AT&T. Layer 6-8 needed.
bambenek at gmail.com
Mon Jul 27 04:39:42 UTC 2009
SANS ISC isn't soliciting technical reports, we're interested and
looking at the issue with a particular eye to 4chan's history of pulling
Then there is the blocking because of the DoS angle, which I admit,
doesn't seem to fit the facts in this case.
There are AT&T people on this list, I presume, who can speak to the
issue if need be.
I'd prefer the SANS ISC not get "name dropped" as if we lend credibility
to this. We're looking, sure. That's it.
> 'Wireless backbone'?
> I have a dozen confirmations off list in every time zone. SANS ISC is
> soliciting technical reports on this; It's on the EFF's Radar.
> "This is not a drill"
> If any ISP of mine filtered my (where my = brick-and-mortar-corp) access to
> any destination because of another customer (there are *always* technical
> solutions to problems you describe, the one you implemented wouldn't even
> make my list), you'd have one less customer and quite likely a Tortious
> Interference claim..
> And, as a (wired) backbone arch, if I ever filtered a host (btw: there are
> five IPs in that /24 being filtered by T) that cut off every customer's
> access to that host or group, I'd expect to not have a job anymore.
> If I wanted filtered Internet, I'd sign up for Prodigy.
> Check http://status.4chan.org - they're not moving anything at the moment,
> and confirm the filtering.
> Debate away, I'm off to bed.
> I think 4chan's reaction to this will be bigger than the story itself - No
> need for me to argue what will soon be in the News Cycle.
> On Sun, Jul 26, 2009 at 10:20 PM, Shon Elliott <shon at unwiredbb.com> wrote:
>> Unfortunately, that's not easy with wireless backbones. The customers don't
>> their own "port". I also know for fact that 4chan is in the process of
>> so what you're seeing could just be that. Them moving.
>> Shon Elliott
>> Senior Network Engineer
>> unWired Broadband, Inc.
>> jamie wrote:
>>> It should be blocked at the complaining customer port.
>>> Not nationwide, and certainly not without announcement.
>>> On Sun, Jul 26, 2009 at 10:05 PM, Shon Elliott <shon at unwiredbb.com
>>> <mailto:shon at unwiredbb.com>> wrote:
>>> There has been alot of customers on our network who were complaining
>>> about ACK
>>> scan reports coming from 126.96.36.199. We had no choice but to
>>> block that
>>> single IP until the attacks let up. It was a decision I made with
>>> the gentleman
>>> that owns the colo facility currently hosts 4chan. There was no
>>> other way around
>>> it. I'm sure AT&T is probably blocking it for the same reason. 4chan
>>> has been
>>> under attack for over 3 weeks, the attacks filling up an entire
>>> GigE. If you
>>> want to blame anyone, blame the script kiddies who pull this kind of
>>> Shon Elliott
>>> Senior Network Engineer
>>> unWired Broadband, Inc.
>>> jamie wrote:
>>> > All,
>>> > It appears at AT&T (including DSL, and my own home service via
>>> > has unilaterally and without explanation started blocking websites.
>>> > I have confirmed this with multiple tests. (It actually appears
>>> > these sites are being blocked at a local-global scale -- that is,
>>> > city/hub seems to have blackholes for the sites).
>>> > The sites I know of I'll list below (see Reddit for a
>>> discussion), but
>>> > this is clearly and absolutely unacceptable. Please, comments on
>>> the nature
>>> > of the sites are OT.. Let's keep this thread that way. (Away from
>>> being OT,
>>> > that is).
>>> > If any T folk are around, and have gotten wind of this (all
>>> comments /
>>> > direct emails will be off record), a reply would be appreciated.
>>> > No ears enclosing clue will be reached via normal channels at
>>> ~950E on a
>>> > Sunday, but this is clearly a problem needing addressing,
>>> resolution, action
>>> > and, who knows - suit?
>>> > Thanks in advance all for insight, comments,
>>> > -jamie
More information about the NANOG