[ale] AT&T Broadband blocking inbound http?

Jeff Hubbs jhubbs at telocity.com
Mon Aug 13 23:46:28 EDT 2001 

Mike -

Speaking of which, I've been finding, much to my frustration, that there
appear to be whole swaths of .mil-domain Web servers that have been down
for days, including the main Web sites for Robins AFB, Maxwell AFB, and
Forts McPherson, Benning, and Gordon.   

- Jeff



"Michael H. Warfield" wrote:
> 
> On Mon, Aug 13, 2001 at 12:28:32AM -0400, Transam at cavu.com wrote:
> > > http://help.broadband.att.com/faq.jsp?content_id=792&category_id=54
> 
> > > Looks like the party is over for AT&T and @Home customers...
> 
> > Thanks for the URL.  I just sent a "support" email to them telling 'em
> > what greedy bastards they were for using this as an excuse to block
> > port 80 to force people operating web servers to pay them more for
> > commercial service.  (You may want to tell them too.)
> 
> > I also pointed out that I run Linux so I'm immune to M$'s stupid bugs.
> > I also suggested that if they wanted to protect their M$ clients from
> > the SirCam virus too that they should block email.
> 
>         No, actually, you are not immune.  At least not from secondary
> effects.  The rampant traffic on the broadband nets was collapsing
> routers and forcing them to take action.  You and my son and myself
> and EVERYBODY ELSE was bitching about the service over the last couple
> of weeks and it was their infrastructure collapsing under the load of
> Code Red beating the bejesus out of all these IIS servers.  Thanks
> to M$, most of those users didn't even KNOW they had IIS running
> (IIS gets installed silently with certain packages OR if you are
> upgrading to Windows 2000 from anything with MS PWS on it - have a
> nice day...).
> 
>         In case some people were not paying attention to the security
> lists, this worm was causing Cisco routers to collapse and taking
> a huge number of firewalls and NAT routers to their knees.  If a worm
> blows away a router between you and the net because it filled some
> connection table with millions of entries, can you really say you
> are immune to the effects of the worm?
> 
>         Just for some interesting stats...
> 
>         I'm currently running a teergrube (tar pit) monitoring over 32,000
> addresses and spoofing connections for Code Red to wedge the processes
> when they are scanning for servers.  Since Friday, I have been hit on
> my address space over 1,000,000 times from over 100,000 unique IP address.
> I've been dumping traffic to that "DarkSide" network and it has now been
> hitting something close to 500Meg per day.  Do you think that has had an
> impact on my bandwidth.  You bet you sweet bootie.  Am I getting infected?
> No.  Am I immune to the effects of this bullshit?  No.
> 
>         Whether it's an excuse or not, they had every right to cut off
> people who were in violation of their published AUP.  My personal
> option is that they should have cut off any Code Red propagators, period,
> with extreme prejudice.  They chose to cut off web servers of all types,
> which, given their contracts and level of service, is entirely appropriate
> and reasonable in the face of this emergency.
> 
> > (I wasn't operating my web server through them but I've been totally
> > disgusted with their service and I have no decent alternatives since
> > I cannot get DSL.)
> 
>         I have not been happy with their level of service either, but this
> is tantanmont to a DDoS attack thanks to Microsoft silently installing
> IIS underneath unsuspecting victims of Windows 2000.  AT&T, RoadRunner,
> and @Home took entirely appropriate action to contain this infestation
> as best they could and preserve their infrastructure (what they have and
> as shakey as it is) as best they could.  If it took out a few "not so
> innocent bystanders" who just happen to be in total violation of their
> contracts, that may just be too bad.  I have a hard time working up
> much sympathy in this case.
> 
> > Bob
> > transam at cavu.com                       [Bob's ALE Bulk email]
> > bob at cavu.com                           [Please use for email to me]
> 
>         Mike
> --
>  Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
>   (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
>   NIC whois:  MHW9      |  An optimist believes we live in the best of all
>  PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list