AT&T. Layer 6-8 needed.

Shon Elliott shon at
Mon Jul 27 06:15:26 UTC 2009

William Pitcock wrote:
> On Sun, 2009-07-26 at 22:37 -0700, Shon Elliott wrote:
>> chris rollin wrote:
>>> Shon wrote:
>>> Seth,
>>>> I said it could be, not that it is. Thanks for pointing that out. However,
>>> I
>>>> believe the reason they are being blocked at AT&T is the main reason I
>>> supplied
>>>> on my first post. The DDoS attack issue is the main ticket here.
>>> The ACK storms arent coming from the 4chan servers
>>> It's just like the DNS attack (IN/NS/.).  It points to the stupidity of AT&T
>>> uppers
>>> SANS: Are you or arent you soliciting data?  I have some to confirm also
>> Actually, they are. They are returning responses to hundreds of thousands of
>> SPOOFED SYN requests. Where do you think those are gonna go? The ACKs are gonna
>> come back to the network in which IPs were SPOOFed from, essentially, causing a
>> DDoS on a network not even really involved.
> {citation needed}.
> It is possible to send spoofed ACK responses without the SYN ever
> happening in the first place.  At any rate, you would think that if this
> was really going on that would have an update on the
> topic.

Regardless of that, I have logs from firewalls to show that it's happening. So
what, do I have to post them here to prove that it's happening?

> It is widely known that AT&T loves censorship.  They love censorship
> because it is profitable for them to love censorship, and this isn't the
> first time they have enmasse blocked access to a website they didn't
> like.  This has nothing at all to do with forged ACK responses, and
> everything to do with content.

Yes, they do love censorship. I agree. You got me there.. But for ME it was
about the forged ACK responses. I already lifted my block on it some time ago.
It was temporary while I figured out some other ways to lessen the attack.

> AT&T does not have the right to filter what their users can access,
> period.  You can put all the spin on it that you want, but in the end
> it's about content.

I'm not putting any spin on why they did what they did. I'm just stating I know
some of the facts and saying what I did and WHY I did it.

> If this was about protecting their network, then they could do that in a
> different way, period end of story.

Maybe they can. I don't know the situation. For a small ISP such as us, we don't
have a lot of alternatives. It's not like we're made of AT&T's billions of dollars.

>>>> It's not
>>>> because of content, or to piss people off. It's to protect their network,
>>> as any
>>>> of you would do when you got DDoSed on your own networks.
>>> They are going to get some first hand experience in what Protecting their
>>> Network
>>> involves real soon, now.  Blocking 4chan was an exercise in Stupidity
>> Is that some kind of threat or what? Why would you even make a statement like that?
> Do not underestimate the power of teenagers living in their parents'
> basement.  There's a lot of them, and they can't access their favourite
> website anymore.
> This is going to result in a lot of these families switching to Cable or
> an alternative DSL provider.

I bet if half of the parents knew what their kids were doing on the internet...
this wouldn't be a problem.

>>>> It's damage control,
>>> It's a damage challenge.
>>>> essentially, until they find out who is involved and block them, then
>>> they'll
>>>> likely lift the block.
>>> They don't have the right to do this.  Not in their TOS/EULA/User-Agreement.
>>>  Not in any sane legal forum.  (I*A*AL)
>> They don't have the right to protect their network? So you're saying, if someone
>> is DDoSing your network either direct or indirect, the network operator is just
>> supposed to sit there and do nothing while all of it's customers get crappy
>> internet service because of something they probably don't even know about or
>> care about.
> They have the right to protect their network, but not at the cost of
> reducing neutrality.  But luckily we live in a free market, and AT&T is
> about to lose a lot of business because of that block.  If I were them,
> I would fix it now, and be extremely apologetic about this happening.

Okay, so how do YOU block the attacks from eating up your bandwidth and filling
up your logs without blocking the entire IP?

>>>> This ISN'T the first time this has happened.
>> Don't cut it off there. This ISN'T the first time it's happened, as 4chan goes
>> through DDoSes from script kiddies on a regular basis, and it harms lots of
>> networks along the way in the process.
> No, he means, this isn't the first time AT&T has degraded service as a
> matter of policy.

I suppose that's possible. I've been on AT&T's network as a home user and have
not really experienced that before.

>>> Exactly.
>>> Now you see the problem ?
>> The problem is the DDoS attacks. Not AT&T. 4chan's users constantly instigate
>> this. Chris Poole needs to do more than just sit back and watch. He needs to
>> start collecting this information and turning it in to the authorities, because
>> all of this is convered under domestic terrorism as a cyber-crime. I'm betting
>> there's reasons why he hasn't. He's afraid to get into trouble himself on some
>> of the content that's posted to /b/... whether it's there 5 seconds or 5 minutes.
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> There you go right there.  It's about the content.  End of story.

No, the problem is that he won't do anything about it. I doubt AT&T is doing it
for censorship reasons, but that's speculation on my part. But don't sit there
and take the second half of my sentence to make a point like that. Chris CAN do
something about it, he just won't. Why do you think that is?

> William

More information about the NANOG mailing list