6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Hacks: Why AT&T blocked 4Chan

About Video Transcript

Hacks: Why AT&T blocked 4Chan

3:25 /

We walk through the TCP SYN attack that almost sparked an Internet war.

AT&T caused a flurry of fury when they blocked a server from the online forum, 4chan. On this episode of Hacks, we'll look at the DoS attack against 4Chan and how and why AT&T reacted. The trouble started with neither AT&T nor 4Chan. A third party attacker, possibly a rival forum, started a Denial of Service attack known as TCP SYN flooding, or SYN attack. First let's look at what's supposed to happen when you request a Web page. Your computer let's call it HOME sends a SYN request to the Web Server, (SYN for Synchronize sequence numbers) in this case the server is img.4chan.org. 4Chan's server responds with an ACK flag (short for acknowledge) and then your computer responds with a SYN-ACK and from there the connection is made. In 4Chan's case, the Attacker sent SYN requests with spoofed IP addresses. In other words the requests appeared to come from some other computer or computers, for this example let's call it 127.55.55.127. 4Chan's server responded with an ACK, but since 127.55.55.127 never sent the SYN in the first place, it either sends an RST flag or more likely, nothing at all. And if 4CHAN gets nothing at all it may send 4 or 5 ACKs for every SYN it receives. This whole senario can take around 3 minutes to play out. So now you can see the problem. If the attacker is sending a bunch of SYN's from a bunch of spoofed addresses, the attacked server is going to run out of resources responding to them. The flood of traffic, not only fills up 4Chan, but also floods innocent bystanders. In 4Chan's case, some of these bystanders were in the AT&T network. Some were in other networks like unWired Broadband. But since AT&T is the big kahuna, they got all the attention. AT&T blocked all traffic coming from the 4Chan server sending out the ACK flags. This stopped the ACKs from flooding into AT&T's network, but also prevented any legitimate requests from their network to that 4Chan server. A few AT&T subscribers who suddenly couldn't get to 4Chan, figured AT&T was blocking the often controversial site. So they started grumbling. 4Chan complained that AT&T should have only filtered their server for the sites who had been spoofed. However, if AT&T had done that, and the attackers caught on, they could spoofed different IP addresses. AT&T was taking the rather cautious approach of blocking the entire server, making it irrelevant what IP addresses were spoofed. 4Chan did filter the DoS attack so that it didn't bring down their site, but they were still passing along the ACK requests which caused the trouble. Once they stopped that from happening, AT&T lifted the ban on img.4chan.org, and all went back to the peaceful happy land it had been before. Sort of. Well, except for the CNN iReport 4Chan users put up claiming the AT&T CEO was dead. Hope that sheds some light on the shenanigans of the weekend of July 26th, 2009. I'm Tom Merritt, CNET.com.

New releases

XCAR Awards 2014: Person of the year
1:41 December 20, 2014
Some incredibly people crossed paths with XCAR in 2014. We look back to see who impressed us most.
Play video
2014 BMW i8 (CNET On Cars, Episode 56)
19:02 December 19, 2014
BMW's i8 is definitely a taste of the future -- but whose? We'll shed some light on MPGe, the benchmark for tomorrow's cars. And we...
Play video
Need a new size? Just tap the mirror
1:55 December 19, 2014
In a place where fashion comes first, tech is coming in at a close second. In major department stores and small boutiques, the dressing...
Play video
Did life forms exist on Mars? Curiosity makes a big find, Ep. 187
4:46 December 19, 2014
It's the last Crave show of 2014. This week, Curiosity makes a huge discovery, the US Navy has a shark drone and American satellites...
Play video
Obama: Sony wrong to pull movie over hackers' threats
2:56 December 19, 2014
President Obama addresses the Sony cyberattack and vows to respond to North Korea. Also, T-Mobile settles cramming lawsuit, and Facebook...
Play video
A cheap activity tracker you will actually want to wear
2:11 December 19, 2014
CNET's Dan Graziano gives you a look at one of the most affordable fitness trackers on the market.
Play video
Embarrassing moments in tech (2014)
2:53 December 19, 2014
The high profile tech of 2014 that aimed for the stars and landed in the gutter.
Play video
Solid tablet design hindered by so-so performance
2:48 December 19, 2014
The Lenovo Yoga Tablet 2 has an excellent ergonomic build, but its performance lacks the same finesse.
Play video