[AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Heinz N ausnog at equisoft.com.au
Thu Apr 11 16:08:25 EST 2013 

Hi Danny,

I am on an Exetel link and my traceroute shows some very different routes 
for the 104 as opposed to the 103 & 105. Something IS going on! I can get 
to port 80 on 103 & 105 but not 104. Typical of the "we know what's best 
for you and you don't need to be told the details" attitude of our 
government.

---------------------------------------------
traceroute -n 198.136.54.104
traceroute to 198.136.54.104 (198.136.54.104), 30 hops max, 60 byte  packets
  1  Router  0.235 ms  0.204 ms  0.194 ms
  2  * * *
  3  58.96.2.33  25.566 ms  27.252 ms  28.221 ms
  4  203.174.186.73  33.199 ms  34.178 ms  34.332 ms
  5  203.131.61.30  46.968 ms  46.982 ms  49.600 ms
  6  202.10.12.139  50.068 ms  50.976 ms  52.446 ms
  7  202.10.12.17  54.423 ms  36.774 ms  35.489 ms
  8  202.10.10.72  34.826 ms  31.722 ms  31.526 ms
  9  202.10.12.4  34.503 ms  32.922 ms  33.830 ms
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

--------------------------------------------

traceroute -n 198.136.54.103 (& 105)
traceroute to 198.136.54.103 (198.136.54.103), 30 hops max, 60 byte packets
  1  Router  0.228 ms  0.203 ms  0.234 ms
  2  * * *
  3  58.96.2.3  24.980 ms  26.197 ms  27.674 ms
  4  203.166.42.77  29.854 ms  31.303 ms  32.276 ms
  5  210.80.33.109  32.999 ms  33.765 ms  35.161 ms
  6  210.80.33.9  49.709 ms  49.831 ms  50.550 ms
  7  210.80.51.114  234.473 ms  213.570 ms 210.80.48.117  186.480 ms
  8  152.63.48.113  188.445 ms  188.414 ms  187.767 ms
  9  152.63.51.101  188.494 ms 152.63.114.181  184.539 ms  184.995 ms
10  4.68.62.169  189.190 ms 4.68.62.109  186.897 ms 4.68.62.169  188.203 ms
11  4.69.152.126  250.829 ms 4.69.152.190  292.599 ms 4.69.152.254  253.246 ms
12  4.69.153.25  250.553 ms 4.69.153.21  281.878 ms 4.69.153.9  281.659 ms
13  4.69.132.78  249.262 ms 4.69.148.141  251.259 ms 4.69.132.78  245.866 ms
14  4.69.134.22  244.237 ms  243.399 ms 4.69.148.110  253.283 ms
15  4.69.148.242  255.220 ms 4.69.132.78  252.974 ms  252.684 ms
16  4.69.134.22  251.069 ms 4.69.137.149  244.826 ms 4.69.132.78  254.476 ms
17  4.69.134.22  253.005 ms  250.985 ms  251.305 ms
18  4.69.137.149  249.989 ms 4.69.148.242  249.474 ms *
19  67.30.140.198  254.891 ms * 4.69.137.149  249.451 ms
20  67.30.140.198  252.693 ms * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Regards,
Heinz N


On Wed, 10 Apr 2013, Danny O'Brien wrote:

> Hi AusNOG,
> 
> Apologies for the interruption -- I work for the Electronic Frontier
> Foundation in the US, and usually lurk on the NANOG lists, asking the
> occasional curious question about once a decade (Including "Where did Egypt
> just go?" http://seclists.org/nanog/2011/Jan/1416 and "What happens when
> Ripe.net doesn't pay their domain fees?"
> http://seclists.org/nanog/1998/Apr/50 ).
> 
> My question to this even more distinguished audience is a little narrower:
> 
> We got a message from Melbourne Free University yesterday, whose site hosted
> at 198.136.54.104 in the US was unavailable from Optus and Telstra consumer
> users.
> 
> It looks to me that this specific IP is being patchily blackholed, mostly
> from Australian addresses. My working assumption is that this is due to DDOS
> mitigation.
> 
> The reason why Melbourne Free University got in touch with us, though, was
> that when they contacted their own broadband service provider., Exetel, to
> complain, their support eventually told them that upstream, AAPT, was
> blocking it due to an Australian government request, and could say no more
> about it. (The ticket is below.)
> 
> MFU is understandably a bit disturbed by such a statement from their ISP, as
> are we. I *am* at this stage assuming miscommunication rather than
> government action. I've reached out to AAPT and Exetel, and been banging on
> BGP looking glasses and traceroutes all day, and not getting much response,
> so I thought I'd broaden out the query and ask you all:
> 
> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've seen
> people being able to reach .103 and .105 fine, but lose 104) for DDOS or
> other operational reasons?
> 
> 2) Hypothetically, can anyone suggest a Federal court order or government
> process that would lead to such a blackhole for *non*-operational reasons?
> 
> Thank you for your attention -- I hope your curiousity is as piqued as mine
> was.
> 
> d.
> 
> >     Please note that we regret to inform that the IP address has been
> blocked
> >     by Australian authority for undisclosed reasons.
> >
> >     As per our supplier, due to the legal department our supplier is
> unable to
> >     share any information regarding the blocking of the IP address.
> Therefore
> >     we are not able to provide the details regarding who has blocked the
> IP or
> >     why because the supplier wont provide these info.
> >
> >     Also note that our supplier is unable to have this IP unblocked.
> >
> >     Level 1 - Network Support Engineer
> >     Exetel Pty Ltd
> 
> 
>  Here is the route taken by an Exetel consumer subscriber using the AAPT
> network attempting to access the site.
>  
>       > $ traceroute www.melbournefreeuniversity.org
>       > traceroute to melbournefreeuniversity.org (198.136.54.104), 64 hops
> max, 40
>       > byte packets
>       >  1  XXXXXXXXXXXXX (192.168.1.254)  1 ms  1 ms  1 ms
>       >  2  XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX)  18 ms  19
> ms  18 ms
>       >  3  33.2.96.58.static.exetel.com.au (58.96.2.33)  19 ms  18 ms  19
> ms
>       >  4  pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73)  24 ms 
> 20 ms
>       > 20 ms
>       >  5  te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS: Label 190
> Exp 1]
>       > 35 ms  35 ms  31 ms
>       >  6  te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS: Label
> 17412 Exp
>       >  7  bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label 16702
> Exp 1]
>       > More labels  49 ms More labels  32 ms More labels  31 ms
>       >  8  te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label 895 Exp
> 1]  31
>       > ms  32 ms  33 ms
>       >  9  * po6.sclarbrdr01.aapt.net.au (202.10.14.3)  30 ms *
>       > 10  * * *
>       > 11  * * *
>  
>   Here is the route taken by a Telstra subscriber in Brisbane.
>  
>       >  $ traceroute to www.melbournefreeuniversity.org
> <http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops max, 60
> byte packets
>       >  1  10.205.XX.XX (10.205.XX.XX)  8.936 ms  8.989 ms  8.977 ms
>       >  2  58.160.XX.XX (58.160.XX.XX)  9.349 ms  9.425 ms  9.482 ms
>       >  3  58.160.XX.XX (58.160.XX.XX)  9.705 ms  9.765 ms  9.753 ms
>       >  4  172.18.241.105 (172.18.241.105)  12.691 ms  12.817 ms  12.705 ms
>       >  5  bundle-ether10-woo10.brisbane.telstra.net (110.142.226.13) 
> 15.426 ms  15.482 ms  14.644 ms
>       >  6  bundle-ether3.woo-core1.brisbane.telstra.net (203.50.11.52) 
> 17.872 ms  12.953 ms  13.940 ms
>       >  7  bundle-ether11.chw-core2.sydney.telstra.net (203.50.11.70) 
> 25.653 ms  26.135 ms  26.054 ms
>       >  8  bundle-ether1.pad-gw1.sydney.telstra.net (203.50.6.25)  27.017
> ms  27.078 ms  27.072 ms
>       >  9  gigabitethernet0-2.pad-service2.sydney.telstra.net
> (203.50.6.70)  24.064 ms  24.129 ms  24.111 ms
>       > 10  * *
>       > 11   *
>       > 12   *
>       > 13   *
> 
> 
> 
>

More information about the AusNOG mailing list