[AusNOG] census issues tonight
Luke Fong
luke at lateralplains.com
Thu Aug 11 22:43:19 EST 2016
Hey James,
I think you forgot to mention a company that can help also…
<http://www.micron21.com/ddos-protection> www.micron21.com/ddos-protection
;)
Cheers
L
Kind Regards,
Luke Fong
Operations Manager
Lateral Plains Pty Ltd
PO Box 549
Ballarat ,Vic 3353
Tel : 03 5317 7123
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of James Braunegg
Sent: Thursday, 11 August 2016 10:36 PM
To: johnstsquare at tpg.com.au; ausnog at lists.ausnog.net
Subject: Re: [AusNOG] census issues tonight
They are not Geo Blocking anything….
International DNS is not working as direct result of all 4 name servers for census.abs.gov.au being hosted within 150.207.169.0/24 which is effectively black holed internationally via /32 and /25 routes so no international DNS server can resolve the domain.
They could have at least hosted DNS on someone else’s network or used route 53 so DNS would resolve correctly for anyone not using an Australian DNS server.
auolpr00dn03d.abs.gov.au. ['150.207.169.20'] [TTL=10800]
auolpr00dn02d.abs.gov.au. ['150.207.169.7'] [TTL=10800]
auolpr00dn04d.abs.gov.au. ['150.207.169.21'] [TTL=10800]
auolpr00dn01d.abs.gov.au. ['150.207.169.6'] [TTL=10800]
Basically to complete the Census you have to use an Australian based connection with an Australian DNS server.
On a side note I think the ABS will be placing an order with NSFOCUS or Arbor for some Layer 3 to 7 DDoS scrubbing hardware … which clearly they don’t have, as if they had the correct DDoS scrubbing technology in place they would not need to use the black holing technique which is currently in place.
Kindest Regards
James Braunegg
P: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616
E: <mailto:james.braunegg at micron21.com> james.braunegg at micron21.com | ABN: 12 109 977 666
W: <http://www.micron21.com/ddos-protection> www.micron21.com/ddos-protection T: @micron21
Follow us on <http://www.twitter.com/micron21> Twitter for important service and system updates.
This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of johnstsquare at tpg.com.au <mailto:johnstsquare at tpg.com.au>
Sent: Thursday, 11 August 2016 9:40 PM
To: ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] census issues tonight
+1
The same with 8.8.4.4 and OpenDNS public resolvers
ABS is using geo-blocking with layer-3 IP ACL on the routers upstream from their DNS servers. VPN users terminating outside of Australia (yay HBO Go and Amazon video), or employees of MNCs with resolvers outside of Australia.
Because it was a layer-3 block, they just dropped the traffic and the user’s resolver would keep sending DNS queries. As a result, there were numerous resolvers sending a flood of requests to <http://census.abs.gov.au/> census.abs.gov.au DNS servers which looked like a small amplification attack.
Additionally they have taken the wrong move of increasing TTL's to try to reduce load on their DNS. This makes it hard to move to a cloud DDOS provider as the dns will take 24hrs to propagate. 14400 seconds.
www.census.abs.gov.au <http://www.census.abs.gov.au> . 14400 IN A 150.207.169.5
------
$ dig +trace www.census.abs.gov.au <http://www.census.abs.gov.au> @61.88.88.88
; <<>> DiG 9.8.3-P1 <<>> +trace www.census.abs.gov.au <http://www.census.abs.gov.au> @61.88.88.88
;; global options: +cmd
. 333196 IN NS j.root-servers.net.
. 333196 IN NS k.root-servers.net.
. 333196 IN NS l.root-servers.net.
. 333196 IN NS m.root-servers.net.
. 333196 IN NS a.root-servers.net.
. 333196 IN NS b.root-servers.net.
. 333196 IN NS c.root-servers.net.
. 333196 IN NS d.root-servers.net.
. 333196 IN NS e.root-servers.net.
. 333196 IN NS f.root-servers.net.
. 333196 IN NS g.root-servers.net.
.. 333196 IN NS h.root-servers.net.
