It appears at AT&T (including DSL, and my own home service via u-verse)
has unilaterally and without explanation started blocking websites.
I have confirmed this with multiple tests. (It actually appears that
these sites are being blocked at a local-global scale -- that is, each
city/hub seems to have blackholes for the sites).
The sites I know of I'll list below (see Reddit for a discussion), but
this is clearly and absolutely unacceptable. Please, comments on the nature
of the sites are OT.. Let's keep this thread that way. (Away from being OT,
that is).
If any T folk are around, and have gotten wind of this (all comments /
direct emails will be off record), a reply would be appreciated.
No ears enclosing clue will be reached via normal channels at ~950E on a
Sunday, but this is clearly a problem needing addressing, resolution, action
and, who knows - suit?
I have read on another list this evening that AT&T DSL in SoCal is blocking certain sites within 4chan.
I just tested and can confirm the blackhole is in Reno, too. One more reason to dump ATT in addition to their trial dollar-per-gig thing they're doing here.
img.4chan.org is the biggest site - I've already received six replies on top
of the list-replies confirming (b/c they saw this problem mentioned on
sites/blogs) filtering.
technical information, traces, bgp views (esp. from singly-homed T
customers), etc, encouraged
Are you sure this isn't just a technical/routing issue versus a blocking
issue? Seems like everyone's out to make a sensationalist story out of this
when it's unlikely that anyone's awake at AT&T on a Sunday afternoon who
could/would make such a change.
There has been alot of customers on our network who were complaining about ACK
scan reports coming from 207.126.64.181. We had no choice but to block that
single IP until the attacks let up. It was a decision I made with the gentleman
that owns the colo facility currently hosts 4chan. There was no other way around
it. I'm sure AT&T is probably blocking it for the same reason. 4chan has been
under attack for over 3 weeks, the attacks filling up an entire GigE. If you
want to blame anyone, blame the script kiddies who pull this kind of stunt.
Regards,
Shon Elliott
Senior Network Engineer
unWired Broadband, Inc.
Unfortunately, that's not easy with wireless backbones. The customers don't have
their own "port". I also know for fact that 4chan is in the process of moving,
so what you're seeing could just be that. Them moving.
Regards,
Shon Elliott
Senior Network Engineer
unWired Broadband, Inc.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 207.126.64.182, timeout is 2 seconds:
.!..!
Success rate is 40 percent (2/5), round-trip min/avg/max = 164/196/228 ms
ny01-rtr#
Type escape sequence to abort.
Tracing the route to img.4chan.org (207.126.64.182)
Unfortunately, that's not easy with wireless backbones. The customers don't have
their own "port". I also know for fact that 4chan is in the process of moving,
so what you're seeing could just be that. Them moving.
This is definitely not "them moving":
traceroute: Warning: img.4chan.org has multiple addresses; using 207.126.64.182
traceroute to img.4chan.org (207.126.64.182), 30 hops max, 40 byte packets
1 67.118.62.1 207.264 ms 258.116 ms 174.721 ms
2 63.201.16.134 141.205 ms 46.683 ms 41.622 ms
3 * * *
4 * * *
5 * * *
6 * * *
I have a dozen confirmations off list in every time zone. SANS ISC is
soliciting technical reports on this; It's on the EFF's Radar.
"This is not a drill"
If any ISP of mine filtered my (where my = brick-and-mortar-corp) access to
any destination because of another customer (there are *always* technical
solutions to problems you describe, the one you implemented wouldn't even
make my list), you'd have one less customer and quite likely a Tortious
Interference claim..
And, as a (wired) backbone arch, if I ever filtered a host (btw: there are
five IPs in that /24 being filtered by T) that cut off every customer's
access to that host or group, I'd expect to not have a job anymore.
If I wanted filtered Internet, I'd sign up for Prodigy.
Check http://status.4chan.org - they're not moving anything at the moment,
and confirm the filtering.
Debate away, I'm off to bed.
I think 4chan's reaction to this will be bigger than the story itself - No
need for me to argue what will soon be in the News Cycle.
I said it could be, not that it is. Thanks for pointing that out. However, I
believe the reason they are being blocked at AT&T is the main reason I supplied
on my first post. The DDoS attack issue is the main ticket here. It's not
because of content, or to piss people off. It's to protect their network, as any
of you would do when you got DDoSed on your own networks. It's damage control,
essentially, until they find out who is involved and block them, then they'll
likely lift the block. This ISN'T the first time this has happened. Especially
to 4chan. You can check their status page and see most of the entries revolve
around them being down because of DDoS attacks.
Regards,
Shon Elliott
Senior Network Engineer
unWired Broadband, Inc.