of canceled contracts. Instead, they block a server to all their customers, along the "can't see it, so it's no problem" theory.
The zombies still exist. And prepare for the next server to attack. *pondering*... Hmmm.... If I wanted to disallow AT&T users into a server, could I order a DDoS attack? I mean, if it was AOLlers it would be a no-brainer...
Parent
Re:Before we act too hastily.. (Score:5, Insightful)
Unfortunately the very nature of communications is a war of control. If it's not wrestling the control from governments, it's about controlling users.
AT&T are well known for blanket bans, especially when it comes from reverse NDR attacks. The idea of having low cost human infrastructure working on one of the worlds largest commercial networks is one of the silliest ideas around.
The only people with any sort of expertise seem to be pushed out with redundancies, etc, by the upper management, and all you're left with is lackies getting paid enough to keep them working, but not enough to make them excel and executives that care more about golf. This pretty much makes any real network security or decent policy impossible.
While I don't like what's happening, I can understand it. It's all about the cheapest near sighted avenue. The accountants and executives only see short term benefits of actions like this. They're unaware that the impact both on brand and network performance is far more of a negative impact to revenue than any single DDoS can have.
Pretty much AT&T need to clean their act, network and image up or they'll end up in an irrecoverable position.
Parent
Re:Before we act too hastily.. (Score:5, Informative)
Parent
Re:Before we act too hastily.. (Score:5, Informative)
If I was using your ISP and was told I had to "bring in a receipt as proof that my PC was cleaned by a professional", I'd laugh and ask for my account to be canceled, right after that.
That's on the second offense. The first time you're only required to inform them that it's been cleaned. If you're successfully able to clean it yourself, you won't have the requirement of showing a receipt from a professional. If you're unsuccessful in cleaning it or you get re-infected shortly thereafter, you obviously need help.
In his exact words, on the first offense, service is restored "Once they notify us they've had their PC cleaned"; if it happens again, "we require them to bring in a receipt showing they had their PC cleaned by professionals and that they have antivirus". Not all too heavy-handed, really.
In fact, severa of my very computer-savvy friends have managed to infect their PCs [...] someone decided to infect the self-extracting .EXE file that extracted the multi-sgement .RAR files they downloaded.
Self-extracting RAR archives? Some free advice: The safe way to extract them is to open them in WinRAR and extract them like you would normal archives. That way if the self-extracting executable part is infected it won't affect your machine because you aren't ever running it.
most people I know who use their computer enough to order broadband Internet in the first place own SEVERAL computers, typically networked together at home - it's not at all inconceivable they'd clean ONE machine, only to find out a second one was causing some/all of the spamming or flooding issues
More free advice: clean the one you use for porn. ;P
Parent
Re:Before we act too hastily.. (Score:5, Informative)
If you do on-site service then I'm certain you understand that whatever you have on your PC is your responsibility and thus making you liable for damages caused to others. By requesting our customers have their PC checked and cleaned/repaired by a professional on the SECOND (not first) offense we are attempting to help both the user (who may have been ignorant of the trouble being caused) and everyone else. If you noticed, I didn't state that we sniff packets or persecute them; we merely require that they be responsible users when accessing our network. Out of the possible hundred times I've done this not a single time did a user get angry; quite the contrary actually. I receive thank you letters (twice actually) or emails (a few) that they are happy we're looking out for them. As a service we also offer free antivirus to our customers upon request (though I usually suggest downloading something like Avast so they don't have to deal with licenses through us).
If you find our tactics heavy handed or obtrusive then I think you might have a skewed and excessively open expectation of what should be allowed on a network. In the end, no matter what people say about "net neutrality" and carrier immunity ISPs will still blackhole each other for not controlling their user base when it comes to attacks. I think the proactive approach we take with our customers is more personal and effective than other options out there.
Parent
Re:Before we act too hastily.. (Score:5, Funny)
Finally, ATT sucks. Track their employees leaving the stores and beat the shit out of them, then vandalize their vehicles. Fuck man, it's obvious that they're a front for government spying. When their medical bills are greater than their paychecks and government stipends, the domestic spying will end.
finally, a rational, well thought out comment that is on topic and offers a solution.
there is nothing more to add to this discussion.
