Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Blocks Part of 4chan

Posted by timothy on from the do-you-hear-that-tremendous-whining-noise? dept.

holdenkarau writes "Several news sources (Mashable, The Inquistr, etc.) are reporting that AT&T is blocking img.4chan.org in the southern United States. That server is used for the infamous /b/ board (the home of anonymous). TechCrunch calls the decision to block 4chan 'stupid,' noting that they may have 'opened perhaps the most vindictive, messy can of worms.' The Inquisitr suggests that 'The global internet censorship debate landed in the home of the free.' moot (who runs 4chan) asks users to call AT&T, while some others suggest more drastic action (like cutting AT&T fiber)." Update: 07/27 09:23 GMT by T : Readers' comments below suggest that a) the purpose of the block was to curtail the effects of a serious DDoS attack and b) that the block has now been lifted, at least for some regions.

12 of 342 comments (clear)

  1. Before we act too hastily.. by jx100 · · Score: 5, Informative

    http://www.merit.edu/mail.archives/nanog/msg19609.html

    The president of unWired (a much more reputable ISP) has also blocked the same server. A DDoS was apparently attacking said server which wast travelling over both lines. According to this post, the block was due solely to stop the DDoS.

    1. Re:Before we act too hastily.. by partyguerrilla · · Score: 5, Informative

      I don't know how credible this is http://img193.imageshack.us/img193/2523/1248672053880.png But the IP specified there is the same for http://img.4chan.org/

    2. Re:Before we act too hastily.. by KDingo · · Score: 5, Informative

      I was confused until I read this.

      http://mailman.nanog.org/pipermail/nanog/2009-July/012198.html

      If IP source headers are spoofed to somewhere else, say to AT&T networks, it makes sense to block them

    3. Re:Before we act too hastily.. by rezalas · · Score: 4, Informative

      This is the very reason at the ISP I work for we cut our user's access to the net once we discover they are spamming/botting/flooding anyone for any reason. We block them off, mark their account, and notify them by phone of why they lost internet access. Once they notify us they've had their PC cleaned we allow them access again. If they do it again though (and we monitor their bandwidth usage for two weeks to be sure they didn't miss something) we require them to bring in a receipt showing they had their PC cleaned by professionals and that they have antivirus before turning them on again. AT&T (if they really are attempting to protect them... which is likely BS) made the poor choice. We receive notification from AT&T when our customers SPAM or flood anyone about how they'll blackhole their IP if we don't stop them (effectively costing us an IP until we fix it), so I know they have an automated system for dumping individual attackers into a block list without interaction from us. This just seems like a power play to eliminate a server they don't particularly like.

    4. Re:Before we act too hastily.. by clone53421 · · Score: 4, Informative

      If I was using your ISP and was told I had to "bring in a receipt as proof that my PC was cleaned by a professional", I'd laugh and ask for my account to be canceled, right after that.

      That's on the second offense. The first time you're only required to inform them that it's been cleaned. If you're successfully able to clean it yourself, you won't have the requirement of showing a receipt from a professional. If you're unsuccessful in cleaning it or you get re-infected shortly thereafter, you obviously need help.

      In his exact words, on the first offense, service is restored "Once they notify us they've had their PC cleaned"; if it happens again, "we require them to bring in a receipt showing they had their PC cleaned by professionals and that they have antivirus". Not all too heavy-handed, really.

      In fact, severa of my very computer-savvy friends have managed to infect their PCs [...] someone decided to infect the self-extracting .EXE file that extracted the multi-sgement .RAR files they downloaded.

      Self-extracting RAR archives? Some free advice: The safe way to extract them is to open them in WinRAR and extract them like you would normal archives. That way if the self-extracting executable part is infected it won't affect your machine because you aren't ever running it.

      most people I know who use their computer enough to order broadband Internet in the first place own SEVERAL computers, typically networked together at home - it's not at all inconceivable they'd clean ONE machine, only to find out a second one was causing some/all of the spamming or flooding issues

      More free advice: clean the one you use for porn. ;P

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    5. Re:Before we act too hastily.. by rezalas · · Score: 4, Informative

      First off, I think you read too far into some of my statements and this is possibly upsetting you a bit too much. I've been in this business for a while now, and believe me when I say that the last thing I want is to alienate my customers; in fact unlike many ISPs we don't even care if you are hosting a server from your home; we merely request (quite reasonably) that if your PC becomes infected you clean it for the safety of our other customers.

