[AusNOG] Fwd: Understanding lack of Aus connectivity to melbournefreeuniversity.org.
Robert Tozer
robert.tozer at aapt.com.au
Thu Apr 11 16:39:01 EST 2013
case being raised
will provide case ID shortly
---------- Forwarded message ----------
From: Danny O'Brien <danny at spesh.com>
Date: 11 April 2013 15:53
Subject: [AusNOG] Understanding lack of Aus connectivity to
melbournefreeuniversity.org.
To: ausnog at lists.ausnog.net
Hi AusNOG,
Apologies for the interruption -- I work for the Electronic Frontier
Foundation in the US, and usually lurk on the NANOG lists, asking the
occasional curious question about once a decade (Including "Where did Egypt
just go?" http://seclists.org/nanog/2011/Jan/1416 and "What happens when
Ripe.net doesn't pay their domain fees?"
http://seclists.org/nanog/1998/Apr/50 ).
My question to this even more distinguished audience is a little narrower:
We got a message from Melbourne Free University yesterday, whose site
hosted at 198.136.54.104 in the US was unavailable from Optus and Telstra
consumer users.
It looks to me that this specific IP is being patchily blackholed, mostly
from Australian addresses. My working assumption is that this is due to
DDOS mitigation.
The reason why Melbourne Free University got in touch with us, though, was
that when they contacted their own broadband service provider., Exetel, to
complain, their support eventually told them that upstream, AAPT, was
blocking it due to an Australian government request, and could say no more
about it. (The ticket is below.)
MFU is understandably a bit disturbed by such a statement from their ISP,
as are we. I *am* at this stage assuming miscommunication rather than
government action. I've reached out to AAPT and Exetel, and been banging on
BGP looking glasses and traceroutes all day, and not getting much response,
so I thought I'd broaden out the query and ask you all:
1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've seen
people being able to reach .103 and .105 fine, but lose 104) for DDOS or
other operational reasons?
2) Hypothetically, can anyone suggest a Federal court order or government
process that would lead to such a blackhole for *non*-operational reasons?
Thank you for your attention -- I hope your curiousity is as piqued as mine
was.
d.
> Please note that we regret to inform that the IP address has been
blocked
> by Australian authority for undisclosed reasons.
>
> As per our supplier, due to the legal department our supplier is
unable to
> share any information regarding the blocking of the IP address.
Therefore
> we are not able to provide the details regarding who has blocked the
IP or
> why because the supplier wont provide these info.
>
> Also note that our supplier is unable to have this IP unblocked.
>
> Level 1 - Network Support Engineer
> Exetel Pty Ltd
Here is the route taken by an Exetel consumer subscriber using the AAPT
network attempting to access the site.
> $ traceroute www.melbournefreeuniversity.org
> traceroute to melbournefreeuniversity.org (198.136.54.104), 64 hops
max, 40
> byte packets
> 1 XXXXXXXXXXXXX (192.168.1.254) 1 ms 1 ms 1 ms
> 2 XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX) 18 ms 19
ms 18 ms
> 3 33.2.96.58.static.exetel.com.au (58.96.2.33) 19 ms 18 ms 19
ms
> 4 pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73) 24 ms
20 ms
> 20 ms
> 5 te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS: Label 190
Exp 1]
> 35 ms 35 ms 31 ms
> 6 te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS: Label
17412 Exp
> 7 bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label 16702
Exp 1]
> More labels 49 ms More labels 32 ms More labels 31 ms
> 8 te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label 895
Exp 1] 31
> ms 32 ms 33 ms
> 9 * po6.sclarbrdr01.aapt.net.au (202.10.14.3) 30 ms *
> 10 * * *
> 11 * * *
Here is the route taken by a Telstra subscriber in Brisbane.
> $ traceroute to www.melbournefreeuniversity.org <
http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops max, 60
byte packets
> 1 10.205.XX.XX (10.205.XX.XX) 8.936 ms 8.989 ms 8.977 ms
> 2 58.160.XX.XX (58.160.XX.XX) 9.349 ms 9.425 ms 9.482 ms
> 3 58.160.XX.XX (58.160.XX.XX) 9.705 ms 9.765 ms 9.753 ms
> 4 172.18.241.105 (172.18.241.105) 12.691 ms 12.817 ms 12.705 ms
> 5 bundle-ether10-woo10.brisbane.telstra.net (110.142.226.13)
15.426 ms 15.482 ms 14.644 ms
> 6 bundle-ether3.woo-core1.brisbane.telstra.net (203.50.11.52)
17.872 ms 12.953 ms 13.940 ms
> 7 bundle-ether11.chw-core2.sydney.telstra.net (203.50.11.70)
25.653 ms 26.135 ms 26.054 ms
> 8 bundle-ether1.pad-gw1.sydney.telstra.net (203.50.6.25) 27.017
ms 27.078 ms 27.072 ms
> 9 gigabitethernet0-2.pad-service2.sydney.telstra.net(203.50.6.70)
24.064 ms 24.129 ms 24.111 ms
> 10 * *
> 11 *
> 12 *
> 13 *
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
--
*Robert Tozer**
**Head of AAPT Customer Service*
Level 1, 30 Ross St, Glebe 2037
P (02) 9009 1042 F (02) 9009 1705 M 0416 224 513
robert.tozer at aapt.com.au
This communication, including any attachments, is confidential. If you are not the intended
recipient, you should not read it - please contact me immediately, destroy it, and do not
copy or use any part of this communication or disclose anything about it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130411/300bb645/attachment.html>
More information about the AusNOG
mailing list