[AusNOG] Confirmation of govt blackholing. Was: Re: Understanding lack of Aus connectivity to melbournefreeuniversity.org.
Joshua D'Alton
joshua at railgun.com.au
Thu May 16 01:31:36 EST 2013
Yes I have, 2 in fact, and its been a royal PITA.
On Wed, May 15, 2013 at 11:45 PM, Robert Hudson <hudrob at gmail.com> wrote:
> Unless you've actually operated behind the Great Firewall of China, don't
> even joke...
>
>
> On 15 May 2013 22:49, Joshua D'Alton <joshua at railgun.com.au> wrote:
>
>> Great firewall of china here we come.
>>
>>
>> On Wed, May 15, 2013 at 10:33 PM, Danny O'Brien <danny at spesh.com> wrote:
>>
>>> A quick final update to this mystery from last month.
>>>
>>> The office of the Communications Minister confirmed last night that this
>>> IP was blackholed (by AAPT and perhaps others) after the Australian
>>> Securities and Investment Commission sent a notice under Section 313 for
>>> "an IP address that was linked to a fraud website".
>>>
>>> "Melbourne Free University’s website was hosted at the same IP address
>>> as the fraud website, and was unintentionally blocked. Once ASIC were made
>>> aware of what had happened, they lifted the original blocking request."
>>>
>>> (See
>>> http://delimiter.com.au/2013/05/15/interpol-filter-scope-creep-asic-ordering-unilateral-website-blocks/ for
>>> more details)
>>>
>>> I'll try and keep this note as operational as I can: ISPs should be
>>> aware that more than one government regulator are now claiming to have the
>>> legal ability to demand Australian ISPs block upstream IPs. There's no
>>> defined limit under 313 on who might place these requests.
>>>
>>> ISPs obeying these notices also appear to believe that they cannot
>>> report on these blocks (even when the regulator in question puts out its
>>> own press releases declaring their intentions:
>>> http://www.asic.gov.au/asic/asic.nsf/byheadline/13-061MR+ASIC+warns+consumers+about+Global+Capital+Wealth?openDocument
>>> ).
>>>
>>> I don't currently see any judicial oversight of this system,
>>> transparency, or possibility of redress either for ISPs or for their
>>> customers. The only reason ASIC were "made aware" that they were blocking
>>> innocent Australians was because MFU reached out to numerous groups to find
>>> out what was going on, and were refused details by both ISPs and
>>> government. The only reason Conroy's office made a statement now, it
>>> appears, is because Renai Lemay and others essentially forced the issue.
>>>
>>> And unlike the recent vigorous discussions over the ACMA blacklist,
>>> where ISPs and Australians were given the opportunity to discuss the pros
>>> and cons, there has been no public debate. No-one, including it seems many
>>> ISPs, were aware that IP blocking through BGP blackholes was a government
>>> power.
>>>
>>> I'd like to thank everyone who helped get to the bottom of this --
>>> especially those in the networking community that told us that ASIC might
>>> be the cause.
>>>
>>> If you'd like to talk with me at the Electronic Frontier Foundation or
>>> the folks at the Electronic Frontiers Australia about pushing back against
>>> these expansions of government power over ISPs, do get in touch on my work
>>> address, which is danny at eff.org.
>>>
>>> From historic experience, accepting these orders without protest is
>>> going to encourage more parts of government to seek their own censorship
>>> powers, and unless you join others in pushing back, I fear network
>>> operators are going to find themselves complicit in doing the very opposite
>>> of what they promise their users, which is still providing great
>>> connectivity with the rest of the Net.
>>>
>>> Thanks again for your time,
>>>
>>> d.
>>> International Director, EFF.
>>>
>>> On Thu, Apr 11, 2013 at 7:53 AM, Danny O'Brien <danny at spesh.com> wrote:
>>>
>>>> Hi AusNOG,
>>>>
>>>> Apologies for the interruption -- I work for the Electronic Frontier
>>>> Foundation in the US, and usually lurk on the NANOG lists, asking the
>>>> occasional curious question about once a decade (Including "Where did Egypt
>>>> just go?" http://seclists.org/nanog/2011/Jan/1416 and "What happens
>>>> when Ripe.net doesn't pay their domain fees?"
>>>> http://seclists.org/nanog/1998/Apr/50 ).
>>>>
>>>> My question to this even more distinguished audience is a little
>>>> narrower:
>>>>
>>>> We got a message from Melbourne Free University yesterday, whose site
>>>> hosted at 198.136.54.104 in the US was unavailable from Optus and Telstra
>>>> consumer users.
>>>>
>>>> It looks to me that this specific IP is being patchily blackholed,
>>>> mostly from Australian addresses. My working assumption is that this is due
>>>> to DDOS mitigation.
