AT&T Blocks 4chan Over DDoS... But May Not Like What Happens Next...

from the that-would-not-be-a-good-thing... dept

A few folks have submitted the news that, apparently, AT&T is blocking access to a certain subdomain of 4chan. I just checked on my own AT&T DSL account and it's true that I can't get there (I can get there if I don't go via AT&T). That doesn't mean that AT&T definitely is blocking it, but there are reports that folks at AT&T have admitted that it's true. If you don't know what 4chan is, the 4chan Wikipedia page is probably the best way to understand it. Even if the site is controversial for some, it does seem quite extreme for AT&T to do an outright block, without any official warning or immediate explanation. Outright blocking of websites, without recourse and without a clear explanation of why, is extremely questionable and the sort of "net neutrality" violation that the FCC would likely come down hard against. If it's true that there's a block, perhaps AT&T is assuming that no one serious (such as the FCC) would come to the defense of 4chan, but that might be a mistake (in part because AT&T probably won't like what happens when 4chan decides to come to its own defense). Hopefully this will be explained away as a mistake. So far, the best explanation I've seen is (via 4chan) the claim that the subdomain was involved in some sort of DDoS attack, but you would think that, if that were the case, AT&T would have just made that clear from the beginning. Not coming out with a clear and concise explanation just looks bad, and seems to be stirring up 4chan folks to make a statement -- something AT&T almost certainly does not want. AT&T may be able to tap your phones, but getting on the wrong side of 4chan seems like a bad, bad idea.

Update: As expected, AT&T has confirmed (as we believed) that this was over a DDoS attack:
Beginning Friday, an AT&T customer was impacted by a denial-of-service attack stemming from IP addresses connected to img.4chan.org. To prevent this attack from disrupting service for the impacted AT&T customer, and to prevent the attack from spreading to impact our other customers, AT&T temporarily blocked access to the IP addresses in question for our customers. This action was in no way related to the content at img.4chan.org; our focus was on protecting our customers from malicious traffic.

Overnight Sunday, after we determined the denial-of-service threat no longer existed, AT&T removed the block on the IP addresses in question. We will continue to monitor for denial-of-service activity and any malicious traffic to protect our customers.
That said, I still think AT&T failed here, in that they did not make this clear from the outset. If they had stated upfront what the situation was, in conjunction with the temporary block, they would have been much better off. But by silently blocking, they kicked off a firestorm that had to have been expected by anyone aware of 4chan.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Justin, Jul 27th, 2009 @ 12:51am

    Way to go AT&T to block one of the top 5 most popular sites on the entire web.

    4chan's clientele aren't the most forgiving people I've seen, either.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Ilfar, Jul 27th, 2009 @ 12:59am

    DDoS FROM 4chan?

    I think they'll find that, while it may be people from 4chan doing things like DDoSing, it won't be 4chan itself doing the attacks. Start down that road, and you'll probably find that just about any site that has excitable folk on it can be accused of organising a DDoS at some point...

    I'm glad I stocked up on popcorn, this one promises to be entertaining :D

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    scarr (profile), Jul 27th, 2009 @ 1:08am

    I wonder what AT&T's home page will say tomorrow morning. It probably won't be what AT&T thinks it says.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    JackSombra (profile), Jul 27th, 2009 @ 1:33am

    Now owners own ISP blocking him

    hmm according to to wiki now moot's (site owner) own isp (Cogent Communications) is blocking 4chan

    If this is true got feeling this whole thing will be related to the DDos attacks, if you look at 4chan status page they were under DDoS attack themselves just over a week ago

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    kerry (profile), Jul 27th, 2009 @ 1:46am

    I fear for AT&T's site it was indeed intentional.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Paul S., Jul 27th, 2009 @ 2:18am

    4chan appears to be under attack right now..

    The site appears to be glacially slow right now and some boards are not accessible at all. It's probably a continuation of the attack(s) that started last week. moot has backed off the claim that his own isp is blocking him btw, I suspect that it's just slow..

    It's a serious attack though..

    Who have (haven't) they annoyed this time?

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 2:58am

    Network Neutrality? Hah!

    I remember a few years ago when the US invaded Iraq and France didn't go along with it. Cox was my ISP at the time and I suddenly couldn't directly connect to any addresses assigned to French based ISPs, but I could if I went through a proxy. I went round and round with Cox tech support who swore up and down that Cox wasn't blocking those addresses and that they would know if they were. Well, finally I pulled some strings and got an engineering insider at Cox to check for me. Sure enough, the network administrator for my region had put a block on those addresses. So it wasn't nationwide, just my region. His excuse was that the network was under DDOS attack. From every ISP in the whole country of France, apparently. Funny that none of the the Cox networks in any other regions noticed this "attack". Funny also that the block remained in place for almost 2 years, until Cox sold the system to another company who then lifted the block. My insider friend speculated that the admin probably had a stick up his butt about France not supporting the invasion and decided it was his patriotic duty to block access to French ISPs in retaliation.

