AT&T Blocks Part of 4chan

holdenkarau writes "Several news sources (Mashable, The Inquistr, etc.) are reporting that AT&T is blocking img.4chan.org in the southern United States. That server is used for the infamous /b/ board (the home of anonymous). TechCrunch calls the decision to block 4chan 'stupid,' noting that they may have 'opened perhaps the most vindictive, messy can of worms.' The Inquisitr suggests that 'The global internet censorship debate landed in the home of the free.' moot (who runs 4chan) asks users to call AT&T, while some others suggest more drastic action (like cutting AT&T fiber)." Update: 07/27 09:23 GMT by T : Readers' comments below suggest that a) the purpose of the block was to curtail the effects of a serious DDoS attack and b) that the block has now been lifted, at least for some regions.

Before we act too hastily..

[jx100]

http://www.merit.edu/mail.archives/nanog/msg19609.html

The president of unWired (a much more reputable ISP) has also blocked the same server. A DDoS was apparently attacking said server which wast travelling over both lines. According to this post, the block was due solely to stop the DDoS.

Re:Before we act too hastily..

[Calydor]

So to stop a DDoS attack on a server, they remove any and all access to that server?

Am I the only one seeing the irony here?

Re:Before we act too hastily..

[toejam13]

But, we've already sharpened the pitchforks and lit the torches.

What are we supposed to do now?

Re:Before we act too hastily..

[partyguerrilla]

I don't know how credible this is http://img193.imageshack.us/img193/2523/1248672053880.png But the IP specified there is the same for http://img.4chan.org/

Re:Before we act too hastily..

[dotgain]

Well, I'd reverse the polarity of the main deflector dish, of course

Re:Before we act too hastily..

[KDingo]

I was confused until I read this.

http://mailman.nanog.org/pipermail/nanog/2009-July/012198.html

If IP source headers are spoofed to somewhere else, say to AT&T networks, it makes sense to block them

Re:Before we act too hastily..

[fireman+sam]

My God man, are you insane? That would be like crossing the streams and I don't mean like Ghostbusters, more like broke back mountain.

Slow day

Re:Before we act too hastily..

[dgatwood]

You don't haul a girl off to jail if she was raped do you?

That's clearly an attempt to draw an analogy, so it really isn't as offtopic as it sounds. And yes, in the case of repeated rape of the same girl by the same person, you might. It's called protective custody.

In this case, though, AT&T almost certainly isn't doing it to protect 4chan's server. I'm sure they couldn't care less about that. They do, however, care about the huge zombie botnet on their network that is probably racking up huge bandwidth bills for them with their upstream providers.

Re:Before we act too hastily..

[Opportunist]

Mission Accomplished!

Re:Before we act too hastily..

[Opportunist]

If they REALLY cared about what a zombie botfarm AT&T has become, they'd start cutting the users that allowed their machines to turn into spam- and DDoSbots. Instead they block access to a server. And not to protect this server, because of the very nature of the attack, AT&T bears the same if not the higher load of the DDoS.

They don't give a shit about hosting a zombie botnet. If they did, they'd cut their users, but that in turn would cause angry phone calls to their support center and a lot of canceled contracts. Instead, they block a server to all their customers, along the "can't see it, so it's no problem" theory.

The zombies still exist. And prepare for the next server to attack. *pondering*... Hmmm.... If I wanted to disallow AT&T users into a server, could I order a DDoS attack? I mean, if it was AOLlers it would be a no-brainer...

Re:Before we act too hastily..

[EvanED]

Am I the only one seeing the irony here?

There are plenty of ways such a decision would make sense. For instance, population A ("the south") is DDoSing 4chan. In so doing, they are disrupting access for everyone everywhere, including population B ("the north"), population C ("europe"), and population D ("alpha proxima"). By cutting off access from population A, they have made things only marginally worse for population A (since they couldn't get to it anyway), but have 'fixed' the problem for populations B, C, and D.

Was that the case here? Who knows.

Re:Before we act too hastily..

[sortius_nod]

Unfortunately the very nature of communications is a war of control. If it's not wrestling the control from governments, it's about controlling users.

AT&T are well known for blanket bans, especially when it comes from reverse NDR attacks. The idea of having low cost human infrastructure working on one of the worlds largest commercial networks is one of the silliest ideas around.

The only people with any sort of expertise seem to be pushed out with redundancies, etc, by the upper management, and all you're left with is lackies getting paid enough to keep them working, but not enough to make them excel and executives that care more about golf. This pretty much makes any real network security or decent policy impossible.

While I don't like what's happening, I can understand it. It's all about the cheapest near sighted avenue. The accountants and executives only see short term benefits of actions like this. They're unaware that the impact both on brand and network performance is far more of a negative impact to revenue than any single DDoS can have.

