AT&T. Layer 6-8 needed.

John Bambenek bambenek at gmail.com
Sun Jul 26 23:39:42 CDT 2009


SANS ISC isn't soliciting technical reports, we're interested and 
looking at the issue with a particular eye to 4chan's history of pulling 
pranks.

Then there is the blocking because of the DoS angle, which I admit, 
doesn't seem to fit the facts in this case.

There are AT&T people on this list, I presume, who can speak to the 
issue if need be.

I'd prefer the SANS ISC not get "name dropped" as if we lend credibility 
to this.  We're looking, sure.  That's it.

j

jamie wrote:
> 'Wireless backbone'?
>
> K.
>
> I have a dozen confirmations off list in every time zone.  SANS ISC is
> soliciting technical reports on this; It's on the EFF's Radar.
>
> "This is not a drill"
>
> If any ISP of mine filtered my (where my = brick-and-mortar-corp) access to
> any destination because of another customer (there are *always* technical
> solutions to problems you describe, the one you implemented wouldn't even
> make my list), you'd have one less customer and quite likely a Tortious
> Interference claim..
>
> And, as a (wired) backbone arch, if I ever filtered a host (btw: there are
> five IPs in that /24 being filtered by T) that cut off every customer's
> access to that host or group, I'd expect to not have a job anymore.
>
> If I wanted filtered Internet, I'd sign up for Prodigy.
>
> Check http://status.4chan.org - they're not moving anything at the moment,
> and confirm the filtering.
>
> Debate away, I'm off to bed.
>
> I think 4chan's reaction to this will be bigger than the story itself - No
> need for me to argue what will soon be in the News Cycle.
>
> -j
>
>
>
>
> On Sun, Jul 26, 2009 at 10:20 PM, Shon Elliott <shon at unwiredbb.com> wrote:
>
>   
>> Jamie,
>>
>> Unfortunately, that's not easy with wireless backbones. The customers don't
>> have
>> their own "port". I also know for fact that 4chan is in the process of
>> moving,
>> so what you're seeing could just be that. Them moving.
>>
>>
>> Regards,
>> Shon Elliott
>> Senior Network Engineer
>> unWired Broadband, Inc.
>>
>>
>> jamie wrote:
>>     
>>> It should be blocked at the complaining customer port.
>>>
>>> Not nationwide, and certainly not without announcement.
>>>
>>>
>>> On Sun, Jul 26, 2009 at 10:05 PM, Shon Elliott <shon at unwiredbb.com
>>> <mailto:shon at unwiredbb.com>> wrote:
>>>
>>>     There has been alot of customers on our network who were complaining
>>>     about ACK
>>>     scan reports coming from 207.126.64.181. We had no choice but to
>>>     block that
>>>     single IP until the attacks let up. It was a decision I made with
>>>     the gentleman
>>>     that owns the colo facility currently hosts 4chan. There was no
>>>     other way around
>>>     it. I'm sure AT&T is probably blocking it for the same reason. 4chan
>>>     has been
>>>     under attack for over 3 weeks, the attacks filling up an entire
>>>     GigE. If you
>>>     want to blame anyone, blame the script kiddies who pull this kind of
>>>     stunt.
>>>
>>>     Regards,
>>>     Shon Elliott
>>>     Senior Network Engineer
>>>     unWired Broadband, Inc.
>>>
>>>
>>>     jamie wrote:
>>>     > All,
>>>     >
>>>     >   It appears at AT&T (including DSL, and my own home service via
>>>     u-verse)
>>>     > has unilaterally and without explanation started blocking websites.
>>>     >
>>>     >   I have confirmed this with multiple tests.  (It actually appears
>>>     that
>>>     > these sites are being blocked at a local-global scale -- that is,
>>>       
>> each
>>     
>>>     > city/hub seems to have blackholes for the sites).
>>>     >
>>>     >   The sites I know of I'll list below (see Reddit for a
>>>     discussion), but
>>>     > this is clearly and absolutely unacceptable.  Please, comments on
>>>     the nature
>>>     > of the sites are OT.. Let's keep this thread that way.  (Away from
>>>     being OT,
>>>     > that is).
>>>     >
>>>     >   If any T folk are around, and have gotten wind of this (all
>>>     comments /
>>>     > direct emails will be off record), a reply would be appreciated.
>>>     >
>>>     >   No ears enclosing clue will be reached via normal channels at
>>>     ~950E on a
>>>     > Sunday, but this is clearly a problem needing addressing,
>>>     resolution, action
>>>     > and, who knows - suit?
>>>     >
>>>     >   Thanks in advance all for insight, comments,
>>>     >
>>>     > -jamie
>>>     >
>>>
>>>
>>>
>>>       





More information about the NANOG mailing list