    Any way, the moral of the story is that ISPs can and do block things, even for political reasons, and I have yet to see the FCC do anything about it. They can always claim it's for "security" if they have to.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    aguywhoneedstenbucks (profile), Jul 27th, 2009 @ 3:40am

    Common Carrier

    If it wasn't involved in a DDOS attack, doesn't this mean AT&T could stand to lose it's common carrier status?

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 3:45am

    AT&T blocked AOL from their backbone a few years back, without warnings or explanations, due to DDoS attacks and AOL's lack of action to stop it. So AT&T blocked AOL for several days, and AOL users were left stranded on a small part of the American network and no where to go.

    So it's not the first and won't be the last they take care of the issue first, and publicly address it later.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 3:53am

    4chan being blocked

    AS far as I can tell, it's most of At&T's service that's blocking the img.4chan.org domain, which hosts the two least work-safe boards, /b/ and /r9k/.

    This is something that is, as far as I can tell, highly suspicious AND a dangerous precedent for neutrality.

    But I am completely unsurprised by who has done this.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 4:09am

    I have ATT and i seem to be able to get there just fine.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 5:18am

    LOLCATZ

    AT&T iz in ur web, blockin ur 4chan.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 5:22am

    http://img193.imageshack.us/img193/2523/1248672053880.png

    Screenshot of an email from the president of UnWired (another ISP that also blocked img.4chan.org, or more specifically the IP address for that subdomain).

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Andrew (profile), Jul 27th, 2009 @ 5:24am

    Oooh, fireworks. I can't wait.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    NullOp, Jul 27th, 2009 @ 5:36am

    Blocking

    I pay AT&T for access not censorship! Unfortunately, AT&T is one of those big corporations that can make up truths endlessly and almost never get tagged for it. I hope this is not the case.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 5:56am

    Can't wait to see how the btards react to this. AT&T will learn a thing or two about scientology, probably. Ilfar, can I borrow some of your pop corn?

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 6:18am

    Metblogs reports that the block is up (or it never actually happened), which would be very, very boring.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    feelsgoodman, Jul 27th, 2009 @ 6:40am

    AT&T's closed

    All there IP's have AIDS.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 6:43am

    4chan should just be blocked by everyone .. talk about a waste of resources and a gathering of the stupidest people ever... heh. Plus now they make the "news" so expect more stupid people to join. Like they needed the exposure.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 7:01am

    Goddamnit! I just changed from Time Warner's bandwidth capping asses to this crap. Now I've got to change again?!?!

    Is there an ISP out there that doesn't suck?

    In a related note, this /b/tard appears to still have access...lurking whilst I can.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Me, Jul 27th, 2009 @ 7:07am

    Re: blocked by everyone

    Not the point.
    If you like their content or not is not the issue. If there are people wanting to go there (and clearly there are) then who are you, or AT&T, to say they should/cannot?

    If people started blocking anything they simply didn't approve of than the web would be gone for good.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    minijedimaster (profile), Jul 27th, 2009 @ 7:11am

    Re:

    Dude, shhhhhh! you might bring their unholy wrath down on us!

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 7:13am

    AT&T has NO idea who they are dealing with do they?

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 7:20am

    The particular server being blocked has been under heavy DDOS attack for weeks now. Due to the nature of the attack being used, the DDOS not only floods the server, but also a large amount of AT&T's customers. The block was temporary to stem the effects of the attack on their customers, and I believe has been lifted already.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Lucretious, Jul 27th, 2009 @ 7:42am

    good christ, does anyone at AT&T know what they're doing? 4Chan maniacs live for this kind of stuff.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Easily Amused, Jul 27th, 2009 @ 8:23am

    Re: 4chan being blocked

    umm... I know you didn't just say that /b/ was work safe...

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Mark Gisleson (profile), Jul 27th, 2009 @ 8:44am

    this DSL user not blocked

    My DSL is through Qwest, but more important (I think) is the fact that I use a private ISP.

    Altho I'd never been to 4chan, I had no trouble accessing their site.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    JackSombra (profile), Jul 27th, 2009 @ 8:51am

    Re:

    "talk about a waste of resources and a gathering of the stupidest people ever"
    And this is a good, could you imagine if they had no "home" anymore, they would spread everywhere else

    My 4chan live forever

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 9:15am

    Re: Re: 4chan being blocked

    I'm not the person who wrote the post, but he said "least work-safe"

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 10:43am

    I don't think it's highly believable that they would block a whole site because "an AT&T customer" (note the singular) had a problem. Or at least, that's as dangerous as blocking it because they don't like it. They can always come up with a single user who has problems with a site they don't like. Specially since they blocked /b/ and not, say /ck/ (you had to check to know which one that is, right?).

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    Ben (profile), Jul 27th, 2009 @ 11:25am

    Unlikely 4chan was "attacking" AT&T

    What most likely happened is, large numbers of AT&T customers are compromised, and were unknowingly used as zombies to attack 4chan.

