As usual, a lack of transparency allowed the spread of misinformation which created an overreaction to something simple.
Fixed that for you.
AT&T could have nipped this in the bud if it hadn't taken nearly 24 hours to respond. It could even just publish an RSS feed listing actions like this.
When you are already somewhat infamous for wiretapping and being a government stooge, and you don't provide any information to the contrary, people are going to generally assume the worst about your intentions.
The story broke on a Sunday. As for lack of transparency, do you really expect any company to keep us all apprised of every routine decision that's made? That's right- routine decision. It was probably made by a relatively low level employee to whom it never occurred there might be some sort of uproar worth responding to. I don't like ATT either, but be realistic.
Sorry I wasn't trying to blame AT&T. I was pointing out that the uproar was due to a vacuum of legit information, so the only noise echoing around the net was that put out by the tin hats.
I said AT&T could have nipped this in the bud by responding sooner or providing a log of blocks/unblocks, not that I honestly expect it to. You're totally right that it was most likely a low level decision, and it would be impossible for some AT&T tech to know that img.4chan.org is not the same as joesblog.nowhereville.com, which no one would notice being blocked for a day.
So yeah, re-reading my comment, I can see how it comes across that I am blaming all this on AT&T. Honestly, when this started, and the only signal was "AT&T was censoring the internet", I was even mad at them for it. But we have since learned otherwise, and I wasn't trying to demonize them here... just pointing out the factors that combined to bring about the overreaction.
Right, but there's no way to tell img.4chan.org from some random blog. Sure you can look at whois, but if you do this in this case, you get NetAssist, which seems to be the hosting company. It's likely they never forwarded the messages to the owners of the server.
Unless you expect the DC techs to nmap servers to find services to identify them. Would you know the IP to HN if it popped up in a firewall log?
"and it would be impossible for some AT&T tech to know that img.4chan.org is not the same as joesblog.nowhereville.com, which no one would notice being blocked for a day"
When I first read your comment it did seem like you were blaming ATT. In retrospect that may be because I was thinking about it in the context of all this nerd rage over this thing. Maybe I jumped the gun a little bit.
Can anyone explain how blocking incoming access to a server reduces the affect of that server's outgoing traffic (presumably required if it was participating in a DOS attack)?
Or are they saying that people who happened to visit img.4chan.org were also participating in a DOS attack... in which case, people who participate in DOS attacks also probably visit google.com, so lets just block access to google.
They probably blocked the IP traffic rather than the TCP traffic. That way, the just discard headers that say to/from: 4chan
TO do it the way you're suggesting (via TCP stream) would suggest they maintain a state machine of their entire user base, knowing who initiates connections to whom. This would require a whole friggin' lot more resources.
Some evildoer hates 4chan, and wants to shut it down. Failing to do so by technical means, he makes it appear that 4chan is DoS-ing someone. AT&T blocks 4chan, and the hacker succeeds in DoS-ing 4chan.
anontalk. http://insurgen.info/wiki/AnonTalk for some (biased) history. Btw, that guy is probably DoSing 4chan. He also constantly spams it with stuff for anontalk. As the link might illustrate, he doesn't have any friends on the *chans. Suspect #1?
