Last night they had other nameservers for census.abs.gov.au although that appears to be gone today:
dig @208.67.220.220 census.abs.gov.au ns ; <<>> DiG 9.8.3-P1 <<>> census.abs.gov.au ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63525 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;census.abs.gov.au. IN NS ;; ANSWER SECTION: census.abs.gov.au. 30219 IN NS auolpr00dn04d.abs.gov.au. census.abs.gov.au. 30219 IN NS auolpr00dn02d.abs.gov.au. census.abs.gov.au. 30219 IN NS auolpr00dn03d.abs.gov.au. census.abs.gov.au. 30219 IN NS auolpr00dn01d.abs.gov.au. ;; Query time: 25 msec ;; SERVER: 208.67.220.220#53(208.67.220.220) ;; WHEN: Tue Aug 9 20:55:35 2016 ;; MSG SIZE rcvd: 147 > On 2016/Aug/09, at 9:00 PM, Roger Clarke <[email protected]> wrote: > > [Declaration: I've been knee-deep in the policy aspects of the Census since > March. But this question is specifically about the technical aspects of the > site.] > > The comprehensiveness of the debacle during the evening of the Census seems > to me to challenge the normal presumption that you choose incompetence over > vindictiveness. > > I'm not so much suggesting that either ABS insiders or IBM staff might have > indulged in sabotage. (Now that *would* be significant!). But I'm wondering > whether some skilled hackers might have done so. > > Alright, allow for both, e.g.: > (1) inadequate implementation and hence easily-found vulnerabilities, and > (2) script-kiddies using mainstream attack tools. > (Apologies if I'm using dated terminology). > > In case they're of use for the purposes of collaborative post-debacle > sleuthing, a couple of snapshots are below. > > Two aspects of the whois listing are contributors to my suspicions: >> Updated 23 minutes ago > The snapshot was taken c. 20:30 UT+10 > OTOH, Last Modified shows 22-Mar-2016 05:20:10 UTC >> DNSSEC: unsigned > > Okay, given that the traceroutes to *both* DNS-servers get nowhere fast, > there's a possibility that some of the nearby networks weren't scaled for the > hammering that they got this evening? (Self-inflicted DDOS?). > > But, as linkers know, I'm not very good once we get under the bonnet ... > > ________ > > > ; <<>> DiG 9.3.6-APPLE-P2 <<>> abs.gov.au any > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48375 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2 > > ;; QUESTION SECTION: > ;abs.gov.au. IN ANY > > ;; ANSWER SECTION: > abs.gov.au. 3846 IN A 144.53.228.30 > abs.gov.au. 2089 IN NS ns1.abs.gov.au. > abs.gov.au. 2089 IN NS ns1.telstra.net. > > ;; AUTHORITY SECTION: > abs.gov.au. 2089 IN NS ns1.telstra.net. > abs.gov.au. 2089 IN NS ns1.abs.gov.au. > > ;; ADDITIONAL SECTION: > ns1.abs.gov.au. 6397 IN A 144.53.226.90 > ns1.telstra.net. 54738 IN A 139.130.4.5 > > ;; Query time: 17 msec > ;; SERVER: 192.168.2.1#53(192.168.2.1) > ;; WHEN: Tue Aug 9 20:28:38 2016 > ;; MSG SIZE rcvd: 151 > > _____________ > > http://www.whois.com/whois/abs.gov.au > abs.gov.au registry whois > > Updated 23 minutes ago - Refresh > > Domain Name: abs.gov.au > Last Modified: 22-Mar-2016 05:20:10 UTC > Status: ok > Registrar Name: Digital Transformation Office > > Registrant: Australian Bureau of Statistics > Registrant ID: OTHER n/a > Eligibility Type: Other > > Registrant Contact ID: GOVAU-WAAR1000 > Registrant Contact Name: Duncan Anderson > Registrant Contact Email: Visit whois.ausregistry.com.au for Web based > WhoIs > > Tech Contact ID: GOVAU-WAAR1001 > Tech Contact Name: Duncan Anderson > Tech Contact Email: Visit whois.ausregistry.com.au for Web based > WhoIs > > Name Server: ns1.telstra.net > Name Server: ns1.abs.gov.au > Name Server IP: 144.53.226.90 > DNSSEC: unsigned > > _______________ > > traceroute to 139.130.4.5 (139.130.4.5), 64 hops max, 40 byte packets > 1 ------------ 0.813 ms 0.350 ms 0.347 ms > 2 ------------ 0.773 ms 1.420 ms 5.011 ms > 3 ------------ 14.454 ms 14.832 ms 14.789 ms > 4 ------------ 14.553 ms 16.984 ms 14.401 ms > 5 ------------ 14.413 ms 14.615 ms 14.066 ms > 6 te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185) 14.343 ms 15.494 ms 14.233 > ms > 7 xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196) 15.073 