[ale] AT&T Broadband blocking inbound http?

Michael H. Warfield mhw at wittsend.com
Mon Aug 13 22:40:26 EDT 2001


On Mon, Aug 13, 2001 at 12:28:32AM -0400, Transam at cavu.com wrote:
> > http://help.broadband.att.com/faq.jsp?content_id=792&category_id=54

> > Looks like the party is over for AT&T and @Home customers...

> Thanks for the URL.  I just sent a "support" email to them telling 'em
> what greedy bastards they were for using this as an excuse to block
> port 80 to force people operating web servers to pay them more for
> commercial service.  (You may want to tell them too.)

> I also pointed out that I run Linux so I'm immune to M$'s stupid bugs.
> I also suggested that if they wanted to protect their M$ clients from
> the SirCam virus too that they should block email.

	No, actually, you are not immune.  At least not from secondary
effects.  The rampant traffic on the broadband nets was collapsing
routers and forcing them to take action.  You and my son and myself
and EVERYBODY ELSE was bitching about the service over the last couple
of weeks and it was their infrastructure collapsing under the load of
Code Red beating the bejesus out of all these IIS servers.  Thanks
to M$, most of those users didn't even KNOW they had IIS running
(IIS gets installed silently with certain packages OR if you are
upgrading to Windows 2000 from anything with MS PWS on it - have a
nice day...).

	In case some people were not paying attention to the security
lists, this worm was causing Cisco routers to collapse and taking
a huge number of firewalls and NAT routers to their knees.  If a worm
blows away a router between you and the net because it filled some
connection table with millions of entries, can you really say you
are immune to the effects of the worm?

	Just for some interesting stats...

	I'm currently running a teergrube (tar pit) monitoring over 32,000
addresses and spoofing connections for Code Red to wedge the processes
when they are scanning for servers.  Since Friday, I have been hit on
my address space over 1,000,000 times from over 100,000 unique IP address.
I've been dumping traffic to that "DarkSide" network and it has now been
hitting something close to 500Meg per day.  Do you think that has had an
impact on my bandwidth.  You bet you sweet bootie.  Am I getting infected?
No.  Am I immune to the effects of this bullshit?  No.

	Whether it's an excuse or not, they had every right to cut off
people who were in violation of their published AUP.  My personal
option is that they should have cut off any Code Red propagators, period,
with extreme prejudice.  They chose to cut off web servers of all types,
which, given their contracts and level of service, is entirely appropriate
and reasonable in the face of this emergency.

> (I wasn't operating my web server through them but I've been totally
> disgusted with their service and I have no decent alternatives since
> I cannot get DSL.)

	I have not been happy with their level of service either, but this
is tantanmont to a DDoS attack thanks to Microsoft silently installing
IIS underneath unsuspecting victims of Windows 2000.  AT&T, RoadRunner,
and @Home took entirely appropriate action to contain this infestation
as best they could and preserve their infrastructure (what they have and
as shakey as it is) as best they could.  If it took out a few "not so
innocent bystanders" who just happen to be in total violation of their
contracts, that may just be too bad.  I have a hard time working up
much sympathy in this case.

> Bob
> transam at cavu.com                       [Bob's ALE Bulk email]
> bob at cavu.com                           [Please use for email to me]

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list