[AusNOG] Confirmation of govt blackholing. Was: Re: Understanding lack of Aus connectivity to melbournefreeuniversity.org.

Robert Hudson hudrob at gmail.com
Thu May 16 00:20:00 EST 2013


It's actually worse.

If a user on your corporate network tries to visit a site that the Chinese
Govt thinks is "bad (tm)", your entire corporate Internet link has all
connections on it reset, and it takes anything up to a few minutes for you
to get *any* connectivity back.

It's a bloody nightmare.  I imagine it's even more fun if you're trying to
run an ISP there...

On 15 May 2013 23:55, Phillip Grasso <phillip.grasso at gmail.com> wrote:

> knock knock,
> who's there.
>
> its <censored>
>
>
> On Wed, May 15, 2013 at 11:45 PM, Robert Hudson <hudrob at gmail.com> wrote:
>
>> Unless you've actually operated behind the Great Firewall of China, don't
>> even joke...
>>
>>
>> On 15 May 2013 22:49, Joshua D'Alton <joshua at railgun.com.au> wrote:
>>
>>> Great firewall of china here we come.
>>>
>>>
>>> On Wed, May 15, 2013 at 10:33 PM, Danny O'Brien <danny at spesh.com> wrote:
>>>
>>>> A quick final update to this mystery from last month.
>>>>
>>>> The office of the Communications Minister confirmed last night that
>>>> this IP was blackholed (by AAPT and perhaps others) after the Australian
>>>> Securities and Investment Commission sent a notice under Section 313 for
>>>> "an IP address that was linked to a fraud website".
>>>>
>>>> "Melbourne Free University’s website was hosted at the same IP address
>>>> as the fraud website, and was unintentionally blocked. Once ASIC were made
>>>> aware of what had happened, they lifted the original blocking request."
>>>>
>>>> (See
>>>> http://delimiter.com.au/2013/05/15/interpol-filter-scope-creep-asic-ordering-unilateral-website-blocks/ for
>>>> more details)
>>>>
>>>> I'll try and keep this note as operational as I can: ISPs should be
>>>> aware that more than one government regulator are now claiming to have the
>>>> legal ability to demand Australian ISPs block upstream IPs. There's no
>>>> defined limit under 313 on who might place these requests.
>>>>
>>>> ISPs obeying these notices also appear to believe that they cannot
>>>> report on these blocks (even when the regulator in question puts out its
>>>> own press releases declaring their intentions:
>>>> http://www.asic.gov.au/asic/asic.nsf/byheadline/13-061MR+ASIC+warns+consumers+about+Global+Capital+Wealth?openDocument
>>>>  ).
>>>>
>>>> I don't currently see any judicial oversight of this system,
>>>> transparency, or possibility of redress either for ISPs or for their
>>>> customers. The only reason ASIC were "made aware" that they were blocking
>>>> innocent Australians was because MFU reached out to numerous groups to find
>>>> out what was going on, and were refused details by both ISPs and
>>>> government. The only reason Conroy's office made a statement now, it
>>>> appears, is because Renai Lemay and others essentially forced the issue.
>>>>
>>>> And unlike the recent vigorous discussions over the ACMA blacklist,
>>>> where ISPs and Australians were given the opportunity to discuss the pros
>>>> and cons, there has been no public debate. No-one, including it seems many
>>>> ISPs, were aware that IP blocking through BGP blackholes was a government
>>>> power.
>>>>
>>>> I'd like to thank everyone who helped get to the bottom of this --
>>>> especially those in the networking community that told us that ASIC might
>>>> be the cause.
>>>>
>>>> If you'd like to talk with me at the Electronic Frontier Foundation or
>>>> the folks at the Electronic Frontiers Australia about pushing back against
>>>> these expansions of government power over ISPs, do get in touch on my work
>>>> address, which is danny at eff.org.
>>>>
>>>> From historic experience, accepting these orders without protest is
>>>> going to encourage more parts of government to seek their own censorship
>>>> powers, and unless you join others in pushing back, I fear network
>>>> operators are going to find themselves complicit in doing the very opposite
>>>> of what they promise their users, which is still providing great
>>>> connectivity with the rest of the Net.
>>>>
>>>> Thanks again for your time,
>>>>
>>>> d.
>>>> International Director, EFF.
>>>>
>>>> On Thu, Apr 11, 2013 at 7:53 AM, Danny O'Brien <danny at spesh.com> wrote:
>>>>
>>>>> Hi AusNOG,
>>>>>
>>>>> Apologies for the interruption -- I work for the Electronic Frontier
>>>>> Foundation in the US, and usually lurk on the NANOG lists, asking the
>>>>> occasional curious question about once a decade (Including "Where did Egypt
>>>>> just go?" http://seclists.org/nanog/2011/Jan/1416 and "What happens
>>>>> when Ripe.net doesn't pay their domain fees?"
>>>>> http://seclists.org/nanog/1998/Apr/50 ).
>>>>>
>>>>> My question to this even more distinguished audience is a little
>>>>> narrower:
>>>>>