    This to someone obviously incompetent at AT&T looked like 4chan attacking AT&T. So instead of blocking the customers or providing them with information on how to uninflect their computers, the problem still exists.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    batch, Jul 27th, 2009 @ 12:27pm

    Better description of 4chan

    I prefer the Encyclopedia Dramatica's wiki explaining 4chan:
    http://encyclopediadramatica.com/4chan (NSFW)

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Free Capitalist, Jul 27th, 2009 @ 12:31pm

    Re:

    I don't think it's highly believable that they would block a whole site because "an AT&T customer" (note the singular) had a problem.


    By 'a customer', I'm pretty sure AT&T meant something like "Mega Corp A's entire visible network and corporate-wide public access infrastructure" rather than 'a person'.

    I agree with another poster: if it looked like the DDoS came from 4chan, it was probably just a springboard rather than the originator. That being said, a network administrator, particularly one with so many people depending on its service, really *needs to actively defend against attacks when they are in progress. Its not just commerce that gets disrupted, but also free-commerce.

    As long as they actually restore access to innocent sites caught up in the DDoS, I don't see a problem with what they did.

    Still.... it had to be 4Chan. Poor AT&T.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    Clark Cox (profile), Jul 27th, 2009 @ 2:47pm

    Umm, if the attack from (compromised) AT&T customer machines is causing trouble with AT&T's network, then they should cut off those customers until they clean up their machines. block the people actually causing the problems, not the target of the attack. Problem solved.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Anonymous Coward, Jul 27th, 2009 @ 4:08pm

    the problem was that 4chan was under a DDOS, specifically a Syn flood basically person A spams the server with connect requests while saying he is really person C, the server sends things to person C but person C isn't expecting anything and so with ignores the response or responds with an error. this creates a huge load not only on the server, but Person C and in this case Person C happens to be on AT&T so AT&T cut off access to the server for a bit to stop the flow

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    ace, Jul 28th, 2009 @ 2:07am

    And once again, it NEVER fails with the incessant lying, as lying is a way of life for these hacker creeps. I salute AT&T for blocking viruses, trojans and nasty spider scripts, as that is what the REAL truth is as to WHY AT&T has flashed the middle finger [blocked] to 4 Chan. Why should AT&T waste time and energy in dealing with viruses, trojans and uncontrollable script programs emanating from the 4 Chan site?

    I don't condone censorship and I certainly don't condone lies "in the name of lulz". The only thing 4 Chan has proven again and again, is that they are infantile and violent. A bunch of two year olds who go on tirades. And just like an out of control two year old, they need some REAL hard slaps from the school of hard knocks.

    Any consequences or denial of internet access to AT&T customers due to NAZI actions emanating from 4 Chan [or any other hacker creeps for that matter], I pray that they are caught, rounded up, prosecuted beyond the extent of the law, thrown in a windowless cell and locked up forever until the day they die.

    I commend AT&T for taking the step forward and I sincerely hope that other ISP'S follow suit ASAP. ENOUGH IS ENOUGH. Hackers cause destruction, chaos, waste everyones time and energy. Normal people on the net are SICK AND TIRED of these two year old tantrum antics that 4 Chan displays on a daily basis. These hacker creeps really and truly need to GROW THE F*** UP.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    A.N.Idiot, Jul 28th, 2009 @ 5:20am

    Re:

    Nitpicking, but technically, those on 4Chan are crackers; hackers is the general term for people messing with code in general.

    Also, the key thing is that this wasn't announced in the initial report by AT&T. This, more than anything, makes it look very suspicious, and more like the update was more damage limitation.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Anonymous Coward, Jul 28th, 2009 @ 7:07am

    Re:

    uh, they weren't sending out viruses or trojans and if they were, blocking the webserver doesn't do anything to slow the propagation. While most on 4chan are infantile and some know how to use scripts most know nothing about hacking or cracking. Their main form of attack on other websites is to flood the forums with junk, the ones that have any capability to do real damage are few and far between.

    you need to learn a bit more before you go on a tirade.

    here is a network engineer from unWired explaining why they had blocked 4Chan as well

    "There has been alot of customers on our network who were complaining about ACK
    scan reports coming from 207.126.64.181. We had no choice but to block that
    single IP until the attacks let up. It was a decision I made with the gentleman
    that owns the colo facility currently hosts 4chan. There was no other way around
    it. I'm sure AT&T is probably blocking it for the same reason. 4chan has been
    under attack for over 3 weeks, the attacks filling up an entire GigE. If you
    want to blame anyone, blame the script kiddies who pull this kind of stunt.

    Regards,
    Shon Elliott
    Senior Network Engineer
    unWired Broadband, Inc."

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Anonymous Coward, Aug 13th, 2009 @ 1:38am

    I would imagine there is some time delay in a large organization like AT&T's between the technical people that blocked the site, and the media people that gave the press release.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Anonymous Coward, Feb 9th, 2010 @ 9:16am

    Re:

    True: Anonymous does not forgive.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Anonymous Coward, Feb 10th, 2010 @ 2:15pm

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This