[AusNOG] Confirmation of govt blackholing. Was: Re: Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Chris Macko cmacko at intervolve.com.au
Thu May 16 06:34:35 EST 2013


Good morning Australia! :-)

I'd feel this is exactly what will you get when unsavvy-tech politicians start tinkering with the internet. A message for Senator Conroy and others currently in office: Stay out and leave it to the experts (the overall IT business community and experts within), until the stage we have more knowledgeable technology experts in politics.....

That and it'd be grand if policians became personally liable to the Australian public. As officers within private/public enterprise we are personally liable, so why aren't politicians..... I find it staggering that they can decide what to do with all our billions and yet no one in politics is liable for poor choices and poor policy that equate to billions lost in ratepayers funds. Lately there has been too much of this poor policy. On this occasion, perhaps the losses made by other businesses (that were not the cause of scam) and that were incorrectly blocked should send their claim to the departments that were responsible for the policy / legislation changes....

Food for thought. Shaking head.

Chris Macko
________________________________
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Joshua D'Alton
Sent: Thursday, 16 May 2013 1:02 AM
To: Robert Hudson
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Confirmation of govt blackholing. Was: Re: Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Yes I have, 2 in fact, and its been a royal PITA.


On Wed, May 15, 2013 at 11:45 PM, Robert Hudson <hudrob at gmail.com<mailto:hudrob at gmail.com>> wrote:
Unless you've actually operated behind the Great Firewall of China, don't even joke...


On 15 May 2013 22:49, Joshua D'Alton <joshua at railgun.com.au<mailto:joshua at railgun.com.au>> wrote:
Great firewall of china here we come.


On Wed, May 15, 2013 at 10:33 PM, Danny O'Brien <danny at spesh.com<mailto:danny at spesh.com>> wrote:
A quick final update to this mystery from last month.

The office of the Communications Minister confirmed last night that this IP was blackholed (by AAPT and perhaps others) after the Australian Securities and Investment Commission sent a notice under Section 313 for "an IP address that was linked to a fraud website".

"Melbourne Free University's website was hosted at the same IP address as the fraud website, and was unintentionally blocked. Once ASIC were made aware of what had happened, they lifted the original blocking request."

(See http://delimiter.com.au/2013/05/15/interpol-filter-scope-creep-asic-ordering-unilateral-website-blocks/ for more details)

I'll try and keep this note as operational as I can: ISPs should be aware that more than one government regulator are now claiming to have the legal ability to demand Australian ISPs block upstream IPs. There's no defined limit under 313 on who might place these requests.

ISPs obeying these notices also appear to believe that they cannot report on these blocks (even when the regulator in question puts out its own press releases declaring their intentions: http://www.asic.gov.au/asic/asic.nsf/byheadline/13-061MR+ASIC+warns+consumers+about+Global+Capital+Wealth?openDocument ).

I don't currently see any judicial oversight of this system, transparency, or possibility of redress either for ISPs or for their customers. The only reason ASIC were "made aware" that they were blocking innocent Australians was because MFU reached out to numerous groups to find out what was going on, and were refused details by both ISPs and government. The only reason Conroy's office made a statement now, it appears, is because Renai Lemay and others essentially forced the issue.

And unlike the recent vigorous discussions over the ACMA blacklist, where ISPs and Australians were given the opportunity to discuss the pros and cons, there has been no public debate. No-one, including it seems many ISPs, were aware that IP blocking through BGP blackholes was a government power.

I'd like to thank everyone who helped get to the bottom of this -- especially those in the networking community that told us that ASIC might be the cause.

If you'd like to talk with me at the Electronic Frontier Foundation or the folks at the Electronic Frontiers Australia about pushing back against these expansions of government power over ISPs, do get in touch on my work address, which is danny at eff.org<mailto:danny at eff.org>.

>From historic experience, accepting these orders without protest is going to encourage more parts of government to seek their own censorship powers, and unless you join others in pushing back, I fear network operators are going to find themselves complicit in doing the very opposite of what they promise their users, which is still providing great connectivity with the rest of the Net.

Thanks again for your time,

d.
International Director, EFF.

On Thu, Apr 11, 2013 at 7:53 AM, Danny O'Brien <danny at spesh.com<mailto:danny at spesh.com>> wrote:
Hi AusNOG,

Apologies for the interruption -- I work for the Electronic Frontier Foundation in the US, and usually lurk on the NANOG lists, asking the occasional curious question about once a decade (Including "Where did Egypt just go?" http://seclists.org/nanog/2011/Jan/1416 and "What happens when Ripe.net doesn't pay their domain fees?" http://seclists.org/nanog/1998/Apr/50 ).

My question to this even more distinguished audience is a little narrower:

We got a message from Melbourne Free University yesterday, whose site hosted at 198.136.54.104 in the US was unavailable from Optus and Telstra consumer users.

It looks to me that this specific IP is being patchily blackholed, mostly from Australian addresses. My working assumption is that this is due to DDOS mitigation.

The reason why Melbourne Free University got in touch with us, though, was that when they contacted their own broadband service provider., Exetel, to complain, their support eventually told them that upstream, AAPT, was blocking it due to an Australian government request, and could say no more about it. (The ticket is below.)

