Home » Privacy & Security

ISPs have a duty to block malicious traffic

By 28 July 2009 8 Comments

AT&T and other ISPs stops DDoS attack from 4chanMass media and blogosphere hysteria ensued after several ISPs (including AT&T) responded to customer complaints and blocked an IP address that was transmitting massive amounts of Denial of Service (DoS) traffic.  For something as routine and essential as blocking a malicious attack from a computer on the Internet, all hell broke loose late Sunday evening and early Monday morning because the IP address belonged to a popular image sharing site called 4chan whose members are infamous for perpetrating porn flooding pranks on YouTube as well as organizing DoS attacks against other websites.

WARNING: For those of you unfamiliar with 4chan and may be curious, 4chan is NOT SAFE FOR WORK (NSNF) due to the XXX images they host there so I would advise against looking them up on your work computer.

As a result of the defensive measures taken by the ISPs to protect their network and their customers, 4chan members cried foul and pumped up the story on diggDailykos and even mainstream technology site PCWorld cried Net Neutrality foul all the while rejecting plausible explanations.  Ian Paul of PCWorld argued that “Even if it turns out AT&T’s decisions were legitimate, the appearance of censorship raises the contentious issue of Network Neutrality.”  Others even questioned why AT&T even has the power to block websites in the first place but this attitude stems from a lack of understanding of how networks and DoS attacks work.  When a DoS attack occurs, the victim being attacked can block the attack traffic but not before the attack has already jammed up and killed their Internet connection.  Only the network operator can block the attack far enough upstream that the network isn’t flooded.  This not only preserves the network for the direct victims of the DoS attack, it also keeps the network unclogged for everyone else.

It was clear early on from the North American Network Operators Group (NANOG) message boards that many ISPs were blocking 4chan IP addresses due to the massive amounts of DoS attack traffic coming from 4chan.  We’re talking about enough traffic that could fill up gigabit Ethernet links which is the equivalent of hundreds of broadband connections.  It turned that 4chan was being DoS attacked by others using spoofed (forged) addresses and 4chan in turn reflected the attack traffic onto other forced IP addresses of other victims many of whom were on AT&T’s network.

Note: 4chan and its members are infamous for openly organizing and launching many DoS attack campaigns against other websites so it should be no surprise to see so many reprisal attacks against 4chan.  Their members even went as far as pushing false stories up on iReport.com that AT&T’s CEO was found dead outside of his home from cocain overdose to deliberately drive AT&T’s stock down.

The owner of 4chan who goes by the handle “moot” even admits that their own equipment was harming AT&T customers with “errant traffic”.  As a former network engineer, I can explain that this only happens if you fail to lock down your own equipment.  Had 4chan configured their own equipment properly or resolved the issue sooner rather than blame others, this would have never happened.  But despite the admittance of fault, “moot” claims that this “disproportionate response” from AT&T highlights the dangers of censorship and raises the need for Net Neutrality (which never had anything to do with censorship in the first place).

Moot is in effect no different from the long list of people who falsely claim to be victims of censorship and demand the passage of unrelated legislation.  In light of the 4chan’s active campaigning for DoS attacks against other websites, any “disproportionate” response against 4chan is that the response wasn’t heavy handed enough.  This particular story has an uncanny resemblance to the Craigslist versus Cox fiasco which was similarly misreported with fabricated news stories when Craigslist could have fixed their own problem all along but decided to wait until the story died down.

Richard Bennett has some great analysis on this as well.


  • ISPs have a duty to block malicious traffic | Technology for Mortals said:

    […] Read the rest at DigitalSociety.org Categories: AT&T, Networking, Policy, Security, Security news, YouTube Tags: Comments (0) Trackbacks (0) Leave a comment Trackback […]

  • ace said:

    And once again, it NEVER fails with the incessant lying, as lying is a way of life for these hacker creeps. I salute AT&T for blocking viruses, trojans and nasty spider scripts, as that is what the REAL truth is as to WHY AT&T has flashed the middle finger [blocked] to 4 Chan. Why should AT&T waste time and energy in dealing with viruses, trojans and uncontrollable script programs emanating from the 4 Chan site?

    I don’t condone censorship and I certainly don’t condone lies “in the name of lulz”. The only thing 4 Chan has proven again and again, is that they are infantile and violent. A bunch of two year olds who go on tirades. And just like an out of control two year old, they need some REAL hard slaps from the school of hard knocks.

    Any consequences or denial of internet access to AT&T customers due to NAZI actions emanating from 4 Chan [or any other hacker creeps for that matter], I pray that they are caught, rounded up, prosecuted beyond the extent of the law, thrown in a windowless cell and locked up forever until the day they die.

    I commend AT&T for taking the step forward and I sincerely hope that other ISP’S follow suit ASAP. ENOUGH IS ENOUGH. Hackers cause destruction, chaos, waste everyones time and energy. Normal people on the net are SICK AND TIRED of these two year old tantrum antics that 4 Chan displays on a daily basis. These hacker creeps really and truly need to GROW THE F*** UP.

  • Suomynona said:

    Anonymous, moot, or 4chan is not in the wrong here. Us having a large amount of DDoS attacks, MAINLY SOURCING FROM ANONTALK.COM (A site filled with pedophiles, feel free to report them to the police). moot purchased the domain name and pays for the right to host his website, and hosts no malicious content himself. He IS a victim of censorship.

  • George Ou (author) said:

    You can be a “victim” if someone uses your open relay SMTP mail server to spew spam, but that is not going to change the fact that you will get blacklisted by all the spam list servers and you’ll be prevented from sending email. 4chan was acting as an open relay in the sense that it was reflecting the attack onto other victims who had no choice but to demand that their ISP block the attack from 4chan. It doesn’t matter if the attack from 4chan is deliberate or not, ignorance is never an excuse to run an open relay of any sort.

    Furthermore, to call 4chan a “victim” is sort of laughable considering the fact that they are a perpetrator and organizers of DoS attacks.

  • PacoBell said:

    George, in your opinion “the response wasn’t heavy handed enough.” If you were AT&T, what would you have done above and beyond the national level block? I hope you aren’t advocating retaliation. That hardly sounds professional.

  • George Ou (author) said:

    If I were AT&T or any other ISP, I would not have done any thing different because I don’t have the authority to do anything more. What I am saying is that a group/website dedicated and openly attacking other groups/websites by organizing DoS attacks and porn floods deserves to be investigated by the authorities and shut down because they’re openly breaking the law. Furthermore, 4chan’s members consistently flirt on the borders with child porn.

  • John said:

    It’s ironic that you mention child porn, because that’s what this whole 4chan vs. Anontalk war is about. 4chan has rules against child porn, and anyone who posts it is permanently banned and reported to the FBI. Even posting in a messageboard thread with child porn in it will get you banned. The whole reason Anontalk was founded was to create a place where former 4chan pedophiles could discuss their “hobby” without being banned by the moderators or having to fear reprisal from the rest of 4chan’s userbase. The owner of Anontalk (a swedish man named Kimmo Alm and a known pedophile) has constantly been bombarding 4chan with DDoS attacks, child porn images, and automated spam messages advertising Anontalk.com. This whole affair was caused by one such DDoS attack. 4chan’s founder is 20,000 dollars in debt because of attacks like this, and all because he didn’t want child pornography on his website.

  • George Ou (author) said:

    So does 4chan have any responsibility by allowing their network or servers to reflect DoS attacks on the rest of the world? Does 4chan have any responsibility in organizing attacks on other sites or organizations? I know you can always blame it on their members, but someone has to take responsibility for that.