Parent
Re:Before we act too hastily.. (Score:5, Funny)
moot: We get signal.
moot: Main screen turn on.
AT&T: How are you gentlemen !!
AT&T: All your internets are belong to us.
AT&T: You are on the way to Great Firewall of North America.
AT&T: You have no chance to survive make your time.
AT&T: HA HA HA HA
Parent
Looks like the block was lifted (Score:5, Informative)
Re: (Score:3, Informative)
You're an idiot... obviously there was a DOS going on. http://status.4chan.org/index.html#1567027617431107851
Re: (Score:3, Interesting)
Oh my gosh.. Not 4chan... What shall we do?
Myself, I'm going on with my regular life, since I never went there anyways. :)
But, since I was curious, I tried to go to their site from a Verizon FiOS line. Dead.
This almost reminds me of the wonders of folks playing in IRC back in the day. One kid pisses off another kid, and suddenly folks are getting flooded off the network, and other various DoS attacks. SSDD.
Hooboy... (Score:5, Funny)
This is going to be beyond epic. There's going to be movies made about this a hundred years from now. (It'll be a comedy/tragedy either way, or more probably both)
Re:Hooboy... (Score:4, Funny)
The movie will be banned in all 63 states for being approximately 2 hours of child porn strung together with scat jokes.
Parent
Re: (Score:3, Funny)
Re:Hooboy... (Score:5, Funny)
6 states? We have Oceania, Eurasia and Eastasia. What are the other three?
I was completely thrown by that silly concept of 63 states. According to all the history books I've read, there have always been 3. I already verified this with the RecDep of Minitrue.
Parent
What is the real problem? (Score:4, Interesting)
The question is whether 4chan is the real problem or the reaction to 4chan is. /b/ is what it is and has been for quite a while. And the American Southern culture also has roots that go back at least 300 years. So in a battle for legitimacy, which one should take precedence over the other?
We can talk about freedom of speech and such, but /b/ is home to content that is occasionally over the line illegal. On the other hand, only those who would actually seek it out would even know about it, so it doesn't make sense to "protect" the fair citizens of Hillbilly Valley by blocking the site.
Raymond Bradbury wrote about this in his seminal work Farenheit 451. Once we start allowing the minority to exert power over the majority in the name of fairness and protection, we lose a critical pillar of our society. Censorship is the first step, but later it will be outright censure.
Let's let that which is illegal stay illegal, and give everyone the benefit of full access, even if they don't want it. But I'm not from the South, so my cultural background doesn't lead me to the conclusion that censorship is better than freedom.
Simmer Down Now. (Score:5, Informative)
Idiots (Score:5, Insightful)
while some others suggest more drastic action (like cutting AT&T fiber)
And eliminate ANY kind of access for themselves, and others who could care less about their problems.. Just as smart as having riots, burning down the grocery stores and then having no place to buy food.. Destruction as a form of protest only hurts themselves and other innocents.
Re:Idiots (Score:5, Insightful)
Nobody ever claimed the /b/tards were smart. Clever, created, talent, energetic - sure. But not smart.
Parent
Re:Idiots (Score:5, Funny)
Destruction as a form of protest only hurts themselves and other innocents.
"Other innocents"?
You've never actually visited /b/, have you?
Parent
Wrong way (Score:5, Funny)
Ham-fisted (Score:3, Funny)
In related news: (Score:5, Funny)
In other news: AT&T pokes bees nest while wearing meat suit in hungry tiger cage.
Re: (Score:3, Funny)
First they came for the 4chan members, and I did not speak out,
because I did not want to be labeled a child molester.
Then they came for...
Re: (Score:3, Informative)
I have mod points, but I'm not using them, because there's no "-1 polite but very, very wrong" option.
To be more specific, I laughed pretty hard at "Anonymous is trying to fight this peacefully, they're not going to be DDoSing any DNS servers, backbone routers, or the like." They're not one person, and they're not a body directed by an individual, and no one controls what the assholes do, so the best you can do is "Some people are urging others not to, and they may or may not care". Good luck with that ;-
Re:Net Neutrality (Score:5, Insightful)
ED Article [encycloped...matica.com] Excerpts:
"1. DON'T FUCK WITH THE LAW- We want to first make use of the rights we have, censorship is violating our rights."
