AT&T Blocks Part of 4chan 342
holdenkarau writes "Several news sources (Mashable, The Inquistr, etc.) are reporting that AT&T is blocking img.4chan.org in the southern United States. That server is used for the infamous /b/ board (the home of anonymous). TechCrunch calls the decision to block 4chan 'stupid,' noting that they may have 'opened perhaps the most vindictive, messy can of worms.' The Inquisitr suggests that 'The global internet censorship debate landed in the home of the free.' moot (who runs 4chan) asks users to call AT&T, while some others suggest more drastic action (like cutting AT&T fiber)." Update: 07/27 09:23 GMT by T : Readers' comments below suggest that a) the purpose of the block was to curtail the effects of a serious DDoS attack and b) that the block has now been lifted, at least for some regions.
Before we act too hastily.. (Score:5, Informative)
http://www.merit.edu/mail.archives/nanog/msg19609.html [merit.edu]
The president of unWired (a much more reputable ISP) has also blocked the same server. A DDoS was apparently attacking said server which wast travelling over both lines. According to this post, the block was due solely to stop the DDoS.
Looks like the block was lifted (Score:5, Informative)
Re:Before we act too hastily.. (Score:2, Informative)
So to stop a DDoS attack on a server, they remove any and all access to that server?
How else would you do it?
Re:Before we act too hastily.. (Score:5, Informative)
Re:Before we act too hastily.. (Score:1, Informative)
Sex outside of marriage? You can be damned well sure she ought to be arrested.
http://www.digitaljournal.com/article/246259/Saudi_Arabia_Rape_victim_gets_200_lashes [digitaljournal.com]
Simmer Down Now. (Score:5, Informative)
Re:Net Neutrality (Score:3, Informative)
I have mod points, but I'm not using them, because there's no "-1 polite but very, very wrong" option.
To be more specific, I laughed pretty hard at "Anonymous is trying to fight this peacefully, they're not going to be DDoSing any DNS servers, backbone routers, or the like." They're not one person, and they're not a body directed by an individual, and no one controls what the assholes do, so the best you can do is "Some people are urging others not to, and they may or may not care". Good luck with that ;-)
Re:Before we act too hastily.. (Score:5, Informative)
I was confused until I read this.
http://mailman.nanog.org/pipermail/nanog/2009-July/012198.html [nanog.org]
If IP source headers are spoofed to somewhere else, say to AT&T networks, it makes sense to block them
You know what destroys a sites credibility? (Score:1, Informative)
Posting something in the likes of asking your audience to sabotage the network infrastructure.
Funny how some stuff gets rushed to the front page, I don't think Digg was gullible enough to get that even close to front page.
Re:Looks like the block was lifted (Score:3, Informative)
You're an idiot... obviously there was a DOS going on. http://status.4chan.org/index.html#1567027617431107851
ACK Attack (Score:5, Informative)
So to stop a DDoS attack on a server, they remove any and all access to that server? Am I the only one seeing the irony here?
The post you responded to is misleading. According to this: http://img193.imageshack.us/img193/2523/1248672053880.png [imageshack.us], this was an ACK attack, which causes problems not only for the directly attacked host, but for other users as well.
Ordinarily, a TCP connection is set up when you send a SYN packet to a website, such as 4chan, and then 4chan responds with a ACK, and then you respond again with a SYN-ACK.
Here is how an ACK attack works. I, the attacker, will send a SYN packet to 4chan, but I am pretending to be you, or your IP address. 4chan then sends an ACK packet to you, excepting a SYN-ACK in response. However, you did not initiate the connection, so you send a RST back to 4chan (or nothing at all, depending on your firewall settings).
Then I do it again. And again. I effectively flood both you and 4chan with meaningless traffic. Your traffic problems are even worse, because if you have a firewall blocking the RST packets, then 4chan will send you 4 ACK packets (depending on configuration) for every SYN packet I send them.
In this case, AT&T and other ISPs decided that the simplest solution to ending this DOS against their users was to block packets to and from 4chan (or a specific part of 4chan).
Re:ACK Attack (Score:1, Informative)
SYN
SYN-ACK
ACK
The right 3-way handshake
Re:ACK Attack (Score:1, Informative)
Re:this is what's going to happen (Score:3, Informative)
Though it doesn't help that most of 4chan is inaccessible right now, due to (I would guess) another DDoS attack.
Re:4chan Down (Score:2, Informative)
"Cogent Communications has joined the club-they're now blocking all of 4chan. I can't even access the site at this point. We're working on it..."
So the site isn't down, in the sense that the servers are still running, and its not a DDOS attack but simply a denial of service by the ISPs/Backbones needed to access it. Net Neutrality anyone?...
Re:Freedom and privacy (Score:1, Informative)
The "Anonymous" thing on imageboards is more of a historical accident than anything, it was certainly never intended to conceal criminality (and doesn't, logs are kept and mods cooperate with the authorities like every other admin.) It has been retained because, at its best, it produces a unique and positive atmosphere. Posts are judged on CONTENT rather than the user's postcount, how much mod penis they have sucked etc. The very idea of censorship of anything not illegal becomes silly, hence bizarre topics offensive to most "normal" forum users can be discussed. Trolling and abuse of other users is of course rampant, but it's mostly good natured and the users wouldn't want it any other way.
AT&T DSL user here. (Score:3, Informative)
I can confirm that img.4chan.org and www.4chan.org are unreachable from my home DSL (AT&T/Yahoo in Northern California). Everything works fine once I have routed 207.126.64.0/24 through OpenVPN over a non-AT&T network.