Pretty much AT&T need to clean their act, network and image up or they'll end up in an irrecoverable position.

Re:Before we act too hastily..

[MaskedSlacker]

Pick an ethnic minority and have a party?

Re:Before we act too hastily..

[ssintercept]

Finally, ATT sucks. Track their employees leaving the stores and beat the shit out of them, then vandalize their vehicles. Fuck man, it's obvious that they're a front for government spying. When their medical bills are greater than their paychecks and government stipends, the domestic spying will end.

finally, a rational, well thought out comment that is on topic and offers a solution.

there is nothing more to add to this discussion.

Re:Before we act too hastily..

[h4rm0ny]

There is such a thing as orgasm during non-consensual sex. It can be very traumatic and confusing for the victim causing them to question themselves. It has been particularly damaging for children who were abused to have had their first orgasms the result of forced sex. Your implying that sexual stimulation indicates volition is very incorrect. Might as well say that the release of endorphins following physical pain indicates that the injured chose to be hurt.

The study you linked to about increased chance of pregnancy under rape is innaccurately characterised by yourself as saying "twice as likely". The article you linked to [b]doesn't[/b] say that rape increases the chance of conception (by any amount). It discusses the controversy over some research on the subject. Research, incidentally, that has many factors uncovered. It compares conception rates from casual, consensual sex with rape and it is very far from conclusive. For example, it makes the assumption that a woman is more likely to engage in casual sex when she is most likely to conceive. What is the basis for this assumption? It could just as likely be possible that women are less likely to do so - after all, human beings are one of the few species that uses sex as a means for a female to attract a male even when the female is not fertile. What makes more sense than to see if someone is a good partner first, with less risk.

And yes, though highly unusual and doubtless under-reported, there are cases of female sexual abuse of males (no, not for payment).

Finally, regarding the beating up of AT&T employees, should you not be going after the senior execs rather than the phone monkeys? Or do you just go for easy targets?

Re:Before we act too hastily..

[mdwh2]

Why is a DDoS attack bad? Because it stops people from being able to (legitimately) access the server. That's the irony.

Re:Before we act too hastily..

[TheP4st]

Gimme a funnel, some handcuffs, 5 liters of hard liquor and a few hours and by your logic I can have sex with anyone I want and it won't count as rape.

Actually your logical conclusion that it won't be counted as rape is correct, it will be seen as necrophilia.

Re:Before we act too hastily..

[j-stroy]

/b/tard: What happen ?

/arcanine/: Somebody set up us the null'd packets.

moot: We get signal.

/b/tard: What !

moot: Main screen turn on.

/b/tard: It's You !!

AT&T: How are you gentlemen !!

AT&T: All your internets are belong to us.

AT&T: You are on the way to Great Firewall of North America.

/b/tard: What you say !! You'd best be trollin'

AT&T: You have no chance to survive make your time.

AT&T: HA HA HA HA ....

/b/tard: Take off every 'anon' !!

/b/tard: You know what you doing.

/b/tard: Move 'anon'.

/b/tard: For great justice.

Re:Before we act too hastily..

[Megane]

So the problem isn't AT&T, and the problem isn't really even the users (or more likely zombie bots) who are DDoSing AT&T, the real problem is the networks that are allowing the spoofed packets out. Because if you receive an IP packet from an end user with a source address that's not from your network, you should assume that it came from a new legitimate routing path and forward it right up. Because it's normal for your end users to set up crazy routing without even having an AS.

A big problem on the internets is ISPs that are run by idiots or assholes who don't understand (or care about) basic TCP/IP etiquette. It's not just spoofed packets, it's also spoofed BGP announcements. And freely allowing outbound port 25 access.

(I noticed recently when I was setting up and testing SMTP auth on my own mail server that AT&T apparently now blocks outbound port 25 for dynamic IP users, hooray for them. It still works from my AT&T static IP, though.)

Re:Before we act too hastily..

[Darkness404]

The problem is, I know AT&T sucks but I have to use them (at least for cell service) because they are the only phone provider where I live. Perhaps some day that will change and I can get T-Mobile and a nice Android handset, but in 2009 the only way I can get service it with AT&T, no matter how badly they suck.

Re:Before we act too hastily..

[rezalas]

This is the very reason at the ISP I work for we cut our user's access to the net once we discover they are spamming/botting/flooding anyone for any reason. We block them off, mark their account, and notify them by phone of why they lost internet access. Once they notify us they've had their PC cleaned we allow them access again. If they do it again though (and we monitor their bandwidth usage for two weeks to be sure they didn't miss something) we require them to bring in a receipt showing they had their PC cleaned by professionals and that they have antivirus before turning them on again. AT&T (if they really are attempting to protect them... which is likely BS) made the poor choice. We receive notification from AT&T when our customers SPAM or flood anyone about how they'll blackhole their IP if we don't stop them (effectively costing us an IP until we fix it), so I know they have an automated system for dumping individual attackers into a block list without interaction from us. This just seems like a power play to eliminate a server they don't particularly like.

