Australian Networks Censor Community Education Website
By Danny O'Brien, Eva Galperin, and Peter Eckersley
.
UPDATE 2013-04-12: Apparently as a result of this blog post, social media attention, and questions from the Australian Greens to the Australian Federal Attorney General's Department, the block has been lifted. But there has not yet been any explanation of why these 1,200 sites were blocked in the first place.
EFF has long opposed Australia's Internet censorship schemes, warning that even the voluntary filtering that has been implemented by Australia's largest ISPs, Telstra and Optus, lacks transparency and accountability, and could lead to collateral damage—accidental censorship of websites that are not violating the law in any way. A dramatic example of such collateral damage appears to be occuring at the moment.
EFF was recently contacted by the organisers of a community group called the Melbourne Free University (MFU) because their site appears to have been blocked or censored by Australian network operators, possibly at the request of the Australian government. Users from some (but not all) Australian ISPs have been unable to reach the Melbourne Free University site since Thursday the 4th of April. An employee of one of the affected ISPs told MFU by email that the site was blocked as a result of an order from the Australian government, but was unable to say more. Research by EFF and MFU, and discussion amongst Australian network operators, confirms that the IP address has been black holed by a number of Australian ISPs, preventing access to more than 1,200 websites including the Melbourne Free University (multiple websites sharing a single IP address is common due to virtual hosting).
The causes for the block are currently unknown. Speculation by the Australian networking community has included criminal investigations, action by ASIC, or DDOS mitigation. Unusually, a representative of one of the blackholing ISPs, AAPT, would only state that "in regard to this issue, this IP address has been blocked". Under conditions where the cause was to protect the functioning of the Internet, such as to combat a denial-of-service attack, one would expect the ISP to clearly describe the reasons for the temporary filter to better assist other network operators. It would be surprising if the cause was Australia's nascent Internet censorship system as that is reported to operate with DNS rather than IP blocks.
Whatever the reason for the IP black hole, it is extremely unlikely that they justify the reckless censorship of 1,200 sites for Australian Internet users, and very disturbing that the true reasons have not been made public after many days of requests from the affected parties. Decisions that affect the global connectivity of the Internet should be made transparently, whether they are made in the offices of ISPs, or in the courts and corridors of government.
In the mean time, Australian Internet users who are affected by it can install Tor to access affected websites.
Some Technical Info on the Black Hole
A typical traceroute from an affected ISP looks like this:
> $ traceroute www.melbournefreeuniversity.org > traceroute to melbournefreeuniversity.org (198.136.54.104), 64 hops max, 40 > byte packets > 1 XXXXXXXXXXXXX (192.168.1.254) 1 ms 1 ms 1 ms > 2 XXX.XXX.96.58.static.exetel.com.au (58.96.XXX.XXX) 18 ms 19 ms 18 ms > 3 33.2.96.58.static.exetel.com.au (58.96.2.33) 19 ms 18 ms 19 ms > 4 pe-5017370-mburninte01.gw.aapt.com.au (203.174.186.73) 24 ms 20 ms > 20 ms > 5 te3-3.mburndist01.aapt.net.au (203.131.61.30) [MPLS: Label 190 Exp 1] > 35 ms 35 ms 31 ms > 6 te0-3-4-0.mburncore01.aapt.net.au (202.10.12.15) [MPLS: Label 17412 Exp > 1] More labels 31 ms More labels 31 ms More labels 30 ms > 7 bu2.sclarcore01.aapt.net.au (202.10.10.74) [MPLS: Label 16702 Exp 1] > More labels 49 ms More labels 32 ms More labels 31 ms > 8 te2-2.sclardist01.aapt.net.au (202.10.12.2) [MPLS: Label 895 Exp 1] 31 > ms 32 ms 33 ms > 9 * po6.sclarbrdr01.aapt.net.au (202.10.14.3) 30 ms * > 10 * * * > 11 * * *
