[AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Jon Smith smithj at shedit.net.au
Thu Apr 11 16:28:40 EST 2013


I work for a school and our web filter appliance has that IP address 
catagorised as porn.

Cheers,

Jon

On 11/04/2013 3:53 PM, Danny O'Brien wrote:
> Hi AusNOG,
>
> Apologies for the interruption -- I work for the Electronic Frontier 
> Foundation in the US, and usually lurk on the NANOG lists, asking the 
> occasional curious question about once a decade (Including "Where did 
> Egypt just go?" http://seclists.org/nanog/2011/Jan/1416 and "What 
> happens when Ripe.net doesn't pay their domain fees?" 
> http://seclists.org/nanog/1998/Apr/50 ).
>
> My question to this even more distinguished audience is a little 
> narrower:
>
> We got a message from Melbourne Free University yesterday, whose site 
> hosted at 198.136.54.104 in the US was unavailable from Optus and 
> Telstra consumer users.
>
> It looks to me that this specific IP is being patchily blackholed, 
> mostly from Australian addresses. My working assumption is that this 
> is due to DDOS mitigation.
>
> The reason why Melbourne Free University got in touch with us, though, 
> was that when they contacted their own broadband service provider., 
> Exetel, to complain, their support eventually told them that upstream, 
> AAPT, was blocking it due to an Australian government request, and 
> could say no more about it. (The ticket is below.)
>
> MFU is understandably a bit disturbed by such a statement from their 
> ISP, as are we. I *am* at this stage assuming miscommunication rather 
> than government action. I've reached out to AAPT and Exetel, and been 
> banging on BGP looking glasses and traceroutes all day, and not 
> getting much response, so I thought I'd broaden out the query and ask 
> you all:
>
> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've 
> seen people being able to reach .103 and .105 fine, but lose 104) for 
> DDOS or other operational reasons?
>
> 2) Hypothetically, can anyone suggest a Federal court order or 
> government process that would lead to such a blackhole for 
> *non*-operational reasons?
>
> Thank you for your attention -- I hope your curiousity is as piqued as 
> mine was.
>
> d.
>
> >     Please note that we regret to inform that the IP address has 
> been blocked
> >     by Australian authority for undisclosed reasons.
> >
> >     As per our supplier, due to the legal department our supplier is 
> unable to
> >     share any information regarding the blocking of the IP address. 
> Therefore
> >     we are not able to provide the details regarding who has blocked 
> the IP or
> >     why because the supplier wont provide these info.
> >
> >     Also note that our supplier is unable to have this IP unblocked.
> >
> >     Level 1 - Network Support Engineer
> >     Exetel Pty Ltd
>
>
>  Here is the route taken by an Exetel consumer subscriber using the 
> AAPT network attempting to access the site.
>
>       > $ traceroute www.melbournefreeuniversity.org 
> <http://www.melbournefreeuniversity.org>
>       > traceroute to melbournefreeuniversity.org 
> <http://melbournefreeuniversity.org> (198.136.54.104), 64 hops max, 40
>       > byte packets
>       >  1  XXXXXXXXXXXXX (192.168.1.254)  1 ms  1 ms  1 ms
>       >  2 XXX.XXX.96.58.static.exetel.com.au 
> <http://XXX.XXX.96.58.static.exetel.com.au> (58.96.XXX.XXX)  18 ms  19 
> ms  18 ms
>       >  3 33.2.96.58.static.exetel.com.au 
> <http://33.2.96.58.static.exetel.com.au> (58.96.2.33)  19 ms  18 ms  19 ms
>       >  4 pe-5017370-mburninte01.gw.aapt.com.au 
> <http://pe-5017370-mburninte01.gw.aapt.com.au> (203.174.186.73)  24 
> ms  20 ms
>       > 20 ms
>       >  5 te3-3.mburndist01.aapt.net.au 
> <http://te3-3.mburndist01.aapt.net.au> (203.131.61.30) [MPLS: Label 
> 190 Exp 1]
>       > 35 ms  35 ms  31 ms
>       >  6 te0-3-4-0.mburncore01.aapt.net.au 
> <http://te0-3-4-0.mburncore01.aapt.net.au> (202.10.12.15) [MPLS: Label 
> 17412 Exp
>       >  7 bu2.sclarcore01.aapt.net.au 
> <http://bu2.sclarcore01.aapt.net.au> (202.10.10.74) [MPLS: Label 16702 
> Exp 1]
>       > More labels  49 ms More labels  32 ms More labels  31 ms
>       >  8 te2-2.sclardist01.aapt.net.au 
> <http://te2-2.sclardist01.aapt.net.au> (202.10.12.2) [MPLS: Label 895 
> Exp 1]  31
>       > ms  32 ms  33 ms
>       >  9  * po6.sclarbrdr01.aapt.net.au 
> <http://po6.sclarbrdr01.aapt.net.au> (202.10.14.3)  30 ms *
>       > 10  * * *
>       > 11  * * *
>
>   Here is the route taken by a Telstra subscriber in Brisbane.
>
>       >  $ traceroute to www.melbournefreeuniversity.org 
> <http://www.melbournefreeuniversity.org> 
> <http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops 
> max, 60 byte packets
>       >  1  10.205.XX.XX (10.205.XX.XX)  8.936 ms  8.989 ms 8.977 ms
>       >  2  58.160.XX.XX (58.160.XX.XX)  9.349 ms  9.425 ms 9.482 ms
>       >  3  58.160.XX.XX (58.160.XX.XX)  9.705 ms  9.765 ms 9.753 ms
>       >  4  172.18.241.105 (172.18.241.105)  12.691 ms 12.817 ms  
> 12.705 ms
>       >  5 bundle-ether10-woo10.brisbane.telstra.net 
> <http://bundle-ether10-woo10.brisbane.telstra.net> (110.142.226.13)  
> 15.426 ms  15.482 ms  14.644 ms
>       >  6 bundle-ether3.woo-core1.brisbane.telstra.net 
> <http://bundle-ether3.woo-core1.brisbane.telstra.net> (203.50.11.52)  
> 17.872 ms  12.953 ms  13.940 ms
>       >  7 bundle-ether11.chw-core2.sydney.telstra.net 
> <http://bundle-ether11.chw-core2.sydney.telstra.net> (203.50.11.70)  
> 25.653 ms  26.135 ms  26.054 ms
>       >  8 bundle-ether1.pad-gw1.sydney.telstra.net 
> <http://bundle-ether1.pad-gw1.sydney.telstra.net> (203.50.6.25)  
> 27.017 ms  27.078 ms  27.072 ms
>       >  9 gigabitethernet0-2.pad-service2.sydney.telstra.net 
> <http://gigabitethernet0-2.pad-service2.sydney.telstra.net> 
> (203.50.6.70)  24.064 ms  24.129 ms  24.111 ms
>       > 10  * *
>       > 11   *
>       > 12   *
>       > 13   *
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130411/4ed9e9d9/attachment.html>


More information about the AusNOG mailing list