AT&T Blocks 4chan Over DDoS… But May Not Like What Happens Next…

from the that-would-not-be-a-good-thing... dept

A few folks have submitted the news that, apparently, AT&T is blocking access to a certain subdomain of 4chan. I just checked on my own AT&T DSL account and it’s true that I can’t get there (I can get there if I don’t go via AT&T). That doesn’t mean that AT&T definitely is blocking it, but there are reports that folks at AT&T have admitted that it’s true. If you don’t know what 4chan is, the 4chan Wikipedia page is probably the best way to understand it. Even if the site is controversial for some, it does seem quite extreme for AT&T to do an outright block, without any official warning or immediate explanation. Outright blocking of websites, without recourse and without a clear explanation of why, is extremely questionable and the sort of “net neutrality” violation that the FCC would likely come down hard against. If it’s true that there’s a block, perhaps AT&T is assuming that no one serious (such as the FCC) would come to the defense of 4chan, but that might be a mistake (in part because AT&T probably won’t like what happens when 4chan decides to come to its own defense). Hopefully this will be explained away as a mistake. So far, the best explanation I’ve seen is (via 4chan) the claim that the subdomain was involved in some sort of DDoS attack, but you would think that, if that were the case, AT&T would have just made that clear from the beginning. Not coming out with a clear and concise explanation just looks bad, and seems to be stirring up 4chan folks to make a statement — something AT&T almost certainly does not want. AT&T may be able to tap your phones, but getting on the wrong side of 4chan seems like a bad, bad idea.

Update: As expected, AT&T has confirmed (as we believed) that this was over a DDoS attack:

Beginning Friday, an AT&T customer was impacted by a denial-of-service attack stemming from IP addresses connected to To prevent this attack from disrupting service for the impacted AT&T customer, and to prevent the attack from spreading to impact our other customers, AT&T temporarily blocked access to the IP addresses in question for our customers. This action was in no way related to the content at; our focus was on protecting our customers from malicious traffic.

Overnight Sunday, after we determined the denial-of-service threat no longer existed, AT&T removed the block on the IP addresses in question. We will continue to monitor for denial-of-service activity and any malicious traffic to protect our customers.

That said, I still think AT&T failed here, in that they did not make this clear from the outset. If they had stated upfront what the situation was, in conjunction with the temporary block, they would have been much better off. But by silently blocking, they kicked off a firestorm that had to have been expected by anyone aware of 4chan.

Filed Under: , , , ,
Companies: at&t

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “AT&T Blocks 4chan Over DDoS… But May Not Like What Happens Next…”

Subscribe: RSS Leave a comment
Ilfar says:

DDoS FROM 4chan?

I think they’ll find that, while it may be people from 4chan doing things like DDoSing, it won’t be 4chan itself doing the attacks. Start down that road, and you’ll probably find that just about any site that has excitable folk on it can be accused of organising a DDoS at some point…

I’m glad I stocked up on popcorn, this one promises to be entertaining 😀

Paul S. says:

4chan appears to be under attack right now..

The site appears to be glacially slow right now and some boards are not accessible at all. It’s probably a continuation of the attack(s) that started last week. moot has backed off the claim that his own isp is blocking him btw, I suspect that it’s just slow..

It’s a serious attack though..

Who have (haven’t) they annoyed this time?

Anonymous Coward says:

Network Neutrality? Hah!

I remember a few years ago when the US invaded Iraq and France didn’t go along with it. Cox was my ISP at the time and I suddenly couldn’t directly connect to any addresses assigned to French based ISPs, but I could if I went through a proxy. I went round and round with Cox tech support who swore up and down that Cox wasn’t blocking those addresses and that they would know if they were. Well, finally I pulled some strings and got an engineering insider at Cox to check for me. Sure enough, the network administrator for my region had put a block on those addresses. So it wasn’t nationwide, just my region. His excuse was that the network was under DDOS attack. From every ISP in the whole country of France, apparently. Funny that none of the the Cox networks in any other regions noticed this “attack”. Funny also that the block remained in place for almost 2 years, until Cox sold the system to another company who then lifted the block. My insider friend speculated that the admin probably had a stick up his butt about France not supporting the invasion and decided it was his patriotic duty to block access to French ISPs in retaliation.

Any way, the moral of the story is that ISPs can and do block things, even for political reasons, and I have yet to see the FCC do anything about it. They can always claim it’s for “security” if they have to.

Anonymous Coward says:

AT&T blocked AOL from their backbone a few years back, without warnings or explanations, due to DDoS attacks and AOL’s lack of action to stop it. So AT&T blocked AOL for several days, and AOL users were left stranded on a small part of the American network and no where to go.

So it’s not the first and won’t be the last they take care of the issue first, and publicly address it later.

Anonymous Coward says:

4chan being blocked

AS far as I can tell, it’s most of At&T’s service that’s blocking the domain, which hosts the two least work-safe boards, /b/ and /r9k/.