>>>>
>>>> The reason why Melbourne Free University got in touch with us, though,
>>>> was that when they contacted their own broadband service provider., Exetel,
>>>> to complain, their support eventually told them that upstream, AAPT, was
>>>> blocking it due to an Australian government request, and could say no more
>>>> about it. (The ticket is below.)
>>>>
>>>> MFU is understandably a bit disturbed by such a statement from their
>>>> ISP, as are we. I *am* at this stage assuming miscommunication rather than
>>>> government action. I've reached out to AAPT and Exetel, and been banging on
>>>> BGP looking glasses and traceroutes all day, and not getting much response,
>>>> so I thought I'd broaden out the query and ask you all:
>>>>
>>>> 1) Is anyone here blackholing 198.136.54.104 or the /20 (though I've
>>>> seen people being able to reach .103 and .105 fine, but lose 104) for DDOS
>>>> or other operational reasons?
>>>>
>>>> 2) Hypothetically, can anyone suggest a Federal court order or
>>>> government process that would lead to such a blackhole for
>>>> *non*-operational reasons?
>>>>
>>>> Thank you for your attention -- I hope your curiousity is as piqued as
>>>> mine was.
>>>>
>>>> d.
>>>>
>>>> > Please note that we regret to inform that the IP address has been
>>>> blocked
>>>> > by Australian authority for undisclosed reasons.
>>>> >
>>>> > As per our supplier, due to the legal department our supplier is
>>>> unable to
>>>> > share any information regarding the blocking of the IP address.
>>>> Therefore
>>>> > we are not able to provide the details regarding who has blocked
>>>> the IP or
>>>> > why because the supplier wont provide these info.
>>>> >
>>>> > Also note that our supplier is unable to have this IP unblocked.
>>>> >
>>>> > Level 1 - Network Support Engineer
>>>> > Exetel Pty Ltd
>>>>
>>>>
>>>> Here is the route taken by an Exetel consumer subscriber using the
>>>> AAPT network attempting to access the site.
>>>>
>>>> > $ traceroute www.melbournefreeuniversity.org
>>>> > traceroute to melbournefreeuniversity.org (198.136.54.104), 64
>>>> hops max, 40
>>>> > byte packets
>>>> > 1 XXXXXXXXXXXXX (192.168.1.254) 1 ms 1 ms 1 ms
>>>> > 2 XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX) 18 ms
>>>> 19 ms 18 ms
>>>> > 3 33.2.96.58.static.exetel.com.au (58.96.2.33) 19 ms 18
>>>> ms 19 ms
>>>> > 4 pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73) 24
>>>> ms 20 ms
>>>> > 20 ms
>>>> > 5 te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS: Label
>>>> 190 Exp 1]
>>>> > 35 ms 35 ms 31 ms
>>>> > 6 te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS:
>>>> Label 17412 Exp
>>>> > 7 bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label
>>>> 16702 Exp 1]
>>>> > More labels 49 ms More labels 32 ms More labels 31 ms
>>>> > 8 te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label
>>>> 895 Exp 1] 31
>>>> > ms 32 ms 33 ms
>>>> > 9 * po6.sclarbrdr01.aapt.net.au (202.10.14.3) 30 ms *
>>>> > 10 * * *
>>>> > 11 * * *
>>>>
>>>> Here is the route taken by a Telstra subscriber in Brisbane.
>>>>
>>>> > $ traceroute to www.melbournefreeuniversity.org <
>>>> http://www.melbournefreeuniversity.org> (198.136.54.104), 30 hops max,
>>>> 60 byte packets
>>>> > 1 10.205.XX.XX (10.205.XX.XX) 8.936 ms 8.989 ms 8.977 ms
>>>> > 2 58.160.XX.XX (58.160.XX.XX) 9.349 ms 9.425 ms 9.482 ms
>>>> > 3 58.160.XX.XX (58.160.XX.XX) 9.705 ms 9.765 ms 9.753 ms
>>>> > 4 172.18.241.105 (172.18.241.105) 12.691 ms 12.817 ms
>>>> 12.705 ms
>>>> > 5 bundle-ether10-woo10.brisbane.telstra.net(110.142.226.13) 15.426 ms 15.482 ms 14.644 ms
>>>> > 6 bundle-ether3.woo-core1.brisbane.telstra.net(203.50.11.52) 17.872 ms 12.953 ms 13.940 ms
>>>> > 7 bundle-ether11.chw-core2.sydney.telstra.net(203.50.11.70) 25.653 ms 26.135 ms 26.054 ms
>>>> > 8 bundle-ether1.pad-gw1.sydney.telstra.net (203.50.6.25)
>>>> 27.017 ms 27.078 ms 27.072 ms
>>>> > 9 gigabitethernet0-2.pad-service2.sydney.telstra.net(203.50.6.70) 24.064 ms 24.129 ms 24.111 ms
>>>> > 10 * *
>>>> > 11 *
>>>> > 12 *
>>>> > 13 *
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130516/579a4a16/attachment.html>
More information about the AusNOG
mailing list