I must have misinterpreted "send us something confirming the AT&T 4Chan outage / isc.sans.org" message. My bad. On Sun, Jul 26, 2009 at 11:39 PM, John Bambenek <bambenek@gmail.com> wrote:
SANS ISC isn't soliciting technical reports, we're interested and looking at the issue with a particular eye to 4chan's history of pulling pranks.
Then there is the blocking because of the DoS angle, which I admit, doesn't seem to fit the facts in this case.
There are AT&T people on this list, I presume, who can speak to the issue if need be.
I'd prefer the SANS ISC not get "name dropped" as if we lend credibility to this. We're looking, sure. That's it.
j
jamie wrote:
'Wireless backbone'?
K.
I have a dozen confirmations off list in every time zone. SANS ISC is soliciting technical reports on this; It's on the EFF's Radar.
"This is not a drill"
If any ISP of mine filtered my (where my = brick-and-mortar-corp) access to any destination because of another customer (there are *always* technical solutions to problems you describe, the one you implemented wouldn't even make my list), you'd have one less customer and quite likely a Tortious Interference claim..
And, as a (wired) backbone arch, if I ever filtered a host (btw: there are five IPs in that /24 being filtered by T) that cut off every customer's access to that host or group, I'd expect to not have a job anymore.
If I wanted filtered Internet, I'd sign up for Prodigy.
Check http://status.4chan.org - they're not moving anything at the moment, and confirm the filtering.
Debate away, I'm off to bed.
I think 4chan's reaction to this will be bigger than the story itself - No need for me to argue what will soon be in the News Cycle.
-j
On Sun, Jul 26, 2009 at 10:20 PM, Shon Elliott <shon@unwiredbb.com> wrote:
Jamie,
Unfortunately, that's not easy with wireless backbones. The customers don't have their own "port". I also know for fact that 4chan is in the process of moving, so what you're seeing could just be that. Them moving.
Regards, Shon Elliott Senior Network Engineer unWired Broadband, Inc.
jamie wrote:
It should be blocked at the complaining customer port.
Not nationwide, and certainly not without announcement.
On Sun, Jul 26, 2009 at 10:05 PM, Shon Elliott <shon@unwiredbb.com <mailto:shon@unwiredbb.com>> wrote:
There has been alot of customers on our network who were complaining about ACK scan reports coming from 207.126.64.181. We had no choice but to block that single IP until the attacks let up. It was a decision I made with the gentleman that owns the colo facility currently hosts 4chan. There was no other way around it. I'm sure AT&T is probably blocking it for the same reason. 4chan has been under attack for over 3 weeks, the attacks filling up an entire GigE. If you want to blame anyone, blame the script kiddies who pull this kind of stunt.
Regards, Shon Elliott Senior Network Engineer unWired Broadband, Inc.
All,
It appears at AT&T (including DSL, and my own home service via u-verse) has unilaterally and without explanation started blocking websites.
I have confirmed this with multiple tests. (It actually appears
jamie wrote: that
these sites are being blocked at a local-global scale -- that is,
each
city/hub seems to have blackholes for the sites).
The sites I know of I'll list below (see Reddit for a discussion), but this is clearly and absolutely unacceptable. Please, comments on the nature of the sites are OT.. Let's keep this thread that way. (Away from being OT, that is).
If any T folk are around, and have gotten wind of this (all comments / direct emails will be off record), a reply would be appreciated.
No ears enclosing clue will be reached via normal channels at ~950E on a Sunday, but this is clearly a problem needing addressing, resolution, action and, who knows - suit?
Thanks in advance all for insight, comments,
-jamie