Network News

X My Profile
View More Activity
Posted at 11:20 AM ET, 12/28/2010

4chan knocked offline by denial-of-service attack

By Rob Pegoraro

A site that's been used to launch some of the Internet's more creatively malicious attacks has become the victim of one. 4chan, the free-form set of anonymous message boards behind such pranks as getting a racial slur atop Google's list of search topics and "denial-of-service" attacks against high-profile commercial sites, has been out of action since sometime this morning.

The site's founder, Christopher Poole (aka "moot"), posted the news on its status blog at 2:39 a.m.:

Site is down due to DDoS. We now join the ranks of MasterCard, Visa, PayPal, et al.--an exclusive club!

"DDoS" is short for "distributed denial of service," in which users employ hundreds or thousands of computers to hit a site with enough spurious requests that it crumples under the load. 4chan's users have been behind more than a few DDoS attacks themselves, such as when they knocked the sites of the Motion Picture Association of America and the Recording Industry Association of America offline in September.

(I suspect that if you put your ear to the front door of either group's D.C. office, you may hear mocking laughter.)

They also had a role in successful DDoS attacks against Visa and MasterCard's sites earlier this month, a retaliation against those firms' refusals to process donations to Wikileaks. 4chan users also targeted PayPal's blog.

The irony of 4chan becoming a victim of a DDoS attack--by whom remains a mystery--has not gone unnoticed. The site's Twitter update joked "we figured @MasterCard, @PayPal, and #Visa were lonely." The tech-news site Slashdot's post on the situation bears the tag "haha."

Earlier this morning, 4chan's boards were offline while the text of its home page still loaded. (For those of you tempted to check out the site on an office computer, that would not have been a good thing; much of its, ahem, visual content is of the not-safe-for-work variety.) Now, however, the entire site appears offline.

DDoS attacks look to become an increasingly common sport on the Internet, Harvard University's Berkman Center for Internet and Society concluded in a study released Dec. 20. Researchers Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York and John Palfrey noted the MPAA outage and other DDoS campaigns and observed in their study (PDF) that "we expect these attacks to become more common."

The primary remedy they suggested could carry costs of its own:

All organizations should carefully consider whether to host their sites on a free, highly DDoS- resistant hosting service like Blogger, even at the cost of prestige, functionality and possible intermediary censorship.

Here's where an otherwise potentially-silly post has to get a little serious. If any site can get "DDoSed," and the safest defense is to rely on large, commercial hosting services with the resources to withstand those attacks, doesn't that make it easier for governments or incumbent corporations to stage a different sort of denial-of-service campaign--along the lines of how Web and financial firms have been pressured to drop Wikileaks--against those same well-established services?

I don't know that there is any sort of solution for this, and I'm not expecting one to emerge in the comments. But while you speculate about who might have given 4chan a dose of its own medicine--perhaps MasterCard, because timely revenge is priceless?--take a moment to think about where these trends might lead us.

By Rob Pegoraro  | December 28, 2010; 11:20 AM ET
Categories:  Digital culture, Security  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: iPads used to help children with autism
Next: iPad 2 may have three versions, March/April release date

Comments

Typical Washington Post... Rob Pegoraro has no clue what he is talking about and no one there thought to fact check him.

4chan users were NOT responsible for the Visa/MasterCard/PayPal DDoS attacks.

Posted by: darkknight311 | December 28, 2010 12:51 PM | Report abuse

Successful DDOS attempts on 4chan happen at least 3 times a year. This is nothing new. Someone is attempting to DDOS 4chan every day of the year, sometimes the succeed. It's a system of griefers griefing griefers, and its ongoing. Closely akin to a series of checks and balances. Moot's response is comical because he has been through this time and time again.

Hardly news worthy. A waste of internets.

Posted by: supersneakyninjaboy | December 28, 2010 12:51 PM | Report abuse

many compnies have moore bandwidth than own machines can process. 10 mb/s in with nowhere that level of sustained processing capability.

solution, more machines for end user.

Signed:PHYSICIAN THOMAS STEWART von DRASHEK M.D.

Posted by: thomasxstewart1 | December 28, 2010 1:48 PM | Report abuse

"...and nothing of value was lost."

Posted by: charlesbakerharris | December 28, 2010 1:54 PM | Report abuse

"For those of you tempted to check out the site on an office computer, that would not have been a good thing; much of its, ahem, visual content is of the not-safe-for-work variety." Actually, most of it is just fine as long as you stay away from B and the other threads that are obviously NSFW.