Re:Before we act too hastily..

Except said DDoS attacks happened und 2 weeks ago. Can't they act in a more timely fashion?

http://status.4chan.org/

See the post below the top one

The DDOSing has been happening on and off for a few weeks now, and apparently it fell into full force around now. Everybody seems to think that it's AnonTalk zombie bots doing the spamming, but now /b/'s own users are helping by hammering F5. Regardless of what happened with blocking an DDOSing, /b/ is pissed off at AT&T. Having /b/ pissed off at you is not a place you want to be in, my friend.

-Samriel, posting Anonymously in solidarity

Re:Before we act too hastily..

[King_TJ]

I think there needs to be a middle ground here, and frankly, I'd say your ISP goes over the line with all of those demands.
If I was using your ISP and was told I had to "bring in a receipt as proof that my PC was cleaned by a professional", I'd laugh and ask for my account to be canceled, right after that.

Among other things, I own my own business doing on-site service, much of which involves cleaning viruses and spyware off customer PCs - so I would obviously do this kind of work myself. (Or would you accept a receipt where I billed myself for my time?)

This stuff can happen to anyone, especially when 90% or more use the inherently insecure Windows operating system. In fact, severa of my very computer-savvy friends have managed to infect their PCs with nasty trojan horse viruses, not because they're "clueless" -- but because they took some risks downloading pirated software from Usenet, and someone decided to infect the self-extracting .EXE file that extracted the multi-sgement .RAR files they downloaded.

(Before you "throw the first stone" - consider that most computer professionals have a real need to evaluate fully-functional commercial software packages, without limitations or hassles of arbitrary "30 day trial periods" and so on. Many of us say "Screw the letter of the law!" in such instances. The reality is, it's YOUR butt on the line if you recommend some expensive software package be purchased at your workplace, only to find out months later that it has shortcomings that make it far less useful or reliable than you promised everyone it would be. Better to get your hands on a pirated copy to put through its paces for a while, so you know what you're getting into.)

And considering most people I know who use their computer enough to order broadband Internet in the first place own SEVERAL computers, typically networked together at home - it's not at all inconceivable they'd clean ONE machine, only to find out a second one was causing some/all of the spamming or flooding issues.

Re:Before we act too hastily..

[clone53421]

If I was using your ISP and was told I had to "bring in a receipt as proof that my PC was cleaned by a professional", I'd laugh and ask for my account to be canceled, right after that.

That's on the second offense. The first time you're only required to inform them that it's been cleaned. If you're successfully able to clean it yourself, you won't have the requirement of showing a receipt from a professional. If you're unsuccessful in cleaning it or you get re-infected shortly thereafter, you obviously need help.

In his exact words, on the first offense, service is restored "Once they notify us they've had their PC cleaned"; if it happens again, "we require them to bring in a receipt showing they had their PC cleaned by professionals and that they have antivirus". Not all too heavy-handed, really.

In fact, severa of my very computer-savvy friends have managed to infect their PCs [...] someone decided to infect the self-extracting .EXE file that extracted the multi-sgement .RAR files they downloaded.

Self-extracting RAR archives? Some free advice: The safe way to extract them is to open them in WinRAR and extract them like you would normal archives. That way if the self-extracting executable part is infected it won't affect your machine because you aren't ever running it.

most people I know who use their computer enough to order broadband Internet in the first place own SEVERAL computers, typically networked together at home - it's not at all inconceivable they'd clean ONE machine, only to find out a second one was causing some/all of the spamming or flooding issues

More free advice: clean the one you use for porn. ;P

Re:Before we act too hastily..

[rezalas]

First off, I think you read too far into some of my statements and this is possibly upsetting you a bit too much. I've been in this business for a while now, and believe me when I say that the last thing I want is to alienate my customers; in fact unlike many ISPs we don't even care if you are hosting a server from your home; we merely request (quite reasonably) that if your PC becomes infected you clean it for the safety of our other customers.

If you do on-site service then I'm certain you understand that whatever you have on your PC is your responsibility and thus making you liable for damages caused to others. By requesting our customers have their PC checked and cleaned/repaired by a professional on the SECOND (not first) offense we are attempting to help both the user (who may have been ignorant of the trouble being caused) and everyone else. If you noticed, I didn't state that we sniff packets or persecute them; we merely require that they be responsible users when accessing our network. Out of the possible hundred times I've done this not a single time did a user get angry; quite the contrary actually. I receive thank you letters (twice actually) or emails (a few) that they are happy we're looking out for them. As a service we also offer free antivirus to our customers upon request (though I usually suggest downloading something like Avast so they don't have to deal with licenses through us).

