[AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Jacob Bisby Jacob.Bisby at t-gcorp.com
Thu Apr 11 16:39:46 EST 2013


Trace from Amcom fibre Perth:

Tracing route to active.host-care.com [198.136.54.104]
over a maximum of 30 hops:

  1
  2
  3    12 ms     2 ms     2 ms  te8-1.cr01.wa.amcom.net.au [203.161.64.62]
  4     2 ms     7 ms     2 ms  te3-1.br01.wa.amcom.net.au [203.161.65.61]
  5    54 ms    54 ms    54 ms  vlan462.o6ss.optus.net.au [59.154.14.113]
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *     ^C


Pinging 198.136.54.104 with 32 bytes of data:
Request timed out.

-Jacob Bisby

-----Original Message-----
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Serge Malev
Sent: Thursday, 11 April 2013 2:32 PM
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Also, going out of Exetel. .104 hits an extra Exetel address. They all seem to converge upstream at Lvel3.net with some differences.
What is that hostdime.com host that pops up in 104 trace and is absent in others?


PING 198.136.54.104 (198.136.54.104) 56(84) bytes of data.
64 bytes from 198.136.54.104: icmp_seq=1 ttl=47 time=279 ms
64 bytes from 198.136.54.104: icmp_seq=2 ttl=47 time=279 ms
64 bytes from 198.136.54.104: icmp_seq=3 ttl=49 time=235 ms

--- 198.136.54.104 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 235.520/264.843/279.755/20.744 ms


traceroute to 198.136.54.104 (198.136.54.104), 30 hops max, 40 byte packets
 1
 2
 3  49.198.233.220.static.exetel.com.au (220.233.198.49)  26.742 ms  25.988 ms  27.287 ms
 4  129.6.96.58.static.exetel.com.au (58.96.6.129)  8.258 ms  8.168 ms  8.541 ms
 5  57.1.96.58.static.exetel.com.au (58.96.1.57)  9.182 ms  9.555 ms  9.466 ms
 6  GigabitEthernet4-0-0.GW11.SYD2.ALTER.NET (203.166.42.101)  9.837 ms  3.823 ms  4.003 ms
 7  0.ge-7-3-0.XT4.SYD2.Alter.Net (210.80.34.241)  7.577 ms  7.301 ms  7.206 ms
 8  0.ge-6-0-0.IL2.SAC2.Alter.Net (210.80.51.114)  158.376 ms  158.453 ms  158.598 ms
 9  0.xe-3-3-0.IL4.SAC1.ALTER.NET (152.63.48.113)  185.832 ms  185.883 ms  185.815 ms
10  0.xe-11-0-0.BR1.LAX15.ALTER.NET (152.63.114.181)  174.054 ms  174.276 ms  174.422 ms
11  ae6.edge1.LosAngeles9.level3.net (4.68.62.169)  160.217 ms  155.029 ms  155.179 ms
12  vlan70.csw2.SanJose1.Level3.net (4.69.152.126)  224.915 ms vlan90.csw4.LosAngeles1.Level3.net (4.69.144.254)  213.896 ms vlan80.csw3.LosAngeles1.Level3.net (4.69.144.190)  225.017 ms
13  ae-92-92.ebr2.LosAngeles1.Level3.net (4.69.137.29)  244.959 ms ae-72-72.ebr2.SanJose1.Level3.net (4.69.153.21)  220.310 ms ae-92-92.ebr2.LosAngeles1.Level3.net (4.69.137.29)  247.502 ms
14  ae-2-2.ebr2.SanJose5.Level3.net (4.69.148.141)  228.286 ms ae-5-5.ebr1.SanJose5.Level3.net (4.69.148.137)  223.729 ms  223.640 ms
15  ae-7-7.ebr3.Atlanta2.Level3.net (4.69.134.22)  221.358 ms * ae-7-7.ebr3.Atlanta2.Level3.net (4.69.134.22)  221.719 ms
16  ae-6-6.ebr2.LosAngeles1.Level3.net (4.69.148.201)  225.681 ms  225.591 ms ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242)  222.941 ms
17  ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149)  249.094 ms  282.764 ms ae-7-7.ebr3.Atlanta2.Level3.net (4.69.134.22)  229.154 ms
18  ten-7-4.edge1.level3.mco01.hostdime.com (67.30.140.198)  246.879 ms ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242)  227.231 ms ten-7-4.edge1.level3.mco01.hostdime.com (67.30.140.198)  227.938 ms
19  * * ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242)  224.508 ms
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *


telnet 198.136.54.104  80
Trying 198.136.54.104...
Connected to 198.136.54.104.
Escape character is '^]'.
GET /
<html><head><META HTTP-EQUIV="refresh" CONTENT="0;URL=/cgi-sys/defaultwebpage.cgi"></head><body></body></html>
Connection closed by foreign host.