Posted by: futbolclif | December 28, 2010 1:56 PM | Report abuse

Secondary DNS servers, multiple servers, and multiple paths to the stored information are all inexpensive solutions to DDOS attacks.

Sites with one main path to the information, like a bottleneck through one main nameserver, are more likely to succumb to DDOS.

DDOS overwhelms one pathway to or from the information on the Internet. Having alternative paths, like through more than one main nameserver or through mirrored storage, makes it more difficult for the reporting paths to be overwhelmed.

Even though there may be several ways for the information to get out, if there are enough requests bogging down the limited paths in or out, it's possible to create a traffic jam.

Nothing's foolproof; but, having some alternatives built into the network pathways are an important part of keeping a server broadcasting.

It's similar to having more than one person at your business prepared to answer multi-lined telephones.

The answer to reducing the likelihood of getting swamped by DDOS is to have a considerable amount of transmitting and receiving flexibility and control built in to the network design before it goes public.

Build only one way in and no way to shut the door, and your business is more likely to be clogged by a traffic jam.

DDOS is a crude example of a deliberate traffic jam.

So, to free up the jam, build in a service entrance and a secondary entrance for customers; each with doorways and hallways to the information that the server owner can control.

As long as their is a single chokepoint inbetween the general public and the information, a website's network will be that much more vulnerable to DDOS.

Good basic network design can keep a website broadcasting through DDOS. Chances are most large companies already build in features that prevent traffic jams on their networks, just as a routine part of handling lots of traffic. The same ideas that would keep them broadcasting 24/7, even when routine maintenance would be needed, are the ones that can help them handle other clogs, like DDOS attacks.

An average subscription to an alternate nameserver is usually available for about $25 a year. Similarly, a big business could install its own mirror with relative ease by simply having more than one commercial ISP support their servers.

If you have a website for commercial reasons, and that website is necessary for running one's business, it'd be common to take these kinds of basic steps (or, something better) as part of building a stable website.

People who are in the business of catching customers on the Internet will already want to be able to handle high volumes; so, they'll probably already design their networks to be good to nodes that service a city. With those routinely updated daily or several times a day, it's not that hard to keep going despite DDOS.

Even if they swamp you today, it's still possible to start completely over tomorrow.

I suppose these kinds of ideas were already understood, above.

Posted by: agx48 | December 28, 2010 2:44 PM | Report abuse

Good riddance, that place is just full of Captain Picards anyway.

Posted by: ozpunk | December 28, 2010 3:13 PM | Report abuse

The average person, surfing the Internet for their own reasons, also often has their own network duplicity built into their own procedures.

People, as individuals, are effectively protecting themselves, personally, from DDOS attacks by doing things like having multiple websites broadcast their personal information.

Having a Facebook page, a Twitter feed, an email account and an ISP all through different websites would be four layers of protection against a DDOS attack.

If someone really wanted to squash somebody with a personalized DDOS, it'd be possible; but, as you can imagine, with more than one target to overwhelm, the process for swamping people with DDOS is just that much harder.

So, in response to the closing line of the article about what does this kind of thing mean for the future: I'd say, the Internet is already crowded. We're already dealing with preventing getting crowded out by jams.

If we see a future rise in the number or tenacity of people trying to deliberately cause a jam, well, that'll increase inconvenience. Yet, we're already having to cope with that by the sheer number of people who are on the Internet.

I'd say, as individual Internet users, readers here are probably over 90% likely to avoid any kind of personal DDOS attack; solely because they're going to log in to the Internet in multiple places (geographic variety) and transmit and receive data from a variety of websites (geographic variety in received or broadcast information).

There may be some growing pains as people concentrate or spread out over areas (and so, their Internet use); but, overall, the reality of DDOS is that the inconvenience doesn't much persist.

The inefficiency of the large, redundant network that is the Internet itself has, as one of its inherent qualities, an ironic lack of overall coordination as one of its characteristics.

Those inefficiencies, those uncoordinated parts of it all, the constant fluctuations in usage worldwide: these are all aspects which make it less likely for the entire group to be at the mercy of a very small group of DDOS broadcasters, for a sustained amount of time.

Not impossible; but, it's overall not much more likely than other problems with bulk traffic.

Just having lots of people or transmissions (like a DDOS) on the Internet, is by itself, not much of a change to the whole structure of the network. The whole thing is on and overloaded all the time anyway.

Posted by: agx48 | December 28, 2010 3:16 PM | Report abuse

Post a Comment

We encourage users to analyze, comment on and even challenge washingtonpost.com's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.




characters remaining

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company