If you find our tactics heavy handed or obtrusive then I think you might have a skewed and excessively open expectation of what should be allowed on a network. In the end, no matter what people say about "net neutrality" and carrier immunity ISPs will still blackhole each other for not controlling their user base when it comes to attacks. I think the proactive approach we take with our customers is more personal and effective than other options out there.

Re:Before we act too hastily..

[rezalas]

It might seem that way, but there is really no better way. If you do nothing then you are screwed. If you do anything then someone will complain or find fault. The system we use is highly effective and we haven't had issues with it in the many years we've used it.

While the hypothetical issue people always use is one of the 11 year old knowing more than the 40 year old who runs a real shop does and yet charges excessive amounts seems to show an issue; the reality is that commonly the 11 year old got the virus downloading porn or MSN smiley packs from his friends, and the mother spends $50-$100 at a local shop getting it taken care of by a pro who notifies her of the issue (which she then punishes the child for). We all know the stories of the retarded shop tech who can't ID his own ass despite the zipcode the state has assigned it, but the reality is that most people who own a shop and charge reasonable rates (or even high rates) can do so because they are experienced and have good word of mouth business.

Looks like the block was lifted

[yamamushi]

As of 1am CST, it looks like the block is beginning to be lifted : http://encyclopediadramatica.com/AT%26T_Blocks_4chan#THIS_JUST_IN I can confirm access to img.4chan.org open from the Austin/South Texas area now, whereas it wasn't about an hour ago.

Re:Looks like the block was lifted

[Venim]

Sounds like they backed out pretty quickly. Probably the best move they could make (aside from not blocking 4chan in the first place).

As for the DDoS claim by them, i say FUD. /b/ was just as slow as it always is.

Re:Looks like the block was lifted

You're an idiot... obviously there was a DOS going on. http://status.4chan.org/index.html#1567027617431107851

Re:Looks like the block was lifted

[JWSmythe]

    Oh my gosh.. Not 4chan... What shall we do?

    Myself, I'm going on with my regular life, since I never went there anyways. :)

    But, since I was curious, I tried to go to their site from a Verizon FiOS line. Dead.

    This almost reminds me of the wonders of folks playing in IRC back in the day. One kid pisses off another kid, and suddenly folks are getting flooded off the network, and other various DoS attacks. SSDD.

Re:Looks like the block was lifted

[Gravedigger3]

Its not about 4chan, its about censorship. By ignoring this kind of thing we would only let ATT know that they can get away with it. I never visit 4chan but if it turns out that ATT really was trying to censor them then this story deserves all the publicity it can get.

Of course if it really was just ATT's way of responding to a DDoS attack then perhaps everyone overreacted.

Hooboy...

[IonOtter]

This is going to be beyond epic. There's going to be movies made about this a hundred years from now. (It'll be a comedy/tragedy either way, or more probably both)

Re:Hooboy...

The movie will be banned in all 63 states for being approximately 2 hours of child porn strung together with scat jokes.

Re:Hooboy...

[anagama]

100 years from now? should be: "banned in all 6 states"

Re:Hooboy...

[JWSmythe]

    6 states? We have Oceania, Eurasia and Eastasia. What are the other three?

    I was completely thrown by that silly concept of 63 states. According to all the history books I've read, there have always been 3. I already verified this with the RecDep of Minitrue.

What is the real problem?

[BadAnalogyGuy]

The question is whether 4chan is the real problem or the reaction to 4chan is. /b/ is what it is and has been for quite a while. And the American Southern culture also has roots that go back at least 300 years. So in a battle for legitimacy, which one should take precedence over the other?

We can talk about freedom of speech and such, but /b/ is home to content that is occasionally over the line illegal. On the other hand, only those who would actually seek it out would even know about it, so it doesn't make sense to "protect" the fair citizens of Hillbilly Valley by blocking the site.

Raymond Bradbury wrote about this in his seminal work Farenheit 451. Once we start allowing the minority to exert power over the majority in the name of fairness and protection, we lose a critical pillar of our society. Censorship is the first step, but later it will be outright censure.

Let's let that which is illegal stay illegal, and give everyone the benefit of full access, even if they don't want it. But I'm not from the South, so my cultural background doesn't lead me to the conclusion that censorship is better than freedom.

Net Neutrality

[SmarkWoW]

This is about Net Neutrality.

