[AusNOG] Confirmation of govt blackholing. Was: Re: Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Phillip Grasso phillip.grasso at gmail.com
Wed May 15 23:55:55 EST 2013


knock knock,
who's there.

its <censored>


On Wed, May 15, 2013 at 11:45 PM, Robert Hudson <hudrob at gmail.com> wrote:

> Unless you've actually operated behind the Great Firewall of China, don't
> even joke...
>
>
> On 15 May 2013 22:49, Joshua D'Alton <joshua at railgun.com.au> wrote:
>
>> Great firewall of china here we come.
>>
>>
>> On Wed, May 15, 2013 at 10:33 PM, Danny O'Brien <danny at spesh.com> wrote:
>>
>>> A quick final update to this mystery from last month.
>>>
>>> The office of the Communications Minister confirmed last night that this
>>> IP was blackholed (by AAPT and perhaps others) after the Australian
>>> Securities and Investment Commission sent a notice under Section 313 for
>>> "an IP address that was linked to a fraud website".
>>>
>>> "Melbourne Free University’s website was hosted at the same IP address
>>> as the fraud website, and was unintentionally blocked. Once ASIC were made
>>> aware of what had happened, they lifted the original blocking request."
>>>
>>> (See
>>> http://delimiter.com.au/2013/05/15/interpol-filter-scope-creep-asic-ordering-unilateral-website-blocks/ for
>>> more details)
>>>
>>> I'll try and keep this note as operational as I can: ISPs should be
>>> aware that more than one government regulator are now claiming to have the
>>> legal ability to demand Australian ISPs block upstream IPs. There's no
>>> defined limit under 313 on who might place these requests.
>>>
>>> ISPs obeying these notices also appear to believe that they cannot
>>> report on these blocks (even when the regulator in question puts out its
>>> own press releases declaring their intentions:
>>> http://www.asic.gov.au/asic/asic.nsf/byheadline/13-061MR+ASIC+warns+consumers+about+Global+Capital+Wealth?openDocument
>>>  ).
>>>
>>> I don't currently see any judicial oversight of this system,
>>> transparency, or possibility of redress either for ISPs or for their
>>> customers. The only reason ASIC were "made aware" that they were blocking
>>> innocent Australians was because MFU reached out to numerous groups to find
>>> out what was going on, and were refused details by both ISPs and
>>> government. The only reason Conroy's office made a statement now, it
>>> appears, is because Renai Lemay and others essentially forced the issue.
>>>
>>> And unlike the recent vigorous discussions over the ACMA blacklist,
>>> where ISPs and Australians were given the opportunity to discuss the pros
>>> and cons, there has been no public debate. No-one, including it seems many
>>> ISPs, were aware that IP blocking through BGP blackholes was a government
>>> power.
>>>
>>> I'd like to thank everyone who helped get to the bottom of this --
>>> especially those in the networking community that told us that ASIC might
>>> be the cause.
>>>
>>> If you'd like to talk with me at the Electronic Frontier Foundation or
>>> the folks at the Electronic Frontiers Australia about pushing back against
>>> these expansions of government power over ISPs, do get in touch on my work
>>> address, which is danny at eff.org.
>>>
>>> From historic experience, accepting these orders without protest is
>>> going to encourage more parts of government to seek their own censorship
>>> powers, and unless you join others in pushing back, I fear network
>>> operators are going to find themselves complicit in doing the very opposite
>>> of what they promise their users, which is still providing great
>>> connectivity with the rest of the Net.
>>>
>>> Thanks again for your time,
>>>
>>> d.
>>> International Director, EFF.
>>>
>>> On Thu, Apr 11, 2013 at 7:53 AM, Danny O'Brien <danny at spesh.com> wrote:
>>>
>>>> Hi AusNOG,
>>>>
>>>> Apologies for the interruption -- I work for the Electronic Frontier
>>>> Foundation in the US, and usually lurk on the NANOG lists, asking the
>>>> occasional curious question about once a decade (Including "Where did Egypt
>>>> just go?" http://seclists.org/nanog/2011/Jan/1416 and "What happens
>>>> when Ripe.net doesn't pay their domain fees?"
>>>> http://seclists.org/nanog/1998/Apr/50 ).
>>>>
>>>> My question to this even more distinguished audience is a little
>>>> narrower:
>>>>
>>>> We got a message from Melbourne Free University yesterday, whose site
>>>> hosted at 198.136.54.104 in the US was unavailable from Optus and Telstra
>>>> consumer users.
>>>>
>>>> It looks to me that this specific IP is being patchily blackholed,