. 333196 IN NS i.root-servers.net.
;; Received 228 bytes from 61.88.88.88#53(61.88.88.88) in 152 ms
au. 172800 IN NS a.au.
au. 172800 IN NS b.au.
au. 172800 IN NS u.au.
au. 172800 IN NS v.au.
au. 172800 IN NS w.au.
au. 172800 IN NS x.au.
au. 172800 IN NS y.au.
au. 172800 IN NS z.au.
;; Received 491 bytes from 199.7.83.42#53(199.7.83.42) in 114 ms
gov.au. 86400 IN NS w.au.
gov.au. 86400 IN NS x.au.
gov.au. 86400 IN NS z.au.
gov.au. 86400 IN NS y.au.
;; Received 279 bytes from 58.65.253.73#53(58.65.253.73) in 146 ms
abs.gov.au. 14400 IN NS ns1.telstra.net.
abs.gov.au. 14400 IN NS ns1.abs.gov.au.
;; Received 102 bytes from 37.209.198.5#53(37.209.198.5) in 62 ms
census.abs.gov.au. 10800 IN NS auolpr00dn01d.abs.gov.au.
census.abs.gov.au. 10800 IN NS auolpr00dn02d.abs.gov.au.
census.abs.gov.au. 10800 IN NS auolpr00dn04d.abs.gov.au.
census.abs.gov.au. 10800 IN NS auolpr00dn03d.abs.gov.au.
;; Received 215 bytes from 139.130.4.5#53(139.130.4.5) in 48 ms
www.census.abs.gov..au <http://www.census.abs.gov..au> . 14400 IN A 150.207.169.5
www.census.abs.gov.au <http://www.census.abs.gov.au> . 14400 IN A 150.207.169.8
census.abs.gov.au. 86400 IN NS auolpr00dn01d.abs.gov.au.
census.abs.gov.au. 86400 IN NS auolpr00dn03d.abs.gov.au.
census.abs.gov.au. 86400 IN NS auolpr00dn02d.abs.gov.au.
census.abs.gov.au. 86400 IN NS auolpr00dn04d.abs.gov.au.
;; Received 183 bytes from 150.207.169.7#53(150.207.169.7) in 9 ms
From: Chris Lee <chris at datachaos.com.au <mailto:chris at datachaos.com.au> >
Date: Thursday, August 11, 2016 at 7:09 PM
To: "ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net> " <ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net> >
Subject: Re: [AusNOG] census issues tonight
Online so long as you don't use Google DNS for lookups...
; <<>> DiG 9.10.4-P1 <<>> @8.8..8.8 <https://urldefense.proofpoint.com/v2/url?u=http-3A__8.8.8.8&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=wJDREqbOvAj7uAMLV05riA&m=fv569LrIV-cypFQUVYMlmz69TV4_76PM3m30R6LCx-0&s=lVEBnodBT1tutMSqVpjploWPMSXH5ioOE1oO1a3y_hQ&e=> census.abs.gov.au <https://urldefense.proofpoint.com/v2/url?u=http-3A__census.abs.gov.au&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=wJDREqbOvAj7uAMLV05riA&m=fv569LrIV-cypFQUVYMlmz69TV4_76PM3m30R6LCx-0&s=SjWtw_nm3J4SjJxIdaGpWiN25_EK69qzsxCpYdAIe_o&e=>
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45286
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;census.abs.gov.au <https://urldefense.proofpoint.com/v2/url?u=http-3A__census.abs.gov.au&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=wJDREqbOvAj7uAMLV05riA&m=fv569LrIV-cypFQUVYMlmz69TV4_76PM3m30R6LCx-0&s=SjWtw_nm3J4SjJxIdaGpWiN25_EK69qzsxCpYdAIe_o&e=> . IN A
;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8..8.8.8)
;; WHEN: Thu Aug 11 19:06:03 AEST 2016
;; MSG SIZE rcvd: 46
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160811/87d97a8e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 20987 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160811/87d97a8e/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160811/87d97a8e/attachment-0001.jpg>
More information about the AusNOG
mailing list