Sure Anonymous is angry about being blocked by 15.5% of internet users, but this is only the first step. Most responses to this blockage are directed toward fighting net neutrality, NOT Anon attacking AT&T because their site was blocked.

Anonymous is trying to fight this peacefully, they're not going to be DDoSing any DNS servers, backbone routers, or the like. They're going to be calling Customer Reps and complaining.

This is a Net Neutrality issue, not a Internet Hate Machine issue.

Thanks,
Smark
http://www.spectralcoding.com/

Re:Net Neutrality

First they came for the 4chan members, and I did not speak out,

because I did not want to be labeled a child molester.

Then they came for...

Re:Net Neutrality

Blocked for a portion (not all markets) of 15.5% of American Internet users

Re:Net Neutrality

[bipbop]

I have mod points, but I'm not using them, because there's no "-1 polite but very, very wrong" option.

To be more specific, I laughed pretty hard at "Anonymous is trying to fight this peacefully, they're not going to be DDoSing any DNS servers, backbone routers, or the like." They're not one person, and they're not a body directed by an individual, and no one controls what the assholes do, so the best you can do is "Some people are urging others not to, and they may or may not care". Good luck with that ;-)

Re:Net Neutrality

[Myuu]

I beg to differ, there is a difference between net neutrality and this, the larger issue of censorship.

Re:Net Neutrality

[SmarkWoW]

I'd just like to point you to a few links explicitly discouraging users from taking illegal actions against this:

ED Article Excerpts:
"1. DON'T FUCK WITH THE LAW- We want to first make use of the rights we have, censorship is violating our rights."
"Acting like an idiot and trying to DDoS them will only end with you being persecuted (and/or prosecuted), and your actions being used as a justification."
"This battle is one we have to fight legally..."
"DO NOT RAGE ON THESE PHONE NUMBERS, SIMPLY COMPLAIN ABOUT THE ISSUE!"

Insurgen Article
Excepts:
"Acting like a retard and trying to DDoS them will only end in them going [A QUOTE]"
"Don't try to DDoS or do ANYTHING illegal or legally ambiguous to AT&T. This is a corporation with more resources, manpower, and preparation than anything you script kiddies have ever dealt with. You will be caught and prosecuted. Go through legal channels and reverse this using legitimate means."

Those are just the ones in the windows I have open.

Obviously there is no way to force someone not to do something, but the intentions are to solve this without any "damages".

Thanks,
Smark
SpectralCoding

Re:Net Neutrality

[lgw]

I don't think AT&T would care too much of the opinion of a group of 15 year olds.

Only a complete moron would sell an entertainment pipeline into American homes and not care about the opinion of a group of 15 year olds! So, yeah, you're probably right.

Re:Net Neutrality

[Opportunist]

If you don't care about the opinion of people who have too much time on their hands, no life and you're the one who just took away the only thing that gave their life something resembling meaning, you have no call center.

Be aware who you're dealing with: People who have time to make you waste time. Time of your employees you have to pay by the hour. That costs money, and a load thereof. Don't underestimate the power of people with more time than you. Especially if being an expensive nuisance doesn't take too much skill.

Re:Net Neutrality

[MaskedSlacker]

OH GOD HOW DO I MOD THIS? Insightful....or funny...or insightful...or funny...or insightful...DEAR GOD WHAT DO I DO?????????1one

Re:Net Neutrality

[Opportunist]

Thinking about all the "internet vigilante groups" that exist, Anonymous is maybe one of the better organized and better "behaved" ones. Actually it surprises me that they haven't been labeled a terrorist group yet, they act coherently and are not under any government's control...

I think one of the reasons why this won't happen is that there's appearantly no "unspoken consensus" that DDoSing would be the right thing. You know, where you essentially say "stay within the law", but secretly everyone wished someone wouldn't. Anonymous is, like most of similar groups, very heavy on peer esteem and peer approval/recognition. Doing what is the general consensus of what's "right" rises your "rank", doing something stupid will lower it, to the point where you will be cast out.

As long as the general population of Anonymous will view it as stupid to launch a full blown DDoS attack against anyone, it will stay calm. Launching a DDoS requires resources the average hotheat might not necessarily have. It takes a wee bit of sophistication (or enough money to buy/rent a botnet), something you won't invest if the chance to piss off the people you want to impress is pretty high.

Once the general consensus changes, take cover.

Re:Net Neutrality

[TuaAmin13]

Actually it surprises me that they haven't been labeled a terrorist group yet

Actually, they have

Re:Net Neutrality

[bipbop]

As in http://www.freewebs.com/gnomemansland/gnometerroristcells.htm? I'd watch your step, terr'ist.

