Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Blocks Part of 4chan

Posted by timothy on from the do-you-hear-that-tremendous-whining-noise? dept.

holdenkarau writes "Several news sources (Mashable, The Inquistr, etc.) are reporting that AT&T is blocking img.4chan.org in the southern United States. That server is used for the infamous /b/ board (the home of anonymous). TechCrunch calls the decision to block 4chan 'stupid,' noting that they may have 'opened perhaps the most vindictive, messy can of worms.' The Inquisitr suggests that 'The global internet censorship debate landed in the home of the free.' moot (who runs 4chan) asks users to call AT&T, while some others suggest more drastic action (like cutting AT&T fiber)." Update: 07/27 09:23 GMT by T : Readers' comments below suggest that a) the purpose of the block was to curtail the effects of a serious DDoS attack and b) that the block has now been lifted, at least for some regions.

5 of 342 comments (clear)

  1. Before we act too hastily.. by jx100 · · Score: 5, Informative

    http://www.merit.edu/mail.archives/nanog/msg19609.html

    The president of unWired (a much more reputable ISP) has also blocked the same server. A DDoS was apparently attacking said server which wast travelling over both lines. According to this post, the block was due solely to stop the DDoS.

    1. Re:Before we act too hastily.. by partyguerrilla · · Score: 5, Informative

      I don't know how credible this is http://img193.imageshack.us/img193/2523/1248672053880.png But the IP specified there is the same for http://img.4chan.org/

    2. Re:Before we act too hastily.. by KDingo · · Score: 5, Informative

      I was confused until I read this.

      http://mailman.nanog.org/pipermail/nanog/2009-July/012198.html

      If IP source headers are spoofed to somewhere else, say to AT&T networks, it makes sense to block them

  2. Simmer Down Now. by ibaboon · · Score: 5, Informative

    The block is gone. It was for 4chans own good. They have been DDoSed for weeks. AT&T just stopped access for a short bit. Settle the heck down.

  3. ACK Attack by iYk6 · · Score: 5, Informative

    So to stop a DDoS attack on a server, they remove any and all access to that server? Am I the only one seeing the irony here?

    The post you responded to is misleading. According to this: http://img193.imageshack.us/img193/2523/1248672053880.png, this was an ACK attack, which causes problems not only for the directly attacked host, but for other users as well.

    Ordinarily, a TCP connection is set up when you send a SYN packet to a website, such as 4chan, and then 4chan responds with a ACK, and then you respond again with a SYN-ACK.

    Here is how an ACK attack works. I, the attacker, will send a SYN packet to 4chan, but I am pretending to be you, or your IP address. 4chan then sends an ACK packet to you, excepting a SYN-ACK in response. However, you did not initiate the connection, so you send a RST back to 4chan (or nothing at all, depending on your firewall settings).

    Then I do it again. And again. I effectively flood both you and 4chan with meaningless traffic. Your traffic problems are even worse, because if you have a firewall blocking the RST packets, then 4chan will send you 4 ACK packets (depending on configuration) for every SYN packet I send them.

    In this case, AT&T and other ISPs decided that the simplest solution to ending this DOS against their users was to block packets to and from 4chan (or a specific part of 4chan).