[AusNOG] Confirmation of govt blackholing. Was: Re: Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Robert Hudson hudrob at gmail.com
Wed May 15 23:45:25 EST 2013


Unless you've actually operated behind the Great Firewall of China, don't
even joke...

On 15 May 2013 22:49, Joshua D'Alton <joshua at railgun.com.au> wrote:

> Great firewall of china here we come.
>
>
> On Wed, May 15, 2013 at 10:33 PM, Danny O'Brien <danny at spesh.com> wrote:
>
>> A quick final update to this mystery from last month.
>>
>> The office of the Communications Minister confirmed last night that this
>> IP was blackholed (by AAPT and perhaps others) after the Australian
>> Securities and Investment Commission sent a notice under Section 313 for
>> "an IP address that was linked to a fraud website".
>>
>> "Melbourne Free University’s website was hosted at the same IP address as
>> the fraud website, and was unintentionally blocked. Once ASIC were made
>> aware of what had happened, they lifted the original blocking request."
>>
>> (See
>> http://delimiter.com.au/2013/05/15/interpol-filter-scope-creep-asic-ordering-unilateral-website-blocks/ for
>> more details)
>>
>> I'll try and keep this note as operational as I can: ISPs should be aware
>> that more than one government regulator are now claiming to have the legal
>> ability to demand Australian ISPs block upstream IPs. There's no defined
>> limit under 313 on who might place these requests.
>>
>> ISPs obeying these notices also appear to believe that they cannot report
>> on these blocks (even when the regulator in question puts out its own press
>> releases declaring their intentions:
>> http://www.asic.gov.au/asic/asic.nsf/byheadline/13-061MR+ASIC+warns+consumers+about+Global+Capital+Wealth?openDocument
>>  ).
>>
>> I don't currently see any judicial oversight of this system,
>> transparency, or possibility of redress either for ISPs or for their
>> customers. The only reason ASIC were "made aware" that they were blocking
>> innocent Australians was because MFU reached out to numerous groups to find
>> out what was going on, and were refused details by both ISPs and
>> government. The only reason Conroy's office made a statement now, it
>> appears, is because Renai Lemay and others essentially forced the issue.
>>
>> And unlike the recent vigorous discussions over the ACMA blacklist, where
>> ISPs and Australians were given the opportunity to discuss the pros and
>> cons, there has been no public debate. No-one, including it seems many
>> ISPs, were aware that IP blocking through BGP blackholes was a government
>> power.
>>
>> I'd like to thank everyone who helped get to the bottom of this --
>> especially those in the networking community that told us that ASIC might
>> be the cause.
>>
>> If you'd like to talk with me at the Electronic Frontier Foundation or
>> the folks at the Electronic Frontiers Australia about pushing back against
>> these expansions of government power over ISPs, do get in touch on my work
>> address, which is danny at eff.org.
>>
>> From historic experience, accepting these orders without protest is going
>> to encourage more parts of government to seek their own censorship powers,
>> and unless you join others in pushing back, I fear network operators are
>> going to find themselves complicit in doing the very opposite of what they
>> promise their users, which is still providing great connectivity with the
>> rest of the Net.
>>
>> Thanks again for your time,
>>
>> d.
>> International Director, EFF.
>>
>> On Thu, Apr 11, 2013 at 7:53 AM, Danny O'Brien <danny at spesh.com> wrote:
>>
>>> Hi AusNOG,
>>>
>>> Apologies for the interruption -- I work for the Electronic Frontier
>>> Foundation in the US, and usually lurk on the NANOG lists, asking the
>>> occasional curious question about once a decade (Including "Where did Egypt
>>> just go?" http://seclists.org/nanog/2011/Jan/1416 and "What happens
>>> when Ripe.net doesn't pay their domain fees?"
>>> http://seclists.org/nanog/1998/Apr/50 ).
>>>
>>> My question to this even more distinguished audience is a little
>>> narrower:
>>>
>>> We got a message from Melbourne Free University yesterday, whose site
>>> hosted at 198.136.54.104 in the US was unavailable from Optus and Telstra
>>> consumer users.
>>>
>>> It looks to me that this specific IP is being patchily blackholed,
>>> mostly from Australian addresses. My working assumption is that this is due
