[AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.
Jon Smith
smithj at shedit.net.au
Thu Apr 11 16:28:40 EST 2013
I work for a school and our web filter appliance has that IP address
catagorised as porn.
Cheers,
Jon
On 11/04/2013 3:53 PM, Danny O'Brien wrote:
> Hi AusNOG,
>
> Apologies for the interruption -- I work for the Electronic Frontier
> Foundation in the US, and usually lurk on the NANOG lists, asking the
> occasional curious question about once a decade (Including "Where did
> Egypt just go?" http://seclists.org/nanog/2011/Jan/1416 and "What
> happens when Ripe.net doesn't pay their domain fees?"
> http://seclists.org/nanog/1998/Apr/50 ).
>
> My question to this even more distinguished audience is a little
> narrower:
>
> We got a message from Melbourne Free University yesterday, whose site
> hosted at 198.136.54.104 in the US was unavailable from Optus and
> Telstra consumer users.
>
> It looks to me that this specific IP is being patchily blackholed,
> mostly from Australian addresses. My working assumption is that this
> is due to DDOS mitigation.
>
> The reason why Melbourne Free University got in touch with us, though,
> was that when they contacted their own broadband service provider.,
> Exetel, to complain, their support eventually told them that upstream,
> AAPT, was blocking it due to an Australian government request, and
> could say no more about it. (The ticket is below.)
>
> MFU is understandably a bit disturbed by such a statement from their
> ISP, as are we. I *am* at this stage assuming miscommunication rather
> than government action. I've reached out to AAPT and Exetel, and been
> banging on BGP looking glasses and traceroutes all day, and not
> getting much response, so I thought I'd broaden out the query and ask
> you all:
>
> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've
> seen people being able to reach .103 and .105 fine, but lose 104) for
> DDOS or other operational reasons?
>
> 2) Hypothetically, can anyone suggest a Federal court order or
> government process that would lead to such a blackhole for
> *non*-operational reasons?
>
> Thank you for your attention -- I hope your curiousity is as piqued as
> mine was.
>
> d.
>
> > Please note that we regret to inform that the IP address has
> been blocked
> > by Australian authority for undisclosed reasons.
> >
> > As per our supplier, due to the legal department our supplier is
> unable to
> > share any information regarding the blocking of the IP address.
> Therefore
> > we are not able to provide the details regarding who has blocked
> the IP or
> > why because the supplier wont provide these info.
> >
> > Also note that our supplier is unable to have this IP unblocked.
> >
> > Level 1 - Network Support Engineer
> > Exetel Pty Ltd
>
>
> Here is the route taken by an Exetel consumer subscriber using the
> AAPT network attempting to access the site.
>
> > $ traceroute www.melbournefreeuniversity.org
> <http://www.melbournefreeuniversity.org>
> > traceroute to melbournefreeuniversity.org
> <http://melbournefreeuniversity.org> (198.136.54.104), 64 hops max, 40
> > byte packets
> > 1 XXXXXXXXXXXXX (192.168.1.254) 1 ms 1 ms 1 ms
> > 2 XXX.XXX.96.58.static.exetel.com.au
> <http://XXX.XXX.96.58.static.exetel.com.au> (58.96.XXX.XXX) 18 ms 19
> ms 18 ms
> > 3 33.2.96.58.static.exetel.com.au
> <http://33.2.96.58.static.exetel.com.au> (58.96.2.33) 19 ms 18 ms 19 ms
> > 4 pe-5017370-mburninte01.gw.aapt.com.au
> <http://pe-5017370-mburninte01.gw.aapt.com.au> (203.174.186.73) 24
> ms 20 ms
> > 20 ms
> > 5 te3-3.mburndist01.aapt.net.au
> <http://te3-3.mburndist01.aapt.net.au> (203.131.61.30) [MPLS: Label
> 190 Exp 1]
> > 35 ms 35 ms 31 ms
> > 6 te0-3-4-0.mburncore01.aapt.net.au
> <http://te0-3-4-0.mburncore01.aapt.net.au> (202.10.12.15) [MPLS: Label
> 17412 Exp
> > 7 bu2.sclarcore01.aapt.net.au
> <http://bu2.sclarcore01.aapt.net.au> (202.10.10.74) [MPLS: Label 16702
> Exp 1]
> > More labels 49 ms More labels 32 ms More labels 31 ms
> > 8 te2-2.sclardist01.aapt.net.au
> <http://te2-2.sclardist01.aapt.net.au> (202.10.12.2) [MPLS: Label 895
> Exp 1] 31
> > ms 32 ms 33 ms
> > 9 * po6.sclarbrdr01.aapt.net.au
> <http://po6.sclarbrdr01.aapt.net.au> (202.10.14.3) 30 ms *
> > 10 * * *
> > 11 * * *
>
> Here is the route taken by a Telstra subscriber in Brisbane.
>
> > $ traceroute to www.melbournefreeuniversity.org
> <http://www.melbournefreeuniversity.org>
> <http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops
> max, 60 byte packets
> > 1 10.205.XX.XX (10.205.XX.XX) 8.936 ms 8.989 ms 8.977 ms
> > 2 58.160.XX.XX (58.160.XX.XX) 9.349 ms 9.425 ms 9.482 ms
> > 3 58.160.XX.XX (58.160.XX.XX) 9.705 ms 9.765 ms 9.753 ms
> > 4 172.18.241.105 (172.18.241.105) 12.691 ms 12.817 ms
> 12.705 ms
> > 5 bundle-ether10-woo10.brisbane.telstra.net
> <http://bundle-ether10-woo10.brisbane.telstra.net> (110.142.226.13)
> 15.426 ms 15.482 ms 14.644 ms
> > 6 bundle-ether3.woo-core1.brisbane.telstra.net
> <http://bundle-ether3.woo-core1.brisbane.telstra.net> (203.50.11.52)
> 17.872 ms 12.953 ms 13.940 ms
> > 7 bundle-ether11.chw-core2.sydney.telstra.net
> <http://bundle-ether11.chw-core2.sydney.telstra.net> (203.50.11.70)
> 25.653 ms 26.135 ms 26.054 ms
> > 8 bundle-ether1.pad-gw1.sydney.telstra.net
> <http://bundle-ether1.pad-gw1.sydney.telstra.net> (203.50.6.25)
> 27.017 ms 27.078 ms 27.072 ms
> > 9 gigabitethernet0-2.pad-service2.sydney.telstra.net
> <http://gigabitethernet0-2.pad-service2.sydney.telstra.net>
> (203.50.6.70) 24.064 ms 24.129 ms 24.111 ms
> > 10 * *
> > 11 *
> > 12 *
> > 13 *
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130411/4ed9e9d9/attachment.html>
More information about the AusNOG
mailing list