>>>>> We got a message from Melbourne Free University yesterday, whose site
>>>>> hosted at 198.136.54.104 in the US was unavailable from Optus and Telstra
>>>>> consumer users.
>>>>>
>>>>> It looks to me that this specific IP is being patchily blackholed,
>>>>> mostly from Australian addresses. My working assumption is that this is due
>>>>> to DDOS mitigation.
>>>>>
>>>>> The reason why Melbourne Free University got in touch with us, though,
>>>>> was that when they contacted their own broadband service provider., Exetel,
>>>>> to complain, their support eventually told them that upstream, AAPT, was
>>>>> blocking it due to an Australian government request, and could say no more
>>>>> about it. (The ticket is below.)
>>>>>
>>>>> MFU is understandably a bit disturbed by such a statement from their
>>>>> ISP, as are we. I *am* at this stage assuming miscommunication rather than
>>>>> government action. I've reached out to AAPT and Exetel, and been banging on
>>>>> BGP looking glasses and traceroutes all day, and not getting much response,
>>>>> so I thought I'd broaden out the query and ask you all:
>>>>>
>>>>> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've
>>>>> seen people being able to reach .103 and .105 fine, but lose 104) for DDOS
>>>>> or other operational reasons?
>>>>>
>>>>> 2) Hypothetically, can anyone suggest a Federal court order or
>>>>> government process that would lead to such a blackhole for
>>>>> *non*-operational reasons?
>>>>>
>>>>> Thank you for your attention -- I hope your curiousity is as piqued as
>>>>> mine was.
>>>>>
>>>>> d.
>>>>>
>>>>> >     Please note that we regret to inform that the IP address has
>>>>> been blocked
>>>>> >     by Australian authority for undisclosed reasons.
>>>>> >
>>>>> >     As per our supplier, due to the legal department our supplier is
>>>>> unable to
>>>>> >     share any information regarding the blocking of the IP address.
>>>>> Therefore
>>>>> >     we are not able to provide the details regarding who has blocked
>>>>> the IP or
>>>>> >     why because the supplier wont provide these info.
>>>>> >
>>>>> >     Also note that our supplier is unable to have this IP unblocked.
>>>>> >
>>>>> >     Level 1 - Network Support Engineer
>>>>> >     Exetel Pty Ltd
>>>>>
>>>>>
>>>>>  Here is the route taken by an Exetel consumer subscriber using the
>>>>> AAPT network attempting to access the site.
>>>>>
>>>>>       > $ traceroute www.melbournefreeuniversity.org
>>>>>       > traceroute to melbournefreeuniversity.org (198.136.54.104),
>>>>> 64 hops max, 40
>>>>>       > byte packets
>>>>>       >  1  XXXXXXXXXXXXX (192.168.1.254)  1 ms  1 ms  1 ms
>>>>>       >  2  XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX)  18
>>>>> ms  19 ms  18 ms
>>>>>       >  3  33.2.96.58.static.exetel.com.au (58.96.2.33)  19 ms  18
>>>>> ms  19 ms
>>>>>       >  4  pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73)
>>>>> 24 ms  20 ms
>>>>>       > 20 ms
>>>>>       >  5  te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS:
>>>>> Label 190 Exp 1]
>>>>>       > 35 ms  35 ms  31 ms
>>>>>       >  6  te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS:
>>>>> Label 17412 Exp
>>>>>       >  7  bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label
>>>>> 16702 Exp 1]
>>>>>       > More labels  49 ms More labels  32 ms More labels  31 ms
>>>>>       >  8  te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label
>>>>> 895 Exp 1]  31
>>>>>       > ms  32 ms  33 ms
>>>>>       >  9  * po6.sclarbrdr01.aapt.net.au (202.10.14.3)  30 ms *
>>>>>       > 10  * * *
>>>>>       > 11  * * *
>>>>>
>>>>>   Here is the route taken by a Telstra subscriber in Brisbane.
>>>>>
>>>>>       >  $ traceroute to www.melbournefreeuniversity.org <
>>>>> http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops
>>>>> max, 60 byte packets
>>>>>       >  1  10.205.XX.XX (10.205.XX.XX)  8.936 ms  8.989 ms  8.977 ms
>>>>>       >  2  58.160.XX.XX (58.160.XX.XX)  9.349 ms  9.425 ms  9.482 ms
>>>>>       >  3  58.160.XX.XX (58.160.XX.XX)  9.705 ms  9.765 ms  9.753 ms
>>>>>       >  4  172.18.241.105 (172.18.241.105)  12.691 ms  12.817 ms
>>>>> 12.705 ms
>>>>>       >  5  bundle-ether10-woo10.brisbane.telstra.net(110.142.226.13)  15.426 ms  15.482 ms  14.644 ms
>>>>>       >  6  bundle-ether3.woo-core1.brisbane.telstra.net(203.50.11.52)  17.872 ms  12.953 ms  13.940 ms
>>>>>       >  7  bundle-ether11.chw-core2.sydney.telstra.net(203.50.11.70)  25.653 ms  26.135 ms  26.054 ms
>>>>>       >  8  bundle-ether1.pad-gw1.sydney.telstra.net (203.50.6.25)
>>>>> 27.017 ms  27.078 ms  27.072 ms
>>>>>       >  9  gigabitethernet0-2.pad-service2.sydney.telstra.net(203.50.6.70)  24.064 ms  24.129 ms  24.111 ms
>>>>>       > 10  * *
>>>>>       > 11   *
>>>>>       > 12   *
>>>>>       > 13   *
>>>>>
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130516/f4d0f0ce/attachment.html>


More information about the AusNOG mailing list