>>> to DDOS mitigation.
>>>
>>> The reason why Melbourne Free University got in touch with us, though,
>>> was that when they contacted their own broadband service provider., Exetel,
>>> to complain, their support eventually told them that upstream, AAPT, was
>>> blocking it due to an Australian government request, and could say no more
>>> about it. (The ticket is below.)
>>>
>>> MFU is understandably a bit disturbed by such a statement from their
>>> ISP, as are we. I *am* at this stage assuming miscommunication rather than
>>> government action. I've reached out to AAPT and Exetel, and been banging on
>>> BGP looking glasses and traceroutes all day, and not getting much response,
>>> so I thought I'd broaden out the query and ask you all:
>>>
>>> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've
>>> seen people being able to reach .103 and .105 fine, but lose 104) for DDOS
>>> or other operational reasons?
>>>
>>> 2) Hypothetically, can anyone suggest a Federal court order or
>>> government process that would lead to such a blackhole for
>>> *non*-operational reasons?
>>>
>>> Thank you for your attention -- I hope your curiousity is as piqued as
>>> mine was.
>>>
>>> d.
>>>
>>> >     Please note that we regret to inform that the IP address has been
>>> blocked
>>> >     by Australian authority for undisclosed reasons.
>>> >
>>> >     As per our supplier, due to the legal department our supplier is
>>> unable to
>>> >     share any information regarding the blocking of the IP address.
>>> Therefore
>>> >     we are not able to provide the details regarding who has blocked
>>> the IP or
>>> >     why because the supplier wont provide these info.
>>> >
>>> >     Also note that our supplier is unable to have this IP unblocked.
>>> >
>>> >     Level 1 - Network Support Engineer
>>> >     Exetel Pty Ltd
>>>
>>>
>>>  Here is the route taken by an Exetel consumer subscriber using the AAPT
>>> network attempting to access the site.
>>>
>>>       > $ traceroute www.melbournefreeuniversity.org
>>>       > traceroute to melbournefreeuniversity.org (198.136.54.104), 64
>>> hops max, 40
>>>       > byte packets
>>>       >  1  XXXXXXXXXXXXX (192.168.1.254)  1 ms  1 ms  1 ms
>>>       >  2  XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX)  18 ms
>>> 19 ms  18 ms
>>>       >  3  33.2.96.58.static.exetel.com.au (58.96.2.33)  19 ms  18 ms
>>> 19 ms
>>>       >  4  pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73)  24
>>> ms  20 ms
>>>       > 20 ms
>>>       >  5  te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS: Label
>>> 190 Exp 1]
>>>       > 35 ms  35 ms  31 ms
>>>       >  6  te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS:
>>> Label 17412 Exp
>>>       >  7  bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label
>>> 16702 Exp 1]
>>>       > More labels  49 ms More labels  32 ms More labels  31 ms
>>>       >  8  te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label
>>> 895 Exp 1]  31
>>>       > ms  32 ms  33 ms
>>>       >  9  * po6.sclarbrdr01.aapt.net.au (202.10.14.3)  30 ms *
>>>       > 10  * * *
>>>       > 11  * * *
>>>
>>>   Here is the route taken by a Telstra subscriber in Brisbane.
>>>
>>>       >  $ traceroute to www.melbournefreeuniversity.org <
>>> http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops max,
>>> 60 byte packets
>>>       >  1  10.205.XX.XX (10.205.XX.XX)  8.936 ms  8.989 ms  8.977 ms
>>>       >  2  58.160.XX.XX (58.160.XX.XX)  9.349 ms  9.425 ms  9.482 ms
>>>       >  3  58.160.XX.XX (58.160.XX.XX)  9.705 ms  9.765 ms  9.753 ms
>>>       >  4  172.18.241.105 (172.18.241.105)  12.691 ms  12.817 ms
>>> 12.705 ms
>>>       >  5  bundle-ether10-woo10.brisbane.telstra.net (110.142.226.13)
>>> 15.426 ms  15.482 ms  14.644 ms
>>>       >  6  bundle-ether3.woo-core1.brisbane.telstra.net(203.50.11.52)  17.872 ms  12.953 ms  13.940 ms
>>>       >  7  bundle-ether11.chw-core2.sydney.telstra.net (203.50.11.70)
>>> 25.653 ms  26.135 ms  26.054 ms
>>>       >  8  bundle-ether1.pad-gw1.sydney.telstra.net (203.50.6.25)
>>> 27.017 ms  27.078 ms  27.072 ms
>>>       >  9  gigabitethernet0-2.pad-service2.sydney.telstra.net(203.50.6.70)  24.064 ms  24.129 ms  24.111 ms
>>>       > 10  * *
>>>       > 11   *
>>>       > 12   *
>>>       > 13   *
>>>
>>>
>>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130515/df0760da/attachment.html>


More information about the AusNOG mailing list