[116231] in North American Network Operators' Group
Re: AT&T. Layer 6-8 needed.
daemon@ATHENA.MIT.EDU (Joel Esler)
Mon Jul 27 09:06:46 2009
From: Joel Esler <eslerj@gmail.com>
To: John Bambenek <bambenek@gmail.com>
In-Reply-To: <4A6D38CC.6000200@gmail.com>
Date: Mon, 27 Jul 2009 09:05:42 -0400
Cc: "nanog - n. am. network ops group list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I posted it on Twitter. And I was talking with John at the time. =20
We're observing the information that is coming in, but it's hard to =20=
verify something like that when:
A) We haven't heard from our contacts at AT&T.
B) The only information we are seeing "confirming" it is on open =20
mailing lists, and no offense, but given 4chan's proclivity in =20
spreading disinformation extremely well....
C) I don't know if we want to take the word of moot directly from the =20=
4chan website either.
I've read in a couple places that the connectivity is coming back up, =20=
I have a hard time believing that AT&T would do this, and even if they =20=
did, they did it for a legit reason (maybe a DDOS?)
J
On Jul 27, 2009, at 1:19 AM, John Bambenek wrote:
> Someone else posted on twitter, I saw it recently.
>
> To make it even clearer, we'll take your data, sure. Just don't =20
> expect us to jump on it until we verify with something solid.
>
> chris rollin wrote:
>> Uh.
>>
>> You posted on Twitter.
>>
>> The most trusted name in [?]
>>
>> On Mon, Jul 27, 2009 at 12:17 AM, John Bambenek <bambenek@gmail.com =20=
>> <mailto:bambenek@gmail.com>> wrote:
>>
>> We'll take data from **Trusted** sources.
>>
>> I'm just not going to take a public open mailing list post as
>> evidence at this point.
>>
>>
>> chris rollin wrote:
>>
>> Shon wrote:
>>
>> Seth,
>>
>>
>> I said it could be, not that it is. Thanks for pointing
>> that out. However,
>>
>> I
>>
>> believe the reason they are being blocked at AT&T is the
>> main reason I
>>
>> supplied
>>
>> on my first post. The DDoS attack issue is the main ticket
>> here.
>>
>>
>> The ACK storms arent coming from the 4chan servers
>> It's just like the DNS attack (IN/NS/.). It points to the
>> stupidity of AT&T
>> uppers
>> SANS: Are you or arent you soliciting data? I have some to
>> confirm also
>>
>>
>> It's not
>> because of content, or to piss people off. It's to protect
>> their network,
>>
>> as any
>>
>> of you would do when you got DDoSed on your own networks.
>>
>>
>> They are going to get some first hand experience in what
>> Protecting their
>> Network
>> involves real soon, now. Blocking 4chan was an exercise in
>> Stupidity
>>
>>
>> It's damage control,
>>
>>
>> It's a damage challenge.
>>
>>
>> essentially, until they find out who is involved and block
>> them, then
>>
>> they'll
>>
>> likely lift the block.
>>
>>
>> They don't have the right to do this. Not in their
>> TOS/EULA/User-Agreement.
>> Not in any sane legal forum. (I*A*AL)
>>
>>
>> This ISN'T the first time this has happened.
>>
>>
>> Exactly.
>>
>> Now you see the problem ?
>>
>>
>>
>
>
--
Joel Esler
=EF=A3=BF http://www.joelesler.net
=EF=A3=BF http://www.twitter.com/joelesler
[m]