Packets for the MFU website, which is hosted in the US, never make it out of Australian networks. For comparison, a traceroute from an Australian university where censorship is not present looks like this:
$ traceroute www.melbournefreeuniversity.org traceroute to www.melbournefreeuniversity.org (198.136.54.104), 30 hops max, 60 byte packets 1 128.250.XXX.XXX (128.250.XXX.XXX) 0.731 ms 0.825 ms * 2 172.18.XXX.XXX (172.18.XXX.XXX) 0.731 ms 0.713 ms 0.694 ms 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 ge-7-1-0.bb1.a.syd.aarnet.net.au (202.158.194.242) 12.984 ms 13.037 ms 13.030 ms 9 xe-0-0-0.bb1.b.sea.aarnet.net.au (202.158.194.121) 155.554 ms 155.514 ms 155.491 ms 10 * * * 11 * * * 12 ae-32-52.ebr2.Seattle1.Level3.net (4.69.147.182) 240.518 ms * * 13 * * * 14 * * * 15 ae-2-2.ebr2.Dallas1.Level3.net (4.69.132.106) 238.357 ms 238.176 ms 238.409 ms 16 ae-92-92.csw4.Dallas1.Level3.net (4.69.151.165) 255.044 ms ae-62-62.csw1.Dallas1.Level3.net (4.69.151.129) 242.661 ms ae-82-82.csw3.Dallas1.Level3.net (4.69.151.153) 241.341 ms 17 ae-73-73.ebr3.Dallas1.Level3.net (4.69.151.146) 240.255 ms ae-63-63.ebr3.Dallas1.Level3.net (4.69.151.134) 238.899 ms ae-83-83.ebr3.Dallas1.Level3.net (4.69.151.158) 236.614 ms 18 ae-7-7.ebr3.Atlanta2.Level3.net (4.69.134.22) 240.434 ms 239.945 ms 241.744 ms 19 ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242) 241.140 ms 241.238 ms 241.278 ms 20 ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149) 238.578 ms 238.914 ms 238.484 ms 21 ten-7-4.edge1.level3.mco01.hostdime.com (67.30.140.198) 243.929 ms 244.469 ms 243.938 ms 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * *$ sudo traceroute -T -p 80 www.melbournefreeuniversity.org
traceroute to www.melbournefreeuniversity.org (198.136.54.104), 30 hops
max, 44 byte packets
1 128.250.XXX.XXX (128.250.XXX.XXX) 0.476 ms 0.585 ms 0.581 ms
2 172.18.XXX.XXX (172.18.XXX.XXX) 0.729 ms 0.734 ms *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 so-0-1-0.bb1.a.syd.aarnet.net.au (202.158.194.34) 14.958 ms 14.951 ms
14.998 ms
9 xe-0-0-0.bb1.b.sea.aarnet.net.au (202.158.194.121) 156.501 ms 156.522
ms 156.499 ms
10 * * *
11 * * *
12 * * *
13 ae-2-2.ebr2.Denver1.Level3.net (4.69.132.54) 240.604 ms * *
14 * * ae-1-100.ebr1.Denver1.Level3.net (4.69.151.181) 238.874 ms
15 * ae-2-2.ebr2.Dallas1.Level3.net (4.69.132.106) 239.695 ms 239.757 ms
16 ae-72-72.csw2.Dallas1.Level3.net (4.69.151.141) 238.391 ms
ae-62-62.csw1.Dallas1.Level3.net (4.69.151.129) 243.191 ms
ae-92-92.csw4.Dallas1.Level3.net (4.69.151.165) 240.982 ms
17 ae-83-83.ebr3.Dallas1.Level3.net (4.69.151.158) 239.423 ms
ae-63-63.ebr3.Dallas1.Level3.net (4.69.151.134) 240.658 ms
ae-93-93.ebr3.Dallas1.Level3.net (4.69.151.170) 242.555 ms
18 ae-7-7.ebr3.Atlanta2.Level3.net (4.69.134.22) 242.528 ms 242.706 ms
242.316 ms
19 ae-63-63.ebr1.Atlanta2.Level3.net (4.69.148.242) 243.530 ms 243.745
ms 237.970 ms
20 ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149) 243.341 ms 245.715 ms
236.782 ms
21 ten-7-4.edge1.level3.mco01.hostdime.com (67.30.140.198) 239.822 ms
241.864 ms 238.934 ms
22 active.host-care.com (198.136.54.104) 240.094 ms 240.135 ms 240.132
ms
Other websites using the same IP address ( including karenleefield.com, moneysaveuk.com , fmachennai.org , smartandfrank.com, and kohchangpoolvillas.com) demonstrate similar behavior.
A BGP query to looking glass server at an affected Australian backbone ISP shows the black hole as an abnormal route to the destination IP:
Router: Sydney Command: show ip bgp 198.136.54.104 255.255.255.0 longerBGP table version is 146982471, local router ID is 203.63.80.155
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path
*> 198.136.54.104/32
192.0.2.1 0 101 32768 ?