[AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.
McDonald Richards
McDonald.Richards at vocus.com.au
Sat Apr 13 17:39:04 EST 2013
The lack of response is less about conspiracy and more about apathy.
Anyone from an operator (once upon a time, every list member) who responds knows that their comments are just going to be journo bait for a slow news day.
Macca
On 13/04/2013, at 3:35 PM, "Danny O'Brien" <danny at spesh.com<mailto:danny at spesh.com>> wrote:
On Fri, Apr 12, 2013 at 8:07 PM, McDonald Richards <McDonald.Richards at vocus.com.au<mailto:McDonald.Richards at vocus.com.au>> wrote:
I think you're reading far too much into this.
I hope I'm not confusing matters here. I'd be as surprised and as shocked as you would be if this turned out to be a case of a secret government order to block an IP. I'm just trying to clarify the statements made by others in this thread that implied that, actually, secret government orders to block IPs are something for which there is an established precedent.
It is absolutely the case that there are many many reasons for IPs being blocked, including DDOS mitigation, and responses to abuse reports. We all understand this. The only reason this one particular issue raised any questions at all is because AATP apparently told their downstream provider that this IP was blocked because of a government order and that they aren't allowed to talk about it, a message which downstream apparently relayed to their customers. Then Robert said on this list and to me privately that he'd raise a ticket, and would give the number out, then followed that by simply announcing that the IP was blocked, and adding nothing more. Tim later spoke to a representative (I'm assuming it was Robert) who stated that it wasn't the voluntary blacklist but "something else", but would not say what it was, and refused to confirm or deny it was a government order.
As far as this particular block is concerned, I am pretty much still just looking for, as I asked at the very beginning of this thread, a message that said "yes we blocked this IP for operational reasons", and give some reasoning behind it. I'm not even going to expect that right now, because it's a weekend. I assume we'll find out more on Monday.
Meanwhile, Bevan came on this thread and said that "You get a notice to block. You block or either get fined, go to jail or lose your carrier licence. It is a blunt instrument and it is a condition of being at "the big boys table" i.e. you're a carrier or a carriage service provider." Taking him at his word, I asked if law enforcement orders blocking websites happens outside the voluntary filter, in order to understand a little more about the judicial oversight and minimization processes that goes into managing such blocks. Even Tim is saying that LEAs sometimes require ISPs to blackhole IP addresses. People do seem to oscillate between claiming this happens as a matter of course, and then talking about interception orders, which are an entirely different kettle of fish.
I'm trying very hard not to read too much into ISPs telling me they are responding to government blocking orders, and other people who run ISPs rushing to confirm that this is the case. There seems a pretty easy way to settle this argument though:
Could someone who has experience dealing with such requests explicitly confirm or deny that the Australian government or judiciary sometimes expects and/or requires Australian ISPs to block IPs or websites as part of their obligations under the law, entirely apart from the voluntary blacklist regime?
d.
If you spam, and you cause abuse tickets, your IP is probably going to get blocked.
If you host questionable content (and its not "controversial viewpoints" - I'm talking the stuff we all know should not even exist, let alone be on the web), your IP is probably going to get blocked.
If you run an open DNS resolver and you participate in DDOS activity, your IP is probably going to get blocked.
If you participate in port scanning activities and trigger alarms from overseas honeypots and dark nets, your IP is probably going to get blocked.
Most networks have acceptable usage policies, and if they don't, their upstream providers probably do. If activity on a shared host triggers any sort of alarms upstream, it's generally easier to act first and ask questions later to contain the amount of background noise we already have on an increasingly noisy Internet.
If your content is important and you're worried about impact to service due to shared hosting activity, put it on a dedicated host. You get what you pay for. Buyer beware. Etc etc.
They should be taking this up with their host, and their host with their NSPs. If the content is that important, move it to a new IP and update your DNS record.
There's no government conspiracy and nothing to see here.
Macca
Someone who blocks hosts that shit up the Internet from time to time
From: Danny O'Brien <danny at spesh.com<mailto:danny at spesh.com>>
Date: Saturday, 13 April 2013 12:56 PM
To: Nathan Nogic <nathan at mds.au.com<mailto:nathan at mds.au.com>>
Cc: "ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>" <ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>>
Subject: Re: [AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org<http://melbournefreeuniversity.org>.