Re:Before we act too hastily.. (Score:1, Informative)
Damn. I was tricked and manipulated. :)
Not blocking 4chan.org for all users (Score:4, Informative)
So, AT&T, is not blocking img.4chan.org, the company is only blocking some of its users. Check 4chan status [4chan.org]. Quote: "UPDATE: Some coverage on TechCrunch [techcrunch.com], Digg [digg.com], reddit [reddit.com], and Google News [google.com]. Also, note that AT&T has yet to contact us."
Re:Net Neutrality (Score:3, Informative)
Actually it surprises me that they haven't been labeled a terrorist group yet
Actually, they have [slashdot.org]
From the 4chan status blog... (Score:2, Informative)
Re:ACK Attack (Score:3, Informative)
Re:Before we act too hastily.. (Score:5, Informative)
Re:Before we act too hastily.. (Score:5, Informative)
If I was using your ISP and was told I had to "bring in a receipt as proof that my PC was cleaned by a professional", I'd laugh and ask for my account to be canceled, right after that.
That's on the second offense. The first time you're only required to inform them that it's been cleaned. If you're successfully able to clean it yourself, you won't have the requirement of showing a receipt from a professional. If you're unsuccessful in cleaning it or you get re-infected shortly thereafter, you obviously need help.
In his exact words, on the first offense, service is restored "Once they notify us they've had their PC cleaned"; if it happens again, "we require them to bring in a receipt showing they had their PC cleaned by professionals and that they have antivirus". Not all too heavy-handed, really.
In fact, severa of my very computer-savvy friends have managed to infect their PCs [...] someone decided to infect the self-extracting .EXE file that extracted the multi-sgement .RAR files they downloaded.
Self-extracting RAR archives? Some free advice: The safe way to extract them is to open them in WinRAR and extract them like you would normal archives. That way if the self-extracting executable part is infected it won't affect your machine because you aren't ever running it.
most people I know who use their computer enough to order broadband Internet in the first place own SEVERAL computers, typically networked together at home - it's not at all inconceivable they'd clean ONE machine, only to find out a second one was causing some/all of the spamming or flooding issues
More free advice: clean the one you use for porn. ;P
Re:Before we act too hastily.. (Score:5, Informative)
If you do on-site service then I'm certain you understand that whatever you have on your PC is your responsibility and thus making you liable for damages caused to others. By requesting our customers have their PC checked and cleaned/repaired by a professional on the SECOND (not first) offense we are attempting to help both the user (who may have been ignorant of the trouble being caused) and everyone else. If you noticed, I didn't state that we sniff packets or persecute them; we merely require that they be responsible users when accessing our network. Out of the possible hundred times I've done this not a single time did a user get angry; quite the contrary actually. I receive thank you letters (twice actually) or emails (a few) that they are happy we're looking out for them. As a service we also offer free antivirus to our customers upon request (though I usually suggest downloading something like Avast so they don't have to deal with licenses through us).
If you find our tactics heavy handed or obtrusive then I think you might have a skewed and excessively open expectation of what should be allowed on a network. In the end, no matter what people say about "net neutrality" and carrier immunity ISPs will still blackhole each other for not controlling their user base when it comes to attacks. I think the proactive approach we take with our customers is more personal and effective than other options out there.
Re:Net Neutrality (Score:3, Informative)
4chan advertising? (Score:3, Informative)
But now 4chan's founder, Moot, has admitted the whole thing was kind of his fault.
"For the past three weeks, 4chan has been under a constant DDoS attack," Moot wrote in an afternoon update. "We were able to filter this specific type of attack in a fashion that was more or less transparent to the end user.
Block lifted; moot provides details. (Score:3, Informative)
moot has posted the details on status.4chan.org [4chan.org].
Basically he confirms all the speculation that AT&T blocked 4chan because of ACK bouncebacks from a DDOS. Real /b/tards probably already had off-network proxies at the ready to deal with it.
Also, being on AT&T and unable to access 4chan doesn't necessarily mean that it's been blocked. 4chan is up and down all the time, because they're under constant DDOS attacks, at pretty much all times, from various sources. It seems that DDOSing 4chan is a basic holding pattern for botnets that aren't otherwise occupied.
Here's what happened:
For the past three weeks, 4chan has been under a constant DDoS attack. We were able to filter this specific type of attack in a fashion that was more or less transparent to the end user.
Unfortunately, as an unintended consequence of the method used, some Internet users received errant traffic from one of our network switches. A handful happened to be AT&T customers.
In response, AT&T filtered all traffic to and from our img.4chan.org IPs (which serve /b [4chan.org]/ & /r9k/) for their entire network, instead of only the affected customers. AT&T did not contact us prior to implementing the block. Here is their statement regarding the matter [att.com].
In the end, this wasn't a sinister act of censorship, but rather a bit of a mistake and a poorly executed, disproportionate response on AT&T's part. Whoever pulled the trigger on blackholing the site probably didn't anticipate [nor intend] the consequences of doing so.
We're glad to see this short-lived debacle has prompted renewed interest and debate over net neutrality and internet censorshipâ"two very important issues that don't get nearly enough attentionâ"so perhaps this was all just a blessing in disguise.
Aside from that, I'll also add that there is some big news due later this week. Keep an eye on the News page, Twitter, and global message for updates.
As always, I can be reached at moot@4chan.org.
---
PS: If any companies would like to hook us up with some better hardware, feel free! The architecture we've got powering this large and influential beast is really quite embarrassing. ( ._.)