AT&T. Layer 6-8 needed.

William Pitcock nenolod at
Mon Jul 27 00:58:33 CDT 2009

On Sun, 2009-07-26 at 22:37 -0700, Shon Elliott wrote:
> chris rollin wrote:
> > Shon wrote:
> > 
> > Seth,
> > 
> >> I said it could be, not that it is. Thanks for pointing that out. However,
> > I
> >> believe the reason they are being blocked at AT&T is the main reason I
> > supplied
> >> on my first post. The DDoS attack issue is the main ticket here.
> > 
> > The ACK storms arent coming from the 4chan servers
> > It's just like the DNS attack (IN/NS/.).  It points to the stupidity of AT&T
> > uppers
> > SANS: Are you or arent you soliciting data?  I have some to confirm also
> > 
> Actually, they are. They are returning responses to hundreds of thousands of
> SPOOFED SYN requests. Where do you think those are gonna go? The ACKs are gonna
> come back to the network in which IPs were SPOOFed from, essentially, causing a
> DDoS on a network not even really involved.

{citation needed}.

It is possible to send spoofed ACK responses without the SYN ever
happening in the first place.  At any rate, you would think that if this
was really going on that would have an update on the

It is widely known that AT&T loves censorship.  They love censorship
because it is profitable for them to love censorship, and this isn't the
first time they have enmasse blocked access to a website they didn't
like.  This has nothing at all to do with forged ACK responses, and
everything to do with content.

AT&T does not have the right to filter what their users can access,
period.  You can put all the spin on it that you want, but in the end
it's about content.

If this was about protecting their network, then they could do that in a
different way, period end of story.

> >> It's not
> >> because of content, or to piss people off. It's to protect their network,
> > as any
> >> of you would do when you got DDoSed on your own networks.
> > 
> > They are going to get some first hand experience in what Protecting their
> > Network
> > involves real soon, now.  Blocking 4chan was an exercise in Stupidity
> > 
> Is that some kind of threat or what? Why would you even make a statement like that?

Do not underestimate the power of teenagers living in their parents'
basement.  There's a lot of them, and they can't access their favourite
website anymore.

This is going to result in a lot of these families switching to Cable or
an alternative DSL provider.

> >> It's damage control,
> > 
> > It's a damage challenge.
> > 
> >> essentially, until they find out who is involved and block them, then
> > they'll
> >> likely lift the block.
> > 
> > They don't have the right to do this.  Not in their TOS/EULA/User-Agreement.
> >  Not in any sane legal forum.  (I*A*AL)
> > 
> They don't have the right to protect their network? So you're saying, if someone
> is DDoSing your network either direct or indirect, the network operator is just
> supposed to sit there and do nothing while all of it's customers get crappy
> internet service because of something they probably don't even know about or
> care about.

They have the right to protect their network, but not at the cost of
reducing neutrality.  But luckily we live in a free market, and AT&T is
about to lose a lot of business because of that block.  If I were them,
I would fix it now, and be extremely apologetic about this happening.

> >> This ISN'T the first time this has happened.
> > 
> Don't cut it off there. This ISN'T the first time it's happened, as 4chan goes
> through DDoSes from script kiddies on a regular basis, and it harms lots of
> networks along the way in the process.

No, he means, this isn't the first time AT&T has degraded service as a
matter of policy.

> > Exactly.
> > 
> > Now you see the problem ?
> > 
> The problem is the DDoS attacks. Not AT&T. 4chan's users constantly instigate
> this. Chris Poole needs to do more than just sit back and watch. He needs to
> start collecting this information and turning it in to the authorities, because
> all of this is convered under domestic terrorism as a cyber-crime. I'm betting
> there's reasons why he hasn't. He's afraid to get into trouble himself on some
> of the content that's posted to /b/... whether it's there 5 seconds or 5 minutes.

There you go right there.  It's about the content.  End of story.

William Pitcock
SystemInPlace - Simple Hosting Solutions

More information about the NANOG mailing list