[AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.
Chris Barnes
chris.p.barnes at gmail.com
Thu Apr 11 17:05:30 EST 2013
works fine through Primus.
On Thu, Apr 11, 2013 at 3:53 PM, Danny O'Brien <danny at spesh.com> wrote:
> Hi AusNOG,
>
> Apologies for the interruption -- I work for the Electronic Frontier
> Foundation in the US, and usually lurk on the NANOG lists, asking the
> occasional curious question about once a decade (Including "Where did Egypt
> just go?" http://seclists.org/nanog/2011/Jan/1416 and "What happens when
> Ripe.net doesn't pay their domain fees?"
> http://seclists.org/nanog/1998/Apr/50 ).
>
> My question to this even more distinguished audience is a little narrower:
>
> We got a message from Melbourne Free University yesterday, whose site
> hosted at 198.136.54.104 in the US was unavailable from Optus and Telstra
> consumer users.
>
> It looks to me that this specific IP is being patchily blackholed, mostly
> from Australian addresses. My working assumption is that this is due to
> DDOS mitigation.
>
> The reason why Melbourne Free University got in touch with us, though, was
> that when they contacted their own broadband service provider., Exetel, to
> complain, their support eventually told them that upstream, AAPT, was
> blocking it due to an Australian government request, and could say no more
> about it. (The ticket is below.)
>
> MFU is understandably a bit disturbed by such a statement from their ISP,
> as are we. I *am* at this stage assuming miscommunication rather than
> government action. I've reached out to AAPT and Exetel, and been banging on
> BGP looking glasses and traceroutes all day, and not getting much response,
> so I thought I'd broaden out the query and ask you all:
>
> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've seen
> people being able to reach .103 and .105 fine, but lose 104) for DDOS or
> other operational reasons?
>
> 2) Hypothetically, can anyone suggest a Federal court order or government
> process that would lead to such a blackhole for *non*-operational reasons?
>
> Thank you for your attention -- I hope your curiousity is as piqued as
> mine was.
>
> d.
>
> > Please note that we regret to inform that the IP address has been
> blocked
> > by Australian authority for undisclosed reasons.
> >
> > As per our supplier, due to the legal department our supplier is
> unable to
> > share any information regarding the blocking of the IP address.
> Therefore
> > we are not able to provide the details regarding who has blocked the
> IP or
> > why because the supplier wont provide these info.
> >
> > Also note that our supplier is unable to have this IP unblocked.
> >
> > Level 1 - Network Support Engineer
> > Exetel Pty Ltd
>
>
> Here is the route taken by an Exetel consumer subscriber using the AAPT
> network attempting to access the site.
>
> > $ traceroute www.melbournefreeuniversity.org
> > traceroute to melbournefreeuniversity.org (198.136.54.104), 64
> hops max, 40
> > byte packets
> > 1 XXXXXXXXXXXXX (192.168.1.254) 1 ms 1 ms 1 ms
> > 2 XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX) 18 ms 19
> ms 18 ms
> > 3 33.2.96.58.static.exetel.com.au (58.96.2.33) 19 ms 18 ms
> 19 ms
> > 4 pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73) 24
> ms 20 ms
> > 20 ms
> > 5 te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS: Label
> 190 Exp 1]
> > 35 ms 35 ms 31 ms
> > 6 te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS: Label
> 17412 Exp
> > 7 bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label 16702
> Exp 1]
> > More labels 49 ms More labels 32 ms More labels 31 ms
> > 8 te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label 895
> Exp 1] 31
> > ms 32 ms 33 ms
> > 9 * po6.sclarbrdr01.aapt.net.au (202.10.14.3) 30 ms *
> > 10 * * *
> > 11 * * *
>
> Here is the route taken by a Telstra subscriber in Brisbane.
>
> > $ traceroute to www.melbournefreeuniversity.org <
> http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops max, 60
> byte packets
> > 1 10.205.XX.XX (10.205.XX.XX) 8.936 ms 8.989 ms 8.977 ms
> > 2 58.160.XX.XX (58.160.XX.XX) 9.349 ms 9.425 ms 9.482 ms
> > 3 58.160.XX.XX (58.160.XX.XX) 9.705 ms 9.765 ms 9.753 ms
> > 4 172.18.241.105 (172.18.241.105) 12.691 ms 12.817 ms 12.705
> ms
> > 5 bundle-ether10-woo10.brisbane.telstra.net (110.142.226.13)
> 15.426 ms 15.482 ms 14.644 ms
> > 6 bundle-ether3.woo-core1.brisbane.telstra.net (203.50.11.52)
> 17.872 ms 12.953 ms 13.940 ms
> > 7 bundle-ether11.chw-core2.sydney.telstra.net (203.50.11.70)
> 25.653 ms 26.135 ms 26.054 ms
> > 8 bundle-ether1.pad-gw1.sydney.telstra.net (203.50.6.25)
> 27.017 ms 27.078 ms 27.072 ms
> > 9 gigabitethernet0-2.pad-service2.sydney.telstra.net(203.50.6.70) 24.064 ms 24.129 ms 24.111 ms
> > 10 * *
> > 11 *
> > 12 *
> > 13 *
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
--
Kind Regards,
Christopher Barnes
e. chris.p.barnes at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130411/795cef57/attachment.html>
More information about the AusNOG
mailing list