This is something that is, as far as I can tell, highly suspicious AND a dangerous precedent for neutrality.

But I am completely unsurprised by who has done this.

Anonymous Coward says:

The particular server being blocked has been under heavy DDOS attack for weeks now. Due to the nature of the attack being used, the DDOS not only floods the server, but also a large amount of AT&T’s customers. The block was temporary to stem the effects of the attack on their customers, and I believe has been lifted already.

Anonymous Coward says:

I don’t think it’s highly believable that they would block a whole site because “an AT&T customer” (note the singular) had a problem. Or at least, that’s as dangerous as blocking it because they don’t like it. They can always come up with a single user who has problems with a site they don’t like. Specially since they blocked /b/ and not, say /ck/ (you had to check to know which one that is, right?).

Free Capitalist says:

Re: Re:

I don’t think it’s highly believable that they would block a whole site because “an AT&T customer” (note the singular) had a problem.

By ‘a customer’, I’m pretty sure AT&T meant something like “Mega Corp A’s entire visible network and corporate-wide public access infrastructure” rather than ‘a person’.

I agree with another poster: if it looked like the DDoS came from 4chan, it was probably just a springboard rather than the originator. That being said, a network administrator, particularly one with so many people depending on its service, really *needs to actively defend against attacks when they are in progress. Its not just commerce that gets disrupted, but also free-commerce.

As long as they actually restore access to innocent sites caught up in the DDoS, I don’t see a problem with what they did.

Still…. it had to be 4Chan. Poor AT&T.

Ben (profile) says:

Unlikely 4chan was "attacking" AT&T

What most likely happened is, large numbers of AT&T customers are compromised, and were unknowingly used as zombies to attack 4chan.

This to someone obviously incompetent at AT&T looked like 4chan attacking AT&T. So instead of blocking the customers or providing them with information on how to uninflect their computers, the problem still exists.

Anonymous Coward says:

the problem was that 4chan was under a DDOS, specifically a Syn flood basically person A spams the server with connect requests while saying he is really person C, the server sends things to person C but person C isn’t expecting anything and so with ignores the response or responds with an error. this creates a huge load not only on the server, but Person C and in this case Person C happens to be on AT&T so AT&T cut off access to the server for a bit to stop the flow

ace (user link) says:

And once again, it NEVER fails with the incessant lying, as lying is a way of life for these hacker creeps. I salute AT&T for blocking viruses, trojans and nasty spider scripts, as that is what the REAL truth is as to WHY AT&T has flashed the middle finger [blocked] to 4 Chan. Why should AT&T waste time and energy in dealing with viruses, trojans and uncontrollable script programs emanating from the 4 Chan site?

I don’t condone censorship and I certainly don’t condone lies “in the name of lulz”. The only thing 4 Chan has proven again and again, is that they are infantile and violent. A bunch of two year olds who go on tirades. And just like an out of control two year old, they need some REAL hard slaps from the school of hard knocks.

Any consequences or denial of internet access to AT&T customers due to NAZI actions emanating from 4 Chan [or any other hacker creeps for that matter], I pray that they are caught, rounded up, prosecuted beyond the extent of the law, thrown in a windowless cell and locked up forever until the day they die.

I commend AT&T for taking the step forward and I sincerely hope that other ISP’S follow suit ASAP. ENOUGH IS ENOUGH. Hackers cause destruction, chaos, waste everyones time and energy. Normal people on the net are SICK AND TIRED of these two year old tantrum antics that 4 Chan displays on a daily basis. These hacker creeps really and truly need to GROW THE F*** UP.

A.N.Idiot says:

Re: Re:

Nitpicking, but technically, those on 4Chan are crackers; hackers is the general term for people messing with code in general.

Also, the key thing is that this wasn’t announced in the initial report by AT&T. This, more than anything, makes it look very suspicious, and more like the update was more damage limitation.

Anonymous Coward says:

Re: Re:

uh, they weren’t sending out viruses or trojans and if they were, blocking the webserver doesn’t do anything to slow the propagation. While most on 4chan are infantile and some know how to use scripts most know nothing about hacking or cracking. Their main form of attack on other websites is to flood the forums with junk, the ones that have any capability to do real damage are few and far between.

you need to learn a bit more before you go on a tirade.

here is a network engineer from unWired explaining why they had blocked 4Chan as well

“There has been alot of customers on our network who were complaining about ACK
scan reports coming from We had no choice but to block that
single IP until the attacks let up. It was a decision I made with the gentleman
that owns the colo facility currently hosts 4chan. There was no other way around
it. I’m sure AT&T is probably blocking it for the same reason. 4chan has been
under attack for over 3 weeks, the attacks filling up an entire GigE. If you
want to blame anyone, blame the script kiddies who pull this kind of stunt.

Shon Elliott
Senior Network Engineer
unWired Broadband, Inc.”

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »