Lies! All Lies!

AKA PLEASE DON'T HURT US, IT WAS THE WEEKEND AND THE NEW GUY DID IT.

@KingPsyz here for HappyFunKingPsyz©: LOL!

All this has just given 4chan more publicity...I had never even heard of the site until today. Now that I have, I need to burn out my retinas from some of the images I've just seen.

On one hand, I wish I had found it 15 years ago when I could have really enjoyed that stuff...On the otherhand, my kids better NEVER let me catch them there!!!

@KingPsyz here for HappyFunKingPsyz©: Pretty much what I got out of their press release!

@Geekmom:
I'm seriously hoping Anon will do something as a "don't f-with us again!" measure.

For the lulz.

@lehrdude: LOL. I knew better than to ever actually go there for precisely the reason you mentioned.

Damn, too easy. Almost wish AT&T had persisted in taunting the bear with a stick for another day or two.

If there's anybody that can create a shitstorm, it's the sphincter of the internet that is 4chan. Good luck, AT&T.

Just to clarify did AT&T block 4chan to stop 4chan from DDoSing someone else or did they actually block 4chan so 4chan would not get DDoSed.

You know...they could prevent everything with this press release...

"We did it for lulz"

@Smashville: It wouldn't fly. AT&T is a known "enemy of teh lulz."

@Wes Chevalier: Some of the stories I read on the matter, implied the latter was their goal ... someone's DDoS attack on 4chan was creating havoc for AT&T. Dunno how true that is.

@lehrdude: As someone who followed 4chan since inception from their splintering from Something Awful's ADTRW forum (Anime Death Tentacle Rape Whorehouse) about 5 years ago, more publicity isn't exactly what's wanted.

Unless you learn how to triforce. Then all is forgiven.

@Trai_Dep: This morning they already had the AT&T CEO's "dox" online for raiding. Think the Borg-ian attacks ala this guy.

@Osagasu: But that can be risky! [xkcd.com]

So, they blocked it for practically everyone because of ONE PERSON? Sounds like classic AT&T to me!

@Wes Chevalier: They said someone from a 4chan ip was DDoSing a single AT&T user. They should really clarify user but chances are someone was hosting an image on their PC. Setup the pc as an HTTP server and then posted the url on 4chan.

At least thats what I figured anyways.

As I said on Gizmodo, this is what happened.

Someone, not sure who, spoofed img.4chan.org's IP address to launch a DDoS attack on an AT&T customer. AT&T then blocked that IP address until the attacks stopped. Of course, it in the process, it blocked the sub-forums of /b/ and /r9k/ (I think it was the latter). Moot, the guy that owns 4chan, didn't DDoS anyone.

So someone out there is either laughing their ass off that they got 4chan blocked by AT&T or terribly sad he got his favorite website blocked for a weekend.

They should really clarify "user" but chances are someone was hosting an image on their PC. Setup the pc as an HTTP server and then posted the url on 4chan. The user then got alot of hits in very short time so AT&T pulled a stupid move and blocked a website instead of closing off the specific port on the "user" end of things.

At least thats what I figured anyways.

@lehrdude:

There are forums other than /b/, you know.

And 4chan in general is pretty tame compared to some of its imitators/associated sites.

@Trai_Dep: Speaking of the bear...
See anything you like in this pic?

[wonkette.com]

@The Queen of Everything: Classic AT&T? Sounds like someone who doesn't understand computers and the workings of network traffic, to me.

@parad0x360: Threads don't last long enough on the img boards for that to matter and the images aren't hosted remotely anyway. People would have to copy/paste the theoretical link into their browsers. If there then was enough traffic to show as a DoS attack, the thread would 404 ridiculously quickly due to number of postings per thread limits.

@G.O.B.: Come on!:

That is an appropriate metaphor...not for what it lets out, but for what it holds in.

Wait. One customer on AT&T's network is getting attacked by 4chan and they determine the best way to stop this is to block tens of thousands of people from viewing the site? Who else is curious to know WTF that person did to deserve:
A. so much attention by AT&T
B. that heavy of an attack

@jayphat:
My understanding of 4chan is that you don't have to do anything to "deserve" an attack, one or more of them just needs to be bored or pissed.

@KingPsyz here for HappyFunKingPsyz©: Reminds me of Homer Simpson in the "nucular" Sub saying ato all the countries who wnated to blow them up "It is my first day".... Priceless

Wow, a video that actually works without requiring Flash. I'm usually ready to bash AT&T, but I was pleasantly surprised.

@lehrdude: These last two Consumerist pieces were the first time I'd ever heard of this 4chan site.

But then, I'm not one of the "cool kids."

@HiPwr:

I guess that makes us 2 old /b/zers...

@jayphat: Routing table changes, even for source routing, are often the fastest (in terms of router performance) way to stem attacks. They are easy to add and delete individually in the routing table. The routing tables use hardware accelerated hash-based lookups.

In contrast, filter rules often have semantics based on the ordering of two or more rules, and thus have to be in the form of a list (in which the order matters). Changes to the filter rules often require clearing the entire list and putting them all back in again (from the master configuration system). That can leave the router in a "confused" state for up to a few seconds (something I always tried to avoid).

Blocking a specific internal customer from access to a specific internet site requires a filter rule specifying both addresses or network ranges. And the more entries there are in the list, the slower the router becomes for all packets. In some cases even one filter rule forces all packets through the CPU.

A source route table entry would be the quickest way to block an attack, both in terms of management process, as well as router performance. But it's going to block the whole web site. What they should have done was put that entry in only the router nearest the targeted customer. But if the attack was significant (and it usually needs to be to even get the attention of the ISP) it could be affecting many parts of the ISP network itself. So the block might need to be put closer to the border, or at the border (or more than one border depending on routing announcements for the network block the customer is in).

It's a tough decision to block a whole site's network because of things like that. But I've had to do just that several times when I worked at a couple internet providers. Then once the peer ISP (e.g. the provider hosting 4chan in this case) addresses the DDOS at their end, where they can focus more closely on the source of the problem (it might not have been 4chan at all), the broader block can be lifted. When it happens on weekends, it's often harder to reach someone at another ISP who will deal with it.

@parad0x360: If that was the case, then the traffic to that AT&T customer who was running an HTTP server would have been coming in from all over the world. That is, all the people that visit 4chan and would have been viewing such a picture, would be the ones accessing it. But the report is that all the traffic to the AT&T customer was coming from 4chan or from a network 4chan was on (possibly just the same Autonomous System number ... the numbers used in the Border Gateway Protocol for routing between networks).

@parad0x360: Very unlikely someone was hosting an image. The accesses for that image would have been coming from the USERS of 4chan, not 4chan itself.

@lehrdude: you need to lurk the fuck moar

@PixelProphet:

I don't know whether to correct your spelling/grammar or say thank you...

Pool's open!

@Chiz0: Sorry, the pool is closed due to AIDS.

@Shadowfire: Like he said, classic AT&T.

@Skaperen: It's Windows Media Player, which is much worse than Flash.

of course now we find out it was 4Chan's Fault!

[www.wired.com]

@consumerd:

And they wonder why AT&T defended itself.... I can't say I have any love for AT&T or 4Chan for that matter but In this case AT&T=+1 and 4Chan=-2

@consumerd: Yeah, and I kinda think Consumerist is guilty for a little bit of hate-mongering in this case. Seems like some conclusions were jumped to before all the facts were known. But, it's not like AT&T isn't deserving of scorn. I guess I'm torn on this issue.

Problem is they (AT&T) wasn't the only network that put a block up. Congent as well as unwired broadband, INC. did as well.

unwired broadband, inc. e-mail to nanog:
[www.merit.edu]

Congent confirmed blocking via 4chan:
About [www.dslreports.com]

@lehrdude: There is neither spelling nor grammatical errors in PixelProphet's statement.

And I'm not quite sure "thank you" would be an adequate response either.

@chrylis: It's a video file. You can play it with whatever player you choose. My Linux based Slackware system doesn't even have Windows Media Player.

@lehrdude: Three from '03.

C'mon! Rule #1, tell no one for 4Chan

@edguitar: Quack Quack Quack Quack Quack