Re:Net Neutrality

[DurendalMac]

Um, have you seen the threads on 4chan about this? Anon is going to fight this peacefully? Yeah, okay, sure, if by "peacefully" you mean "Make fake news stories that the AT&T CEO died to drop their stock price", then yeah.

Re:Net Neutrality

[Knara]

Anonymous has an interesting, inconsistent filtering mechanism for the causes it chooses to champion (the only consistent cause that will be taken up is if someone acts against 4chan or /b/ itself). There's people who post asking for anonymous' help on a daily basis, which are met with replies of "(anonymous or /b/) is not your personal army". Any given incident is likely to feature entirely different groups of individuals, with entirely different ranges of skills.

Simmer Down Now.

[ibaboon]

The block is gone. It was for 4chans own good. They have been DDoSed for weeks. AT&T just stopped access for a short bit. Settle the heck down.

Idiots

[dbcad7]

while some others suggest more drastic action (like cutting AT&T fiber)

And eliminate ANY kind of access for themselves, and others who could care less about their problems.. Just as smart as having riots, burning down the grocery stores and then having no place to buy food.. Destruction as a form of protest only hurts themselves and other innocents.

Re:Idiots

[DerekLyons]

Nobody ever claimed the /b/tards were smart. Clever, created, talent, energetic - sure. But not smart.

Re:Idiots

[Fex303]

Destruction as a form of protest only hurts themselves and other innocents.

"Other innocents"?

You've never actually visited /b/, have you?

Wrong way

[gmuslera]

There are smarter ways to disable 4chan, like this one

this is what's going to happen

[ILuvRamen]

I guarantee they're going to pull an "operation squirrel." That's where you cut tons of fibre with a dull tool so it looks chewed but you do so much that they know it was on purpose. People do that more than you think.

Re:this is what's going to happen

[Xelios]

I think you're confusing what you want to see happen with what actually will. Contrary to popular belief, most of the people over at 4chan aren't terrorists, I very much doubt they'll do anything IRL that might get them into serious legal trouble. Even if the chance of being caught is next to nothing, cutting someone's fiber is a few steps beyond what they normally do. Some of the smarter people there have already realized the best way to fight this is through legal means, calling their support lines, writing them, getting the story to various news organizations etc.

Though it doesn't help that most of 4chan is inaccessible right now, due to (I would guess) another DDoS attack.

Re:this is what's going to happen

[dargaud]

"Operation squirrel": spread peanut butter on your targets...

The Rules?

[Bazman]

Someone broke rule 1 and rule 2 here. Slashdot post ending in 69 does rule 34 on timothy NAO!! Ahma chargin my slashdot layzars! CmdrTaco is now a meme. Ummm. Over 9000?

Honestly, was the phrase "and nothing of value was lost" ever more appropriate?

Re:"Could this all be a hoax...?"

[enoz]

I'm preheating the microwave now to prep some popcorn.

Preheating the Microwave? Do you use tinfoil or lightbulbs?

ACK Attack

[iYk6]

So to stop a DDoS attack on a server, they remove any and all access to that server? Am I the only one seeing the irony here?

The post you responded to is misleading. According to this: http://img193.imageshack.us/img193/2523/1248672053880.png, this was an ACK attack, which causes problems not only for the directly attacked host, but for other users as well.

Ordinarily, a TCP connection is set up when you send a SYN packet to a website, such as 4chan, and then 4chan responds with a ACK, and then you respond again with a SYN-ACK.

Here is how an ACK attack works. I, the attacker, will send a SYN packet to 4chan, but I am pretending to be you, or your IP address. 4chan then sends an ACK packet to you, excepting a SYN-ACK in response. However, you did not initiate the connection, so you send a RST back to 4chan (or nothing at all, depending on your firewall settings).

Then I do it again. And again. I effectively flood both you and 4chan with meaningless traffic. Your traffic problems are even worse, because if you have a firewall blocking the RST packets, then 4chan will send you 4 ACK packets (depending on configuration) for every SYN packet I send them.

In this case, AT&T and other ISPs decided that the simplest solution to ending this DOS against their users was to block packets to and from 4chan (or a specific part of 4chan).

Re:ACK Attack

[dublindan]

I'm in favour to transitioning away from TCP/IP towards SCTP/IP personally. Any future network code I write will be based on SCTP instead of TCP, if I can get away with it. :-P Not only is it more resilient to SYN flooding than TCP is, but it gives me other nice possibilities like multiple streams per connection, multi-homing, the choice of ordered or unordered and the choice of reliable or unreliable. The disadvantage being that its not as widely used, so there may be some associated issues, though Linux, at least, does have SCTP support out of the box :-)

Re:ACK Attack

[Suzuran]

No, a SYN flood is different. In a SYN flood, I attempt to use up every available port on your server by leaving it in a half-open state waiting for a handshake to complete.

Ham-fisted

[kheldan]

Based on what I've been reading about this situation today (was away all of Saturday and most of today) it sounds to me like perhaps someone made what they thought was an insignificant decision to block access to a site they figured nobody really cared about anyway, overstepping their authority I'm sure, and started the shitstorm of the year. Now someone's supervisor has heard about it (probably 3rd hand) and after ripping that person a new asshole, has made them start backing off the blocks. Wouldn't be surprised if someone at AT&T gets fired just to throw some meat to the wolves in the hopes this will all go away. BTW nice ham-fisted attempt to stem the tide of a DDoS botnet, dumbasses.

Re:"Could this all be a hoax...?"

[Opportunist]

Uranium rods, like any sane person.

In related news:

[nilbog]

In other news: AT&T pokes bees nest while wearing meat suit in hungry tiger cage.

Not buying the DOS story

[StreetChip]

There are ways to block DOS attacks other than killing all legitimate website traffic. Alternative scenarios: Skynet? Something went wrong in the Black Mesa Research Facility? Bored at work pranksters in the AT&T central office? Secret CIA plot?

Re:4chan Down

[Simple-Simmian]

LOL

Knuckleheads DDoS 4chan.
AT&T reacts with blocking /b/ and /r9k/.
AT&T removes block.
Some other knuckleheads launch a new bigger attack across all of 4chan.
Blame goes to AT&T.
Knuckleheads sit back and watch.
Priceless.

Re:Freedom and privacy

You have never been punished for exercising your freedom to speak by someone with more money or political clout than you have making you pay for disagreeing with them I see. Being able to be anonymous is basic to free speech.

Re:You know what destroys a sites credibility?

[Fex303]

Yeah, gee, you wouldn't want to destroy the credibility of an esteemed site like 4chan, which up till now has been held in such high regard...

Re:4chan Down

[ChoboMog]

According to http://status.4chan.org/

"Cogent Communications has joined the club-they're now blocking all of 4chan. I can't even access the site at this point. We're working on it..."

So the site isn't down, in the sense that the servers are still running, and its not a DDOS attack but simply a denial of service by the ISPs/Backbones needed to access it. Net Neutrality anyone?...

How does this leave AT&T wrt common carrier st

[Arimus]

If, as appears to be the case, AT&T are actively censoring a site won't this in effect remove their common carrier status so leaving them open to being liable to be prosecuted for any questionable material of any nature which is carried on their network (either to an end user on their network, from a server on their network or traffic routed over their network to/from non-AT&T network end points)...

AT&T DSL user here.

[Alex+Belits]

I can confirm that img.4chan.org and www.4chan.org are unreachable from my home DSL (AT&T/Yahoo in Northern California). Everything works fine once I have routed 207.126.64.0/24 through OpenVPN over a non-AT&T network.

Not blocking 4chan.org for all users

[Futurepower(R)]

The issue was reported on Reddit.com 16 hours ago. At no time, apparently, was access to img.4chan.org slow. Also, at present the IP address 207.126.64.181 connects directly to 4chan.org, as it should.

So, AT&T, is not blocking img.4chan.org, the company is only blocking some of its users. Check 4chan status. Quote: "UPDATE: Some coverage on TechCrunch, Digg, reddit, and Google News. Also, note that AT&T has yet to contact us."

From the 4chan status blog...

[shacky003]

"It's come to our attention that AT&T is filtering/blocking img.4chan.org (/b/ & /r9k/) for many of their customers. There is no remedy at this time. If you've been affected, I would advise you call or write customer support and corporate immediately. UPDATE: Some coverage on TechCrunch, Digg, reddit, and Google News. Also, note that AT&T has yet to contact us. by moot @ 6:41 PM "

Re:"Could this all be a hoax...?"

[FireFury03]

Well that makes no sense. AT&T should be taking no action unless somebody from 4chan calls them up and asks them to block the perceived source of the DDoS..

Sounds like you don't understand what's going on - please educate yourself.

4chan is being SYN flooded, various ISPs were getting a lot of collateral traffic from the resulting ACKs going back to spoofed IPs. Since those ISPs had nothing to do with either the attacker or 4chan, there was nothing they could do but pull the plug on the source of the collateral ACKs (4chan). i.e. the ISPs who blocked 4chan weren't trying to protect 4chan from an attack, they were protecting their own networks from the fallout.

Sadly, like you, the vast majority of users are clueless and won't investigate to see what is only going on. I'm sure there will be a kneejerk reaction against AT&T and the other ISPs who tried to protect themselves and everyone will make out that they are the bad guys.