      If you do on-site service then I'm certain you understand that whatever you have on your PC is your responsibility and thus making you liable for damages caused to others. By requesting our customers have their PC checked and cleaned/repaired by a professional on the SECOND (not first) offense we are attempting to help both the user (who may have been ignorant of the trouble being caused) and everyone else. If you noticed, I didn't state that we sniff packets or persecute them; we merely require that they be responsible users when accessing our network. Out of the possible hundred times I've done this not a single time did a user get angry; quite the contrary actually. I receive thank you letters (twice actually) or emails (a few) that they are happy we're looking out for them. As a service we also offer free antivirus to our customers upon request (though I usually suggest downloading something like Avast so they don't have to deal with licenses through us).

      If you find our tactics heavy handed or obtrusive then I think you might have a skewed and excessively open expectation of what should be allowed on a network. In the end, no matter what people say about "net neutrality" and carrier immunity ISPs will still blackhole each other for not controlling their user base when it comes to attacks. I think the proactive approach we take with our customers is more personal and effective than other options out there.

  2. Looks like the block was lifted by yamamushi · · Score: 4, Informative

    As of 1am CST, it looks like the block is beginning to be lifted : http://encyclopediadramatica.com/AT%26T_Blocks_4chan#THIS_JUST_IN I can confirm access to img.4chan.org open from the Austin/South Texas area now, whereas it wasn't about an hour ago.

    --
    - Aetheral Research -
    1. Re:Looks like the block was lifted by Anonymous Coward · · Score: 3, Informative

      You're an idiot... obviously there was a DOS going on. http://status.4chan.org/index.html#1567027617431107851

  3. Simmer Down Now. by ibaboon · · Score: 5, Informative

    The block is gone. It was for 4chans own good. They have been DDoSed for weeks. AT&T just stopped access for a short bit. Settle the heck down.

  4. ACK Attack by iYk6 · · Score: 5, Informative

    So to stop a DDoS attack on a server, they remove any and all access to that server? Am I the only one seeing the irony here?

    The post you responded to is misleading. According to this: http://img193.imageshack.us/img193/2523/1248672053880.png, this was an ACK attack, which causes problems not only for the directly attacked host, but for other users as well.

    Ordinarily, a TCP connection is set up when you send a SYN packet to a website, such as 4chan, and then 4chan responds with a ACK, and then you respond again with a SYN-ACK.

    Here is how an ACK attack works. I, the attacker, will send a SYN packet to 4chan, but I am pretending to be you, or your IP address. 4chan then sends an ACK packet to you, excepting a SYN-ACK in response. However, you did not initiate the connection, so you send a RST back to 4chan (or nothing at all, depending on your firewall settings).

    Then I do it again. And again. I effectively flood both you and 4chan with meaningless traffic. Your traffic problems are even worse, because if you have a firewall blocking the RST packets, then 4chan will send you 4 ACK packets (depending on configuration) for every SYN packet I send them.

    In this case, AT&T and other ISPs decided that the simplest solution to ending this DOS against their users was to block packets to and from 4chan (or a specific part of 4chan).

  5. Not blocking 4chan.org for all users by Futurepower(R) · · Score: 3, Informative

    The issue was reported on Reddit.com 16 hours ago. At no time, apparently, was access to img.4chan.org slow. Also, at present the IP address 207.126.64.181 connects directly to 4chan.org, as it should.

    So, AT&T, is not blocking img.4chan.org, the company is only blocking some of its users. Check 4chan status. Quote: "UPDATE: Some coverage on TechCrunch, Digg, reddit, and Google News. Also, note that AT&T has yet to contact us."

  6. Re:Net Neutrality by TuaAmin13 · · Score: 3, Informative

    Actually it surprises me that they haven't been labeled a terrorist group yet

    Actually, they have