

AT&T's response to the 4chan blocking - tlrobinson
http://www.att.com/gen/press-room?pid=4800&cdvn=news&newsarticleid=26970

======
devicenull
As usual, the internet has overreacted vastly to something simple.

~~~
Xichekolas
As usual, _a lack of transparency allowed the spread of misinformation which
created an overreaction to something simple_.

Fixed that for you.

AT&T could have nipped this in the bud if it hadn't taken nearly 24 hours to
respond. It could even just publish an RSS feed listing actions like this.

When you are already somewhat infamous for wiretapping and being a government
stooge, and you don't provide any information to the contrary, people are
going to generally assume the worst about your intentions.

~~~
jm4
The story broke on a Sunday. As for lack of transparency, do you really expect
any company to keep us all apprised of every routine decision that's made?
That's right- routine decision. It was probably made by a relatively low level
employee to whom it never occurred there might be some sort of uproar worth
responding to. I don't like ATT either, but be realistic.

~~~
Xichekolas
Sorry I wasn't trying to blame AT&T. I was pointing out that the uproar was
due to a vacuum of legit information, so the only noise echoing around the net
was that put out by the tin hats.

I said AT&T _could_ have nipped this in the bud by responding sooner or
providing a log of blocks/unblocks, not that I honestly expect it to. You're
totally right that it was most likely a low level decision, and it would be
impossible for some AT&T tech to know that img.4chan.org is not the same as
joesblog.nowhereville.com, which no one would notice being blocked for a day.

So yeah, re-reading my comment, I can see how it comes across that I am
blaming all this on AT&T. Honestly, when this started, and the only signal was
"AT&T was censoring the internet", I was even mad at them for it. But we have
since learned otherwise, and I wasn't trying to demonize them here... just
pointing out the factors that combined to bring about the overreaction.

~~~
devicenull
Right, but there's no way to tell img.4chan.org from some random blog. Sure
you can look at whois, but if you do this in this case, you get NetAssist,
which seems to be the hosting company. It's likely they never forwarded the
messages to the owners of the server.

Unless you expect the DC techs to nmap servers to find services to identify
them. Would you know the IP to HN if it popped up in a firewall log?

~~~
Xichekolas
Which is exactly what I meant when I said this:

 _"and it would be impossible for some AT &T tech to know that img.4chan.org
is not the same as joesblog.nowhereville.com, which no one would notice being
blocked for a day"_

But you said it much better than I could.

~~~
devicenull
Ah right, I had thought you were talking about the issues caused by blocking
them, not necessarily recognizing them.

------
zargon
Can anyone explain how blocking _incoming_ access to a server reduces the
affect of that server's _outgoing_ traffic (presumably required if it was
participating in a DOS attack)?

Or are they saying that people who happened to visit img.4chan.org were also
participating in a DOS attack... in which case, people who participate in DOS
attacks also probably visit google.com, so lets just block access to google.

Smells fishy.

~~~
jf
It's possible that the DOS attack was coming from forged IP addresses which
the 4chan server was responding to.

------
jrockway
Why would img.4chan.org DoS an AT&T customer? It's a webserver, not a botnet.

~~~
tlrobinson
Attacker spoofs source IPs (with an AT&T customer's IP) of SYN packets.
img.4chan.org responds with SYN-ACKs to the spoofed IP.

It's one of the reasons why this is important:
<http://www.faqs.org/rfcs/bcp/bcp38.html>

~~~
jrockway
This makes more sense now.

Some evildoer hates 4chan, and wants to shut it down. Failing to do so by
technical means, he makes it appear that 4chan is DoS-ing someone. AT&T blocks
4chan, and the hacker succeeds in DoS-ing 4chan.

~~~
socillion
anontalk. <http://insurgen.info/wiki/AnonTalk> for some (biased) history. Btw,
that guy is _probably_ DoSing 4chan. He also constantly spams it with stuff
for anontalk. As the link might illustrate, he doesn't have any friends on the
*chans. Suspect #1?

------
Morieris
The whole internet rage thing could have been avoided if AT&T posted this
_before_ blocking 4chan.

