AT&T. Layer 6-8 needed.
John Bambenek
bambenek at gmail.com
Mon Jul 27 04:39:42 UTC 2009
SANS ISC isn't soliciting technical reports, we're interested and
looking at the issue with a particular eye to 4chan's history of pulling
pranks.
Then there is the blocking because of the DoS angle, which I admit,
doesn't seem to fit the facts in this case.
There are AT&T people on this list, I presume, who can speak to the
issue if need be.
I'd prefer the SANS ISC not get "name dropped" as if we lend credibility
to this. We're looking, sure. That's it.
j
jamie wrote:
> 'Wireless backbone'?
>
> K.
>
> I have a dozen confirmations off list in every time zone. SANS ISC is
> soliciting technical reports on this; It's on the EFF's Radar.
>
> "This is not a drill"
>
> If any ISP of mine filtered my (where my = brick-and-mortar-corp) access to
> any destination because of another customer (there are *always* technical
> solutions to problems you describe, the one you implemented wouldn't even
> make my list), you'd have one less customer and quite likely a Tortious
> Interference claim..
>
> And, as a (wired) backbone arch, if I ever filtered a host (btw: there are
> five IPs in that /24 being filtered by T) that cut off every customer's
> access to that host or group, I'd expect to not have a job anymore.
>
> If I wanted filtered Internet, I'd sign up for Prodigy.
>
> Check http://status.4chan.org - they're not moving anything at the moment,
> and confirm the filtering.
>
> Debate away, I'm off to bed.
>
> I think 4chan's reaction to this will be bigger than the story itself - No
> need for me to argue what will soon be in the News Cycle.
>
> -j
>
>
>
>
> On Sun, Jul 26, 2009 at 10:20 PM, Shon Elliott <shon at unwiredbb.com> wrote:
>
>
>> Jamie,
>>
>> Unfortunately, that's not easy with wireless backbones. The customers don't
>> have
>> their own "port". I also know for fact that 4chan is in the process of
>> moving,
>> so what you're seeing could just be that. Them moving.
>>
>>
>> Regards,
>> Shon Elliott
>> Senior Network Engineer
>> unWired Broadband, Inc.
>>
>>
>> jamie wrote:
>>
>>> It should be blocked at the complaining customer port.
>>>
>>> Not nationwide, and certainly not without announcement.
>>>
>>>
>>> On Sun, Jul 26, 2009 at 10:05 PM, Shon Elliott <shon at unwiredbb.com
>>> <mailto:shon at unwiredbb.com>> wrote:
>>>
>>> There has been alot of customers on our network who were complaining
>>> about ACK
>>> scan reports coming from 207.126.64.181. We had no choice but to
>>> block that
>>> single IP until the attacks let up. It was a decision I made with
>>> the gentleman
>>> that owns the colo facility currently hosts 4chan. There was no
>>> other way around
>>> it. I'm sure AT&T is probably blocking it for the same reason. 4chan
>>> has been
>>> under attack for over 3 weeks, the attacks filling up an entire
>>> GigE. If you
>>> want to blame anyone, blame the script kiddies who pull this kind of
>>> stunt.
>>>
>>> Regards,
>>> Shon Elliott
>>> Senior Network Engineer
>>> unWired Broadband, Inc.
>>>
>>>
>>> jamie wrote:
>>> > All,
>>> >
>>> > It appears at AT&T (including DSL, and my own home service via
>>> u-verse)
>>> > has unilaterally and without explanation started blocking websites.
>>> >
>>> > I have confirmed this with multiple tests. (It actually appears
>>> that
>>> > these sites are being blocked at a local-global scale -- that is,
>>>
>> each
>>
>>> > city/hub seems to have blackholes for the sites).
>>> >
>>> > The sites I know of I'll list below (see Reddit for a
>>> discussion), but
>>> > this is clearly and absolutely unacceptable. Please, comments on
>>> the nature
>>> > of the sites are OT.. Let's keep this thread that way. (Away from
>>> being OT,
>>> > that is).
>>> >
>>> > If any T folk are around, and have gotten wind of this (all
>>> comments /
>>> > direct emails will be off record), a reply would be appreciated.
>>> >
>>> > No ears enclosing clue will be reached via normal channels at
>>> ~950E on a
>>> > Sunday, but this is clearly a problem needing addressing,
>>> resolution, action
>>> > and, who knows - suit?
>>> >
>>> > Thanks in advance all for insight, comments,
>>> >
>>> > -jamie
>>> >
>>>
>>>
>>>
>>>
More information about the NANOG
mailing list