traceroute to 198.136.54.103 (198.136.54.103), 30 hops max, 40 byte packets
 1
 2
 3  49.198.233.220.static.exetel.com.au (220.233.198.49)  8.699 ms  8.590 ms  8.497 ms
 4  129.6.96.58.static.exetel.com.au (58.96.6.129)  8.391 ms  8.292 ms  8.668 ms
 5  pe-5017319-sclarinte01.gw.aapt.com.au (203.174.185.153)  48.054 ms  55.533 ms  57.946 ms
 6  * * *
 7  xe-0-1-0-400.sgbr2.global-gateway.net.nz (122.56.118.189)  4.363 ms  5.804 ms  5.656 ms
 8  * * *
 9  * * *
10  * * *
11  * * *
12  te-7-4.car2.SanJose2.Level3.net (4.59.4.93)  156.906 ms  167.128 ms  159.344 ms
13  vlan70.csw2.SanJose1.Level3.net (4.69.152.126)  221.767 ms  224.316 ms  221.131 ms
14  ae-71-71.ebr1.SanJose1.Level3.net (4.69.153.5)  249.990 ms  248.958 ms  248.461 ms
15  ae-2-2.ebr2.SanJose5.Level3.net (4.69.148.141)  221.661 ms  222.767 ms ae-5-5.ebr1.SanJose5.Level3.net (4.69.148.137)  217.509 ms
16  ae-1-100.ebr2.SanJose5.Level3.net (4.69.148.110)  217.147 ms ae-6-6.ebr2.LosAngeles1.Level3.net (4.69.148.201)  217.075 ms  217.169 ms
17  ae-6-6.ebr2.LosAngeles1.Level3.net (4.69.148.201)  217.501 ms  216.993 ms ae-3-3.ebr3.Dallas1.Level3.net (4.69.132.78)  220.365 ms
18  ae-3-3.ebr3.Dallas1.Level3.net (4.69.132.78)  217.345 ms ae-7-7.ebr3.Atlanta2.Level3.net (4.69.134.22)  221.709 ms  221.805 ms
19  ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242)  221.351 ms ae-7-7.ebr3.Atlanta2.Level3.net (4.69.134.22)  221.766 ms  221.527 ms
20  ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242)  224.412 ms  224.937 ms ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149)  251.317 ms
21  ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149)  251.211 ms  251.367 ms *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *


traceroute to 198.136.54.105 (198.136.54.105), 30 hops max, 40 byte packets
 1
 2
 3  49.198.233.220.static.exetel.com.au (220.233.198.49)  8.735 ms  8.652 ms  8.563 ms
 4  129.6.96.58.static.exetel.com.au (58.96.6.129)  8.960 ms  8.863 ms  9.480 ms
 5  pe-5017319-sclarinte01.gw.aapt.com.au (203.174.185.153)  9.504 ms  9.663 ms  9.770 ms
 6  * * *
 7  xe-7-0-0-420.sgbr2.global-gateway.net.nz (202.50.233.5)  4.166 ms  3.816 ms  7.421 ms
 8  * * *
 9  * * *
10  * * *
11  * * *
12  te-7-4.car2.SanJose2.Level3.net (4.59.4.93)  157.021 ms  156.628 ms  167.776 ms
13  vlan70.csw2.SanJose1.Level3.net (4.69.152.126)  224.730 ms  224.694 ms  227.316 ms
14  ae-72-72.ebr2.SanJose1.Level3.net (4.69.153.21)  217.639 ms ae-71-71.ebr1.SanJose1.Level3.net (4.69.153.5)  249.203 ms  248.917 ms
15  ae-5-5.ebr1.SanJose5.Level3.net (4.69.148.137)  217.128 ms ae-2-2.ebr2.SanJose5.Level3.net (4.69.148.141)  221.615 ms ae-5-5.ebr1.SanJose5.Level3.net (4.69.148.137)  217.193 ms
16  ae-1-100.ebr2.SanJose5.Level3.net (4.69.148.110)  217.225 ms ae-6-6.ebr2.LosAngeles1.Level3.net (4.69.148.201)  217.935 ms  218.548 ms
17  ae-3-3.ebr3.Dallas1.Level3.net (4.69.132.78)  217.675 ms ae-6-6.ebr2.LosAngeles1.Level3.net (4.69.148.201)  217.590 ms ae-3-3.ebr3.Dallas1.Level3.net (4.69.132.78)  217.209 ms
18  ae-7-7.ebr3.Atlanta2.Level3.net (4.69.134.22)  221.724 ms  221.717 ms  221.562 ms
19  ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242)  225.467 ms ae-7-7.ebr3.Atlanta2.Level3.net (4.69.134.22)  221.553 ms ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242)  221.169 ms
20  ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149)  254.873 ms  251.948 ms ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242)  224.216 ms
21  ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149)  252.081 ms  251.051 ms  252.687 ms
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  *



