The owner of 4chan admitted that their
equipment unfortuantely attacked AT&T
customers. Because 4chan failed to lock down
their own equipment, and because 4chan is notorious for organizing DoS attacks against
other websites which makes them a top site for
retribution, 4chan caused harm to AT&T
customers. Yet when AT&T does their job to
protect the network from 4chan, you glorify the
villain 4chan as the hero against censorship.
You're implying that 4Chan's network was the source of the DDoS attack. While they're not saints, in this case it was their security appliance which was responding to what was forged source addresses of the DDoS traffic. That was the appliance's default behavior, which 4Chan later rectified. Chris Poole said he believed it was the overreaction of a single engineer at AT&T that led to the blocking of 4Chan's entire address space. He also contended that the amount of traffic "was a few megabits", not the hundreds of megabits per second you're implying.
Based on that revelation (since the "source" of the DDoS response traffic was a single or a small pool of addresses), I'd say that AT&T over-reacted. It looks like, in this case, 4Chan was only guilty of not fully testing the implementation of the security appliance(s?).
Similar to the case about 25 years ago when an AT&T SS7 node "flooded" other nodes in the telephone network, bringing down voice service to the D/FW metro area. It was a mis-configuration in its routing code. The end result was the flooding of the control channel, paralyzing the network. Something similar happened later on the East Coast. In both cases, the network over-reacted (automatically, in this case).
Discussion on:
Message 2 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
