ISPs have a duty to block malicious traffic
Mass media and blogosphere hysteria ensued after several ISPs (including AT&T) responded to customer complaints and blocked an IP address that was transmitting massive amounts of Denial of Service (DoS) traffic. For something as routine and essential as blocking a malicious attack from a computer on the Internet, all hell broke loose late Sunday evening and early Monday morning because the IP address belonged to a popular image sharing site called 4chan whose members are infamous for perpetrating porn flooding pranks on YouTube as well as organizing DoS attacks against other websites.
WARNING: For those of you unfamiliar with 4chan and may be curious, 4chan is NOT SAFE FOR WORK (NSNF) due to the XXX images they host there so I would advise against looking them up on your work computer.
As a result of the defensive measures taken by the ISPs to protect their network and their customers, 4chan members cried foul and pumped up the story on digg. Dailykos and even mainstream technology site PCWorld cried Net Neutrality foul all the while rejecting plausible explanations. Ian Paul of PCWorld argued that “Even if it turns out AT&T’s decisions were legitimate, the appearance of censorship raises the contentious issue of Network Neutrality.” Others even questioned why AT&T even has the power to block websites in the first place but this attitude stems from a lack of understanding of how networks and DoS attacks work. When a DoS attack occurs, the victim being attacked can block the attack traffic but not before the attack has already jammed up and killed their Internet connection. Only the network operator can block the attack far enough upstream that the network isn’t flooded. This not only preserves the network for the direct victims of the DoS attack, it also keeps the network unclogged for everyone else.
It was clear early on from the North American Network Operators Group (NANOG) message boards that many ISPs were blocking 4chan IP addresses due to the massive amounts of DoS attack traffic coming from 4chan. We’re talking about enough traffic that could fill up gigabit Ethernet links which is the equivalent of hundreds of broadband connections. It turned that 4chan was being DoS attacked by others using spoofed (forged) addresses and 4chan in turn reflected the attack traffic onto other forced IP addresses of other victims many of whom were on AT&T’s network.
Note: 4chan and its members are infamous for openly organizing and launching many DoS attack campaigns against other websites so it should be no surprise to see so many reprisal attacks against 4chan. Their members even went as far as pushing false stories up on iReport.com that AT&T’s CEO was found dead outside of his home from cocain overdose to deliberately drive AT&T’s stock down.
The owner of 4chan who goes by the handle “moot” even admits that their own equipment was harming AT&T customers with “errant traffic”. As a former network engineer, I can explain that this only happens if you fail to lock down your own equipment. Had 4chan configured their own equipment properly or resolved the issue sooner rather than blame others, this would have never happened. But despite the admittance of fault, “moot” claims that this “disproportionate response” from AT&T highlights the dangers of censorship and raises the need for Net Neutrality (which never had anything to do with censorship in the first place).
Moot is in effect no different from the long list of people who falsely claim to be victims of censorship and demand the passage of unrelated legislation. In light of the 4chan’s active campaigning for DoS attacks against other websites, any “disproportionate” response against 4chan is that the response wasn’t heavy handed enough. This particular story has an uncanny resemblance to the Craigslist versus Cox fiasco which was similarly misreported with fabricated news stories when Craigslist could have fixed their own problem all along but decided to wait until the story died down.
Richard Bennett has some great analysis on this as well.