[AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Chris Barnes chris.p.barnes at gmail.com
Thu Apr 11 17:05:30 EST 2013


works fine through Primus.


On Thu, Apr 11, 2013 at 3:53 PM, Danny O'Brien <danny at spesh.com> wrote:

> Hi AusNOG,
>
> Apologies for the interruption -- I work for the Electronic Frontier
> Foundation in the US, and usually lurk on the NANOG lists, asking the
> occasional curious question about once a decade (Including "Where did Egypt
> just go?" http://seclists.org/nanog/2011/Jan/1416 and "What happens when
> Ripe.net doesn't pay their domain fees?"
> http://seclists.org/nanog/1998/Apr/50 ).
>
> My question to this even more distinguished audience is a little narrower:
>
> We got a message from Melbourne Free University yesterday, whose site
> hosted at 198.136.54.104 in the US was unavailable from Optus and Telstra
> consumer users.
>
> It looks to me that this specific IP is being patchily blackholed, mostly
> from Australian addresses. My working assumption is that this is due to
> DDOS mitigation.
>
> The reason why Melbourne Free University got in touch with us, though, was
> that when they contacted their own broadband service provider., Exetel, to
> complain, their support eventually told them that upstream, AAPT, was
> blocking it due to an Australian government request, and could say no more
> about it. (The ticket is below.)
>
> MFU is understandably a bit disturbed by such a statement from their ISP,
> as are we. I *am* at this stage assuming miscommunication rather than
> government action. I've reached out to AAPT and Exetel, and been banging on
> BGP looking glasses and traceroutes all day, and not getting much response,
> so I thought I'd broaden out the query and ask you all:
>
> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've seen
> people being able to reach .103 and .105 fine, but lose 104) for DDOS or
> other operational reasons?
>
> 2) Hypothetically, can anyone suggest a Federal court order or government
> process that would lead to such a blackhole for *non*-operational reasons?
>
> Thank you for your attention -- I hope your curiousity is as piqued as
> mine was.
>
> d.
>
> >     Please note that we regret to inform that the IP address has been
> blocked
> >     by Australian authority for undisclosed reasons.
> >
> >     As per our supplier, due to the legal department our supplier is
> unable to
> >     share any information regarding the blocking of the IP address.
> Therefore
> >     we are not able to provide the details regarding who has blocked the
> IP or
> >     why because the supplier wont provide these info.
> >
> >     Also note that our supplier is unable to have this IP unblocked.
> >
> >     Level 1 - Network Support Engineer
> >     Exetel Pty Ltd
>
>
>  Here is the route taken by an Exetel consumer subscriber using the AAPT
> network attempting to access the site.
>
>       > $ traceroute www.melbournefreeuniversity.org
>       > traceroute to melbournefreeuniversity.org (198.136.54.104), 64
> hops max, 40
>       > byte packets
>       >  1  XXXXXXXXXXXXX (192.168.1.254)  1 ms  1 ms  1 ms
>       >  2  XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX)  18 ms  19
> ms  18 ms
>       >  3  33.2.96.58.static.exetel.com.au (58.96.2.33)  19 ms  18 ms
> 19 ms
>       >  4  pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73)  24
> ms  20 ms
>       > 20 ms
>       >  5  te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS: Label
> 190 Exp 1]
>       > 35 ms  35 ms  31 ms
>       >  6  te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS: Label
> 17412 Exp
>       >  7  bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label 16702
> Exp 1]
>       > More labels  49 ms More labels  32 ms More labels  31 ms
>       >  8  te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label 895
> Exp 1]  31
>       > ms  32 ms  33 ms
>       >  9  * po6.sclarbrdr01.aapt.net.au (202.10.14.3)  30 ms *
>       > 10  * * *
>       > 11  * * *
>
>   Here is the route taken by a Telstra subscriber in Brisbane.
>
>       >  $ traceroute to www.melbournefreeuniversity.org <
> http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops max, 60
> byte packets
>       >  1  10.205.XX.XX (10.205.XX.XX)  8.936 ms  8.989 ms  8.977 ms
>       >  2  58.160.XX.XX (58.160.XX.XX)  9.349 ms  9.425 ms  9.482 ms
>       >  3  58.160.XX.XX (58.160.XX.XX)  9.705 ms  9.765 ms  9.753 ms
>       >  4  172.18.241.105 (172.18.241.105)  12.691 ms  12.817 ms  12.705
> ms
>       >  5  bundle-ether10-woo10.brisbane.telstra.net (110.142.226.13)
> 15.426 ms  15.482 ms  14.644 ms
>       >  6  bundle-ether3.woo-core1.brisbane.telstra.net (203.50.11.52)
> 17.872 ms  12.953 ms  13.940 ms
>       >  7  bundle-ether11.chw-core2.sydney.telstra.net (203.50.11.70)
> 25.653 ms  26.135 ms  26.054 ms
>       >  8  bundle-ether1.pad-gw1.sydney.telstra.net (203.50.6.25)
> 27.017 ms  27.078 ms  27.072 ms
>       >  9  gigabitethernet0-2.pad-service2.sydney.telstra.net(203.50.6.70)  24.064 ms  24.129 ms  24.111 ms
>       > 10  * *
>       > 11   *
>       > 12   *
>       > 13   *
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>


-- 
Kind Regards,

Christopher Barnes

e. chris.p.barnes at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130411/795cef57/attachment.html>


More information about the AusNOG mailing list