Don't condemn AT&T too quickly for blocking 4chan (now with AT&T's official explanation!)


To quote Grandpa Simpson, “Oh, bitch, bitch, bitch.” Today I woke up to reports that AT&T was being Evil, blocking access to certain sections of 4chan, which you’ll see described as anything from a “Wild West” to a “hornet’s nest.” (That blocking has since stopped, by the way.) I like to describe it as the last honest place on the Internet. People are creative like that. Anyhow, before you e-riot or whatever, consider this posting by an admin at unWired, another ISP that was blocking access to 4chan.

And I quote:

I said it could be, not that it is. Thanks for pointing that out. However, I
believe the reason they are being blocked at AT&T is the main reason I supplied
on my first post. The DDoS attack issue is the main ticket here. It’s not
because of content, or to piss people off. It’s to protect their network, as any
of you would do when you got DDoSed on your own networks. It’s damage control,
essentially, until they find out who is involved and block them, then they’ll
likely lift the block. This ISN’T the first time this has happened. Especially
to 4chan. You can check their status page and see most of the entries revolve
around them being down because of DDoS attacks.

And this quote from Slashdot further explains what’s going on:

4chan is being SYN flooded, various ISPs were getting a lot of collateral traffic from the resulting ACKs going back to spoofed IPs. Since those ISPs had nothing to do with either the attacker or 4chan, there was nothing they could do but pull the plug on the source of the collateral ACKs (4chan). i.e. the ISPs who blocked 4chan weren’t trying to protect 4chan from an attack, they were protecting their own networks from the fallout.

Sadly, like you, the vast majority of users are clueless and won’t investigate to see what is only going on. I’m sure there will be a kneejerk reaction against AT&T and the other ISPs who tried to protect themselves and everyone will make out that they are the bad guys.

I’m first in line to bash AT&T for being, generally speaking, rubbish, but it doesn’t seem to be doing anything wrong here. So once again it’s a case of people overreacting without really understanding what’s going on in the background.

We’re waiting for AT&T to write back, but I would imagine their official statement would address to underlying issues.

Basically, script kiddies are ruining it for everyone.

UPDATE Ok, here’s what AT&T just told us. It’s exactly how I described it above:

Beginning Friday, an AT&T customer was impacted by a denial-of-service
attack stemming from IP addresses connected to To
prevent this attack from disrupting service for the impacted AT&T
customer, and to prevent the attack from spreading to impact our other
customers, AT&T temporarily blocked access to the IP addresses in
question for our customers. This action was in no way related to the
content at; our focus was on protecting our customers from
malicious traffic.

Overnight Sunday, after we determined the denial-of-service threat no
longer existed, AT&T removed the block on the IP addresses in question.
We will continue to monitor for denial-of-service activity and any
malicious traffic to protect our customers.