Why AT&T blocked 4Chan Video
Why AT&T blocked 4Chan Video Transcript
AT&T caused a flurry of fury when they blocked a server from the online forum, 4chan. On this episode of Hacks, we'll look at the DoS attack against 4Chan and how and why AT&T reacted. The trouble started with neither AT&T nor 4Chan. A third party attacker, possibly a rival forum, started a Denial of Service attack known as TCP SYN flooding, or SYN attack. First let's look at what's supposed to happen when you request a Web page. Your computer let's call it HOME sends a SYN request to the Web Server, (SYN for Synchronize sequence numbers) in this case the server is img.4chan.org. 4Chan's server responds with an ACK flag (short for acknowledge) and then your computer responds with a SYN-ACK and from there the connection is made. In 4Chan's case, the Attacker sent SYN requests with spoofed IP addresses. In other words the requests appeared to come from some other computer or computers, for this example let's call it 127.55.55.127. 4Chan's server responded with an ACK, but since 127.55.55.127 never sent the SYN in the first place, it either sends an RST flag or more likely, nothing at all. And if 4CHAN gets nothing at all it may send 4 or 5 ACKs for every SYN it receives. This whole senario can take around 3 minutes to play out. So now you can see the problem. If the attacker is sending a bunch of SYN's from a bunch of spoofed addresses, the attacked server is going to run out of resources responding to them. The flood of traffic, not only fills up 4Chan, but also floods innocent bystanders. In 4Chan's case, some of these bystanders were in the AT&T network. Some were in other networks like unWired Broadband. But since AT&T is the big kahuna, they got all the attention. AT&T blocked all traffic coming from the 4Chan server sending out the ACK flags. This stopped the ACKs from flooding into AT&T's network, but also prevented any legitimate requests from their network to that 4Chan server. A few AT&T subscribers who suddenly couldn't get to 4Chan, figured AT&T was blocking the often controversial site. So they started grumbling. 4Chan complained that AT&T should have only filtered their server for the sites who had been spoofed. However, if AT&T had done that, and the attackers caught on, they could spoofed different IP addresses. AT&T was taking the rather cautious approach of blocking the entire server, making it irrelevant what IP addresses were spoofed. 4Chan did filter the DoS attack so that it didn't bring down their site, but they were still passing along the ACK requests which caused the trouble. Once they stopped that from happening, AT&T lifted the ban on img.4chan.org, and all went back to the peaceful happy land it had been before. Sort of. Well, except for the CNN iReport 4Chan users put up claiming the AT&T CEO was dead. Hope that sheds some light on the shenanigans of the weekend of July 26th, 2009. I'm Tom Merritt, CNET.com.
Related Videos
The 404 390: Where we all hail Wilson
On today's show, CNET reporter and 404 BFF Caroline McCarthy directs us in a live read-through of the actual script for the upcoming Facebook movie and also joins us in talking about 4Chan, Comic-Con, and this weekend's insane hailstorm.
CNET editor at large Brian Cooley walks you through this pioneering lightweight hybrid.
Quick Tips: OS X shortcut keys
OS X has some easy shortcuts, just as Windows does! Veronica Belmont walks you through in this Quick Tip.
CNET Senior Editor Kent German walks you through the iPhone updates that Apple announced at Macworld 2008.
We'll walk you through how to install Windows 7 with Boot Camp on your Mac.
Dirty Three & Chan Marshall: "Great Waves"
The Dirty Three is joined by Cat Power's Chan Marshall on this lush ballad. It's from the Dirty Three record "Cinder".
Turn your MacBook into a SmackBook
Hitting it is the easy part. Tom Merritt walks you through the lengthy (sorry) steps of a cool Apple laptop hack.
Custom Mac OS X keyboard shortcuts
Have you ever wanted to assign your own custom keyboard shortcuts for different applications? Brian Tong walks you through it in Mac OS X.
Download.com guide to Spyware Doctor
Current PC Magazine Editor's Choice Winner (June 2005), Spyware Doctor is a 5-star rated Spyware remover and provides real-time Anti-Spyware protection against Spyware, adware, Trojan horses, keyloggers, Spyware cookies, adbots, spybots, browser hijackers, phishing attacks and other Malware threats. Additionally it actively protects web browsing using Internet Explorer with a built-in popup blocker and malicious site guard. Spyware Doctor is easy to use and low on PC resources and its super fast scanning speed is delivered by multiple specialized scanners that include Windows registry, file system, processes and tasks, browser, network configuration (including LSP), cookie and an intelligent script scanner. Each scanner specializes in identification of specific traits of infections for more effective detection and removal. Almost any function of Spyware Doctor can be updated through the Live Update process and it is constantly being improved and extended to counteract the nastiest of Spyware threats. The OnGuard feature is designed to provide real time protection and deploys several tools that actively monitor and protect the PC from Spyware attacks. These include immunization, site protection, popup blocking, browser monitor and others. The Free version allows customers to perform scans and remove threats and also Live Update Spyware signatures and functionally. The registered version adds additional tools and real-time OnGuard protection
The Chariot: "The Company, the Comfort, the Grave"
The Chariot walks us through the stages of life in a video that lampoons classic rock 'n' roll imagery. This is available from Solid State Records on "This is Solid State - The DVD".