>>>> mostly from Australian addresses. My working assumption is that this is due
>>>> to DDOS mitigation.
>>>>
>>>> The reason why Melbourne Free University got in touch with us, though,
>>>> was that when they contacted their own broadband service provider., Exetel,
>>>> to complain, their support eventually told them that upstream, AAPT, was
>>>> blocking it due to an Australian government request, and could say no more
>>>> about it. (The ticket is below.)
>>>>
>>>> MFU is understandably a bit disturbed by such a statement from their
>>>> ISP, as are we. I *am* at this stage assuming miscommunication rather than
>>>> government action. I've reached out to AAPT and Exetel, and been banging on
>>>> BGP looking glasses and traceroutes all day, and not getting much response,
>>>> so I thought I'd broaden out the query and ask you all:
>>>>
>>>> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've
>>>> seen people being able to reach .103 and .105 fine, but lose 104) for DDOS
>>>> or other operational reasons?
>>>>
>>>> 2) Hypothetically, can anyone suggest a Federal court order or
>>>> government process that would lead to such a blackhole for
>>>> *non*-operational reasons?
>>>>
>>>> Thank you for your attention -- I hope your curiousity is as piqued as
>>>> mine was.
>>>>
>>>> d.
>>>>
>>>> >     Please note that we regret to inform that the IP address has been
>>>> blocked
>>>> >     by Australian authority for undisclosed reasons.
>>>> >
>>>> >     As per our supplier, due to the legal department our supplier is
>>>> unable to
>>>> >     share any information regarding the blocking of the IP address.
>>>> Therefore
>>>> >     we are not able to provide the details regarding who has blocked
>>>> the IP or
>>>> >     why because the supplier wont provide these info.
>>>> >
>>>> >     Also note that our supplier is unable to have this IP unblocked.
>>>> >
>>>> >     Level 1 - Network Support Engineer
>>>> >     Exetel Pty Ltd
>>>>
>>>>
>>>>  Here is the route taken by an Exetel consumer subscriber using the
>>>> AAPT network attempting to access the site.
>>>>
>>>>       > $ traceroute www.melbournefreeuniversity.org
>>>>       > traceroute to melbournefreeuniversity.org (198.136.54.104), 64
>>>> hops max, 40
>>>>       > byte packets
>>>>       >  1  XXXXXXXXXXXXX (192.168.1.254)  1 ms  1 ms  1 ms
>>>>       >  2  XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX)  18 ms
>>>> 19 ms  18 ms
>>>>       >  3  33.2.96.58.static.exetel.com.au (58.96.2.33)  19 ms  18
>>>> ms  19 ms
>>>>       >  4  pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73)  24
>>>> ms  20 ms
>>>>       > 20 ms
>>>>       >  5  te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS: Label
>>>> 190 Exp 1]
>>>>       > 35 ms  35 ms  31 ms
>>>>       >  6  te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS:
>>>> Label 17412 Exp
>>>>       >  7  bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label
>>>> 16702 Exp 1]
>>>>       > More labels  49 ms More labels  32 ms More labels  31 ms
>>>>       >  8  te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label
>>>> 895 Exp 1]  31
>>>>       > ms  32 ms  33 ms
>>>>       >  9  * po6.sclarbrdr01.aapt.net.au (202.10.14.3)  30 ms *
>>>>       > 10  * * *
>>>>       > 11  * * *
>>>>
>>>>   Here is the route taken by a Telstra subscriber in Brisbane.
>>>>
>>>>       >  $ traceroute to www.melbournefreeuniversity.org <
>>>> http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops max,
>>>> 60 byte packets
>>>>       >  1  10.205.XX.XX (10.205.XX.XX)  8.936 ms  8.989 ms  8.977 ms
>>>>       >  2  58.160.XX.XX (58.160.XX.XX)  9.349 ms  9.425 ms  9.482 ms
>>>>       >  3  58.160.XX.XX (58.160.XX.XX)  9.705 ms  9.765 ms  9.753 ms
>>>>       >  4  172.18.241.105 (172.18.241.105)  12.691 ms  12.817 ms
>>>> 12.705 ms
>>>>       >  5  bundle-ether10-woo10.brisbane.telstra.net(110.142.226.13)  15.426 ms  15.482 ms  14.644 ms
>>>>       >  6  bundle-ether3.woo-core1.brisbane.telstra.net(203.50.11.52)  17.872 ms  12.953 ms  13.940 ms
>>>>       >  7  bundle-ether11.chw-core2.sydney.telstra.net(203.50.11.70)  25.653 ms  26.135 ms  26.054 ms
>>>>       >  8  bundle-ether1.pad-gw1.sydney.telstra.net (203.50.6.25)
>>>> 27.017 ms  27.078 ms  27.072 ms
>>>>       >  9  gigabitethernet0-2.pad-service2.sydney.telstra.net(203.50.6.70)  24.064 ms  24.129 ms  24.111 ms
>>>>       > 10  * *
>>>>       > 11   *
>>>>       > 12   *
>>>>       > 13   *
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130515/28386bfe/attachment.html>


More information about the AusNOG mailing list