-----Original Message-----
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Heinz N
Sent: Thursday, 11 April 2013 16:08
To: Danny O'Brien
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Hi Danny,

I am on an Exetel link and my traceroute shows some very different routes for the 104 as opposed to the 103 & 105. Something IS going on! I can get to port 80 on 103 & 105 but not 104. Typical of the "we know what's best for you and you don't need to be told the details" attitude of our government.

---------------------------------------------
traceroute -n 198.136.54.104
traceroute to 198.136.54.104 (198.136.54.104), 30 hops max, 60 byte  packets
  1  Router  0.235 ms  0.204 ms  0.194 ms
  2  * * *
  3  58.96.2.33  25.566 ms  27.252 ms  28.221 ms
  4  203.174.186.73  33.199 ms  34.178 ms  34.332 ms
  5  203.131.61.30  46.968 ms  46.982 ms  49.600 ms
  6  202.10.12.139  50.068 ms  50.976 ms  52.446 ms
  7  202.10.12.17  54.423 ms  36.774 ms  35.489 ms
  8  202.10.10.72  34.826 ms  31.722 ms  31.526 ms
  9  202.10.12.4  34.503 ms  32.922 ms  33.830 ms
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

--------------------------------------------

traceroute -n 198.136.54.103 (& 105)
traceroute to 198.136.54.103 (198.136.54.103), 30 hops max, 60 byte packets
  1  Router  0.228 ms  0.203 ms  0.234 ms
  2  * * *
  3  58.96.2.3  24.980 ms  26.197 ms  27.674 ms
  4  203.166.42.77  29.854 ms  31.303 ms  32.276 ms
  5  210.80.33.109  32.999 ms  33.765 ms  35.161 ms
  6  210.80.33.9  49.709 ms  49.831 ms  50.550 ms
  7  210.80.51.114  234.473 ms  213.570 ms 210.80.48.117  186.480 ms
  8  152.63.48.113  188.445 ms  188.414 ms  187.767 ms
  9  152.63.51.101  188.494 ms 152.63.114.181  184.539 ms  184.995 ms
10  4.68.62.169  189.190 ms 4.68.62.109  186.897 ms 4.68.62.169  188.203 ms
11  4.69.152.126  250.829 ms 4.69.152.190  292.599 ms 4.69.152.254  253.246 ms
12  4.69.153.25  250.553 ms 4.69.153.21  281.878 ms 4.69.153.9  281.659 ms
13  4.69.132.78  249.262 ms 4.69.148.141  251.259 ms 4.69.132.78  245.866 ms
14  4.69.134.22  244.237 ms  243.399 ms 4.69.148.110  253.283 ms
15  4.69.148.242  255.220 ms 4.69.132.78  252.974 ms  252.684 ms
16  4.69.134.22  251.069 ms 4.69.137.149  244.826 ms 4.69.132.78  254.476 ms
17  4.69.134.22  253.005 ms  250.985 ms  251.305 ms
18  4.69.137.149  249.989 ms 4.69.148.242  249.474 ms *
19  67.30.140.198  254.891 ms * 4.69.137.149  249.451 ms
20  67.30.140.198  252.693 ms * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Regards,
Heinz N


On Wed, 10 Apr 2013, Danny O'Brien wrote:

> Hi AusNOG,
>
> Apologies for the interruption -- I work for the Electronic Frontier
> Foundation in the US, and usually lurk on the NANOG lists, asking the
> occasional curious question about once a decade (Including "Where did
> Egypt just go?" http://seclists.org/nanog/2011/Jan/1416 and "What
> happens when Ripe.net doesn't pay their domain fees?"
> http://seclists.org/nanog/1998/Apr/50 ).
>
> My question to this even more distinguished audience is a little narrower:
>
> We got a message from Melbourne Free University yesterday, whose site
> hosted at 198.136.54.104 in the US was unavailable from Optus and
> Telstra consumer users.
>
> It looks to me that this specific IP is being patchily blackholed,
> mostly from Australian addresses. My working assumption is that this
> is due to DDOS mitigation.
>
> The reason why Melbourne Free University got in touch with us, though,
> was that when they contacted their own broadband service provider.,
> Exetel, to complain, their support eventually told them that upstream,
> AAPT, was blocking it due to an Australian government request, and
> could say no more about it. (The ticket is below.)
>
> MFU is understandably a bit disturbed by such a statement from their
> ISP, as are we. I *am* at this stage assuming miscommunication rather
> than government action. I've reached out to AAPT and Exetel, and been
> banging on BGP looking glasses and traceroutes all day, and not
> getting much response, so I thought I'd broaden out the query and ask you all:
>
> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've
> seen people being able to reach .103 and .105 fine, but lose 104) for
> DDOS or other operational reasons?
>
> 2) Hypothetically, can anyone suggest a Federal court order or
> government process that would lead to such a blackhole for *non*-operational reasons?
>
> Thank you for your attention -- I hope your curiousity is as piqued as
> mine was.
>
> d.
>
> >     Please note that we regret to inform that the IP address has
> >been
> blocked
> >     by Australian authority for undisclosed reasons.
> >
> >     As per our supplier, due to the legal department our supplier is
> unable to
> >     share any information regarding the blocking of the IP address.
> Therefore
> >     we are not able to provide the details regarding who has blocked
> >the
> IP or
> >     why because the supplier wont provide these info.
> >
> >     Also note that our supplier is unable to have this IP unblocked.
> >
> >     Level 1 - Network Support Engineer
> >     Exetel Pty Ltd
>
>
>  Here is the route taken by an Exetel consumer subscriber using the
> AAPT network attempting to access the site.
>
>       > $ traceroute www.melbournefreeuniversity.org
>       > traceroute to melbournefreeuniversity.org (198.136.54.104), 64
> hops max, 40
>       > byte packets
>       >  1  XXXXXXXXXXXXX (192.168.1.254)  1 ms  1 ms  1 ms
>       >  2  XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX)  18 ms
> 19 ms  18 ms
>       >  3  33.2.96.58.static.exetel.com.au (58.96.2.33)  19 ms  18 ms
> 19 ms
>       >  4  pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73)  24
> ms
> 20 ms
>       > 20 ms
>       >  5  te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS: Label
> 190 Exp 1]
>       > 35 ms  35 ms  31 ms
>       >  6  te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS:
> Label
> 17412 Exp
>       >  7  bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label
> 16702 Exp 1]
>       > More labels  49 ms More labels  32 ms More labels  31 ms
>       >  8  te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label
> 895 Exp 1]  31
>       > ms  32 ms  33 ms
>       >  9  * po6.sclarbrdr01.aapt.net.au (202.10.14.3)  30 ms *
>       > 10  * * *
>       > 11  * * *
>
>   Here is the route taken by a Telstra subscriber in Brisbane.
>
>       >  $ traceroute to www.melbournefreeuniversity.org
> <http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops
> max, 60 byte packets
>       >  1  10.205.XX.XX (10.205.XX.XX)  8.936 ms  8.989 ms  8.977 ms
>       >  2  58.160.XX.XX (58.160.XX.XX)  9.349 ms  9.425 ms  9.482 ms
>       >  3  58.160.XX.XX (58.160.XX.XX)  9.705 ms  9.765 ms  9.753 ms
>       >  4  172.18.241.105 (172.18.241.105)  12.691 ms  12.817 ms
> 12.705 ms
>       >  5  bundle-ether10-woo10.brisbane.telstra.net (110.142.226.13)
> 15.426 ms  15.482 ms  14.644 ms
>       >  6  bundle-ether3.woo-core1.brisbane.telstra.net
> (203.50.11.52)
> 17.872 ms  12.953 ms  13.940 ms
>       >  7  bundle-ether11.chw-core2.sydney.telstra.net (203.50.11.70)
> 25.653 ms  26.135 ms  26.054 ms
>       >  8  bundle-ether1.pad-gw1.sydney.telstra.net (203.50.6.25)
> 27.017 ms  27.078 ms  27.072 ms
>       >  9  gigabitethernet0-2.pad-service2.sydney.telstra.net
> (203.50.6.70)  24.064 ms  24.129 ms  24.111 ms
>       > 10  * *
>       > 11   *
>       > 12   *
>       > 13   *
>
>
>
>

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list