"Acting like an idiot and trying to DDoS them will only end with you being persecuted (and/or prosecuted), and your actions being used as a justification."
"This battle is one we have to fight legally..."
"DO NOT RAGE ON THESE PHONE NUMBERS, SIMPLY COMPLAIN ABOUT THE ISSUE!"
Insurgen Article [insurgen.info]
Excepts:
"Acting like a retard and trying to DDoS them will only end in them going [A QUOTE]"
"Don't try to DDoS or do ANYTHING illegal or legally ambiguous to AT&T. This is a corporation with more resources, manpower, and preparation than anything you script kiddies have ever dealt with. You will be caught and prosecuted. Go through legal channels and reverse this using legitimate means."
Those are just the ones in the windows I have open.
Obviously there is no way to force someone not to do something, but the intentions are to solve this without any "damages".
Thanks,
Smark
SpectralCoding [spectralcoding.com]
Parent
Re: (Score:3, Insightful)
Thinking about all the "internet vigilante groups" that exist, Anonymous is maybe one of the better organized and better "behaved" ones. Actually it surprises me that they haven't been labeled a terrorist group yet, they act coherently and are not under any government's control...
I think one of the reasons why this won't happen is that there's appearantly no "unspoken consensus" that DDoSing would be the right thing. You know, where you essentially say "stay within the law", but secretly everyone wished som
Re: (Score:3, Interesting)
I beg to differ, there is a difference between net neutrality and this, the larger issue of censorship.
Re:Net Neutrality (Score:5, Funny)
I don't think AT&T would care too much of the opinion of a group of 15 year olds.
Only a complete moron would sell an entertainment pipeline into American homes and not care about the opinion of a group of 15 year olds! So, yeah, you're probably right.
Parent
Re: (Score:3, Funny)
OH GOD HOW DO I MOD THIS? Insightful....or funny...or insightful...or funny...or insightful...DEAR GOD WHAT DO I DO?????????1one
Re:Net Neutrality (Score:5, Insightful)
If you don't care about the opinion of people who have too much time on their hands, no life and you're the one who just took away the only thing that gave their life something resembling meaning, you have no call center.
Be aware who you're dealing with: People who have time to make you waste time. Time of your employees you have to pay by the hour. That costs money, and a load thereof. Don't underestimate the power of people with more time than you. Especially if being an expensive nuisance doesn't take too much skill.
Parent
Re: (Score:3, Funny)
I'm preheating the microwave now to prep some popcorn.
Preheating the Microwave? Do you use tinfoil or lightbulbs?
Re:"Could this all be a hoax...?" (Score:5, Funny)
Uranium rods, like any sane person.
Parent
Re:"Could this all be a hoax...?" (Score:5, Insightful)
Well that makes no sense. AT&T should be taking no action unless somebody from 4chan calls them up and asks them to block the perceived source of the DDoS..
Sounds like you don't understand what's going on - please educate yourself.
4chan is being SYN flooded, various ISPs were getting a lot of collateral traffic from the resulting ACKs going back to spoofed IPs. Since those ISPs had nothing to do with either the attacker or 4chan, there was nothing they could do but pull the plug on the source of the collateral ACKs (4chan). i.e. the ISPs who blocked 4chan weren't trying to protect 4chan from an attack, they were protecting their own networks from the fallout.
Sadly, like you, the vast majority of users are clueless and won't investigate to see what is only going on. I'm sure there will be a kneejerk reaction against AT&T and the other ISPs who tried to protect themselves and everyone will make out that they are the bad guys.
Parent
Re: (Score:3, Informative)
Re: (Score:3, Funny)
Re:Freedom and privacy (Score:5, Insightful)
You have never been punished for exercising your freedom to speak by someone with more money or political clout than you have making you pay for disagreeing with them I see. Being able to be anonymous is basic to free speech.
Parent
Re:You know what destroys a sites credibility? (Score:4, Funny)
Parent