Over the weekend, a swarm of allegations hit the Internet to the effect that AT&T was blocking access to the the 4chan web site. This report from Techcrunch was fairly representative:
As if AT&T wasnâ€™t already bad enough. In an act that is sure to spark internet rebellions everywhere, AT&T has apparently declared war on the extremely popular imageboard 4chan.org, blocking some of the siteâ€™s most popular message boards, including /r9k/ and the infamous /b/. moot, who started 4chan and continues to run the site, has posted a note to the 4chan status blog indicating that AT&T is in fact filtering/blocking the site for many of its customers (weâ€™re still trying to confirm from AT&Tâ€™s side).
4chan, in case you didn’t know, is a picture-sharing site that serves as the on-line home to a lovable band of pranksters who like to launch DOS attacks and other forms of mischief against anyone who peeves them. The infamous “Anonymous” DOS attack on the Scientology cult was organized by 4chan members, which is a feather in their cap from my point of view. So the general reaction to the news that AT&T had black-holed some of 4chan’s servers was essentially “woe is AT&T, they don’t know who they’re messing with.” Poke 4chan, they poke back, and hard.
By Monday afternoon, it was apparent that the story was not all it seemed. The owner of 4chan, a fellow known as “moot,” admitted that AT&T had good reason to take action against 4chan, which was actually launching what amounted to a DOS attack against some AT&T customers without realizing it:
For the past three weeks, 4chan has been under a constant DDoS attack. We were able to filter this specific type of attack in a fashion that was more or less transparent to the end user.
Unfortunately, as an unintended consequence of the method used, some Internet users received errant traffic from one of our network switches. A handful happened to be AT&T customers.
In response, AT&T filtered all traffic to and from our img.4chan.org IPs (which serve /b/ & /r9k/) for their entire network, instead of only the affected customers. AT&T did not contact us prior to implementing the block.
moot didn’t apologize in so many words, but he did more or less admit his site was misbehaving while still calling the AT&T action “a poorly executed, disproportionate response” and suggesting that is was a “blessing in disguise” because it renewed interest in net neutrality and net censorship. Of course, these subjects aren’t far from the radar given the renewed war over Internet regulation sparked by the comments on the FCC’s National Broadband Plan, but thanks for playing.
The 4chan situation joins a growing list of faux net neutrality crises that have turned out to be nothing when investigated for a new minutes:
* Tom Foremski claimed that Cox Cable blocked access to Craig’s List on June 6th, 2006, but it turned out to be a strange interaction between a personal firewall and Craig’s List’s odd TCP settings. Craig’s List ultimately changed their setup, and the software vendor changed theirs as well. Both parties had the power to fix the problem all along.
* Researchers at the U. of Colorado, Boulder claimed on April 9, 2008, that Comcast was blocking their Internet access when in fact it was their own local NAT that was blocking a stream that looked like a DOS attack. These are people who really should know better.
The tendency to scream “censorship” first and ask questions later doesn’t do anyone any good, so before the next storm of protest arises over a network management problem, let’s get the facts straight. There will be web accounts of AT&T “censoring” 4chan for months and years to come, because these rumors never get corrected on the Internet. As long as Google indexes by popularity, and the complaints are more widespread than the corrections, the complaints will remain the “real story.” I’d like to see some blog posts titled “I really screwed this story up,” but that’s not going to happen – all we’re going to see are some ambiguous updates buried at the end of the misleading stories.
UPDATE: It’s worth noting that AT&T wasn’t the only ISP or carrier to block 4chan’s aggressive switch on Sunday. Another network engineer who found it wise to block the site until it had corrected its DDOS counter-attack posted this to the NANOG list:
Date: Sun, Jul 26, 2009 at 11:05 PM
Subject: Re: AT&T. Layer 6-8 needed.
There has been alot of customers on our network who were complaining about ACK scan reports coming from 188.8.131.52. We had no choice but to block that single IP until the attacks let up. It was a decision I made with the gentleman that owns the colo facility currently hosts 4chan. There was no other way around it. I’m sure AT&T is probably blocking it for the same reason. 4chan has been under attack for over 3 weeks, the attacks filling up an entire GigE. If you want to blame anyone, blame the script kiddies who pull this kind of stunt.
Senior Network Engineer
unWired Broadband, Inc.
Despite the abundance of good reasons for shutting off access to a domain with a misbehaving switch, AT&T continues to face criticism for the action, some of quite strange. David Reed, a highly vocal net neutrality advocate, went black-helicopters on the story:
I’d be interested in how AT&T managed to block *only* certain parts of 4chan’s web content. Since DNS routing does not depend on the characters after the “/” in a URL in *any* way, the site’s mention that AT&T was blocking only certain sub-“directories” of 4chan’s content suggests that the blocking involved *reading content of end-to-end communications”.
If AT&T admits it was doing this, they should supply to the rest of the world a description of the technology that they were using to focus their blocking. Since AT&T has deployed content-scanning-and-recording boxes for the NSA in its US-based switching fabric, perhaps that is how they do it. However, even if you believe that is legitimate for the US Gov’t to do, the applicability of similar technology to commercial traffic blocking is not clearly in the domain of acceptable Internet traffic management.
What happened, of course, was that a single IP address inside 4chan’s network was blocked. This IP address – 184.108.40.206 – hosts the /b/ and /r9k/ discussion and upload boards at 4chan, and DNS has nothing to do with it. Reed is one of the characters who complains about network management practices before all the relevant bodies, but one wonders if he actually understands how IP traffic is routed on the modern Internet.
And as I predicted, new blog posts are still going up claiming that AT&T is censoring 4chan. Click through to Technorati to see some of them.