MFU is understandably a bit disturbed by such a statement from their ISP, as are we. I *am* at this stage assuming miscommunication rather than government action. I've reached out to AAPT and Exetel, and been banging on BGP looking glasses and traceroutes all day, and not getting much response, so I thought I'd broaden out the query and ask you all:

1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've seen people being able to reach .103 and .105 fine, but lose 104) for DDOS or other operational reasons?

2) Hypothetically, can anyone suggest a Federal court order or government process that would lead to such a blackhole for *non*-operational reasons?

Thank you for your attention -- I hope your curiousity is as piqued as mine was.

d.

>     Please note that we regret to inform that the IP address has been blocked
>     by Australian authority for undisclosed reasons.
>
>     As per our supplier, due to the legal department our supplier is unable to
>     share any information regarding the blocking of the IP address. Therefore
>     we are not able to provide the details regarding who has blocked the IP or
>     why because the supplier wont provide these info.
>
>     Also note that our supplier is unable to have this IP unblocked.
>
>     Level 1 - Network Support Engineer
>     Exetel Pty Ltd


 Here is the route taken by an Exetel consumer subscriber using the AAPT network attempting to access the site.

      > $ traceroute www.melbournefreeuniversity.org<http://www.melbournefreeuniversity.org>
      > traceroute to melbournefreeuniversity.org<http://melbournefreeuniversity.org> (198.136.54.104), 64 hops max, 40
      > byte packets
      >  1  XXXXXXXXXXXXX (192.168.1.254)  1 ms  1 ms  1 ms
      >  2  XXX.XXX.96.58.static.exetel.com.au<http://XXX.XXX.96.58.static.exetel.com.au> (58.96.XXX.XXX)  18 ms  19 ms  18 ms
      >  3  33.2.96.58.static.exetel.com.au<http://33.2.96.58.static.exetel.com.au> (58.96.2.33)  19 ms  18 ms  19 ms
      >  4  pe-5017370-mburninte01.gw.aapt.com.au<http://pe-5017370-mburninte01.gw.aapt.com.au> (203.174.186.73)  24 ms  20 ms
      > 20 ms
      >  5  te3-3.mburndist01.aapt.net.au<http://te3-3.mburndist01.aapt.net.au> (203.131.61.30) [MPLS: Label 190 Exp 1]
      > 35 ms  35 ms  31 ms
      >  6  te0-3-4-0.mburncore01.aapt.net.au<http://te0-3-4-0.mburncore01.aapt.net.au> (202.10.12.15) [MPLS: Label 17412 Exp
      >  7  bu2.sclarcore01.aapt.net.au<http://bu2.sclarcore01.aapt.net.au> (202.10.10.74) [MPLS: Label 16702 Exp 1]
      > More labels  49 ms More labels  32 ms More labels  31 ms
      >  8  te2-2.sclardist01.aapt.net.au<http://te2-2.sclardist01.aapt.net.au> (202.10.12.2) [MPLS: Label 895 Exp 1]  31
      > ms  32 ms  33 ms
      >  9  * po6.sclarbrdr01.aapt.net.au<http://po6.sclarbrdr01.aapt.net.au> (202.10.14.3)  30 ms *
      > 10  * * *
      > 11  * * *

  Here is the route taken by a Telstra subscriber in Brisbane.

      >  $ traceroute to www.melbournefreeuniversity.org<http://www.melbournefreeuniversity.org> <http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops max, 60 byte packets
      >  1  10.205.XX.XX (10.205.XX.XX)  8.936 ms  8.989 ms  8.977 ms
      >  2  58.160.XX.XX (58.160.XX.XX)  9.349 ms  9.425 ms  9.482 ms
      >  3  58.160.XX.XX (58.160.XX.XX)  9.705 ms  9.765 ms  9.753 ms
      >  4  172.18.241.105 (172.18.241.105)  12.691 ms  12.817 ms  12.705 ms
      >  5  bundle-ether10-woo10.brisbane.telstra.net<http://bundle-ether10-woo10.brisbane.telstra.net> (110.142.226.13)  15.426 ms  15.482 ms  14.644 ms
      >  6  bundle-ether3.woo-core1.brisbane.telstra.net<http://bundle-ether3.woo-core1.brisbane.telstra.net> (203.50.11.52)  17.872 ms  12.953 ms  13.940 ms
      >  7  bundle-ether11.chw-core2.sydney.telstra.net<http://bundle-ether11.chw-core2.sydney.telstra.net> (203.50.11.70)  25.653 ms  26.135 ms  26.054 ms
      >  8  bundle-ether1.pad-gw1.sydney.telstra.net<http://bundle-ether1.pad-gw1.sydney.telstra.net> (203.50.6.25)  27.017 ms  27.078 ms  27.072 ms
      >  9  gigabitethernet0-2.pad-service2.sydney.telstra.net<http://gigabitethernet0-2.pad-service2.sydney.telstra.net> (203.50.6.70)  24.064 ms  24.129 ms  24.111 ms
      > 10  * *
      > 11   *
      > 12   *
      > 13   *




_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130515/7529913c/attachment.html>


More information about the AusNOG mailing list