Re:Freedom and privacy

[roystgnr]

Surely if you believe that you have freedom,

Somewhere in between the unwarranted wiretaps and the indefinite detentions without trials, I decided to stop taking that belief for granted.

you don't need to be anonymous when you speak your mind?

My country was literally founded by people anonymously speaking their minds. I would be very wary of anyone who claims we don't need that right anymore.

Re:"Could this all be a hoax...?"

[FireFury03]

You were doing so great until this bit. Or I hadn't realised that one of the biggest ISPs in the USA lacked the capability to do something as simple as filtering out unwanted ACKs.

That discussion appears to address 2 separate problems, both in infeasible ways:

1. Rejecting unsolicited ACKs - "SYN+ACK -> (check if your network requested it) -> (if yes) -> then -> ALLOW -> else (REJECT)":
It doesn't really expand on a method of doing this, but usually you would use connection tracking, whereby you remember the state of all connections running through the router. This is a pretty resource intensive setup and is nigh on unworkable in networks with asymmetric or non-deterministic routing. I.e. it isn't something that I would expect an ISP as big as AT&T to be able to implement, especially at the drop of a hat. Sure, it's easy enough to do on your home network, but it just ain't going to work at the ISP level without some *serious* effort.

2. Prevention of SYN floods by proxying the connection initialisation:
The method described here will lead to you being able to connect to *any* server, even if it isn't accepting connections. Only once the connection is fully established will the real server be contacted, whereupon you may well discover that the server doesn't accept connections on that port, or doesn't even exist. If my ISP pulled that kind of stunt, I'd be finding a new ISP as soon as possible and I would be advising my customers to do the same because messing with network traffic like that is going to cause all sorts of "weird shit" problems, cause software to use incorrect error messages when reporting failures and generally make debugging network issues absolute hell.

Both of the above methods also suffer from the exact same problem that SYN cookies were invented to prevent - namely, there is a device on the network which has to remember the status of all the pending connections which may have been started by spoofed packets. Sure, your firewall is protecting the real server from seeing these spoofed packets, but the firewall itself will collapse under the load of tracking millions of half-open connections from an attacker.

4chan advertising?

[Futurepower(R)]

YES. But I'm guessing this is not the whole story:

But now 4chan's founder, Moot, has admitted the whole thing was kind of his fault.

"For the past three weeks, 4chan has been under a constant DDoS attack," Moot wrote in an afternoon update. "We were able to filter this specific type of attack in a fashion that was more or less transparent to the end user. ... Unfortunately, as an unintended consequence of the method used, some Internet users received errant traffic from one of our network switches. A handful happened to be AT&T customers."

Block lifted; moot provides details.

[LackThereof]

moot has posted the details on status.4chan.org.

Basically he confirms all the speculation that AT&T blocked 4chan because of ACK bouncebacks from a DDOS. Real /b/tards probably already had off-network proxies at the ready to deal with it.

Also, being on AT&T and unable to access 4chan doesn't necessarily mean that it's been blocked. 4chan is up and down all the time, because they're under constant DDOS attacks, at pretty much all times, from various sources. It seems that DDOSing 4chan is a basic holding pattern for botnets that aren't otherwise occupied.

Here's what happened:

For the past three weeks, 4chan has been under a constant DDoS attack. We were able to filter this specific type of attack in a fashion that was more or less transparent to the end user.

Unfortunately, as an unintended consequence of the method used, some Internet users received errant traffic from one of our network switches. A handful happened to be AT&T customers.

In response, AT&T filtered all traffic to and from our img.4chan.org IPs (which serve /b/ & /r9k/) for their entire network, instead of only the affected customers. AT&T did not contact us prior to implementing the block. Here is their statement regarding the matter.

In the end, this wasn't a sinister act of censorship, but rather a bit of a mistake and a poorly executed, disproportionate response on AT&T's part. Whoever pulled the trigger on blackholing the site probably didn't anticipate [nor intend] the consequences of doing so.

We're glad to see this short-lived debacle has prompted renewed interest and debate over net neutrality and internet censorshipâ"two very important issues that don't get nearly enough attentionâ"so perhaps this was all just a blessing in disguise.

Aside from that, I'll also add that there is some big news due later this week. Keep an eye on the News page, Twitter, and global message for updates.

As always, I can be reached at moot@4chan.org.

---

PS: If any companies would like to hook us up with some better hardware, feel free! The architecture we've got powering this large and influential beast is really quite embarrassing. ( ._.)

Security Officer

[CmdrPorno]

Can you imagine being in charge of AT&T's security? I bet they are now having to monitor every post on /b/ for threats against AT&T.

Job description: "Reading posts about testicles and lolcats. Looking at pictures of naked women."