On Fri, Apr 12, 2013 at 7:40 PM, Nathan Nogic <nathan at mds.au.com<mailto:nathan at mds.au.com>> wrote:
Hi Danny,
Re your question, absolutely, every carrier that has a telco licence is, by law, required to provide interception capabilities to comply with lawful direction from the courts or a number of law enforcement agencies as a condition of their telco licence. That also governs what they can and can’t say just like any other action taken on behalf of law enforcement or in compliance with a court order.
Just to be clear, again. I understand the procedure for an interception warrant, and the judicial oversight that takes place under those conditions, which are carefully spelled out in the Act.
What we're apparently talking about here, however, is an ad hoc government process to *block* an IP, which has no such clear process defined in law, has been an extremely controversial topic in Australia as elsewhere (leading to the recent abandonment of a proposed mandatory blacklist regime in favour of a voluntary ISP agreement), has clear risks of overreach and collateral damage (almost certainly what we're seeing here), and, it is being implied here, being conducted under the terms of a private agreement the details of which no-one has yet made public.
Was the judge in this case made aware of the collateral damage of the order they were signing? Was a judge involved at all? If it was solely the act of the Attorney-General, what is the process to ensure that this is proportional?
Even if the terms of this particular order are secret, it would seem to be extremely unlikely (and very worrying) if the process to conduct these blocks is entirely secret, and kept secret and separate from the pre-existing blacklist agreements. Is the process documented, as seems to be indicated by 314(3)? Can we see this documentation?
d.
At the risk of going off on a tangent, while I can understand why this debate stirs up emotion, what I’m keen to understand from members of this group is why, because it relates to the internet, the emotional response seems to be much greater than if a law enforcement organisation (or any organisation complying with a court order) enforces a legally binding request to do just about anything else that affects shared infrastructure in society at large.
My guess is that we feel that freedom of expression and access to information on the internet should override certain obligations (not saying I support mandatory filtering, etc), however, I suspect that we overlook countless incidents on a daily basis which now fall into the same ‘societal infrastructure’ category as the internet. On a daily basis Police shut down a roads to stop motorists getting to the scene of a crime or accident, restrict access to public or private premises for any number of reasons, tap phone lines to listen in on criminal organisations, etc but we don’t see the same sort of response. I suspect that’s because actions on these public utilities has become ingrained within society as part of our day to day lives and an accepted level of law enforcement action is considered normal for the safe and smooth running of society in general. I’m not sure this attitude has translated to the internet as yet (or ever will).
The facts that we know is that ultimately, we don’t know why or who the block was targeted at other than the IP address and why enforcement was only taken up by specific ISPs. That could have been haphazard filtering or it could have been targeted at certain end users. Without specific information, we don’t, and most probably will never, know any other circumstances surrounding the action and that is probably not going to change unless it gets to court and someone reads the transcripts (not me!) :).
Cheers
Nathan
From:ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net> [mailto:ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net>] On Behalf Of Danny O'Brien
Sent: Saturday, 13 April 2013 12:11 PM
To: Bevan Slattery
Cc: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org<http://melbournefreeuniversity.org>.
On Fri, Apr 12, 2013 at 6:28 PM, Bevan Slattery <bevan at slattery.net.au<mailto:bevan at slattery.net.au>> wrote:
Nope – wrong. You get a notice to block. You block or either get fined, go to jail or lose your carrier licence. It is a blunt instrument and it is a condition of being at "the big boys table" i.e. you're a carrier or a carriage service provider. You don't ask too many questions, you don't post it to Ausnog and have a decision by committee. You block the IP address as you are required to by law and you do it immediately.
Bevan,
Just to clarify here: are you saying there is an established process under the Telecommunications Act whereby Internet ISPs in Australia have been required to block specific IPs by law enforcement, with a secrecy requirement attached? And that's it's separate from the voluntary, DNS, filter agreed to by some ISPs?
It would seem, given the extremely strong public reaction to the public filter proposals, that this might be something of a matter of public interest. At the very least, it would be hard to keep a list of /32 blackholes secret, given the number of people that BGP feed might be shared with. Are internal BGP route databases also covered by this secrecy requirement?
d.
<snip>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130413/7ff10139/attachment.html>
More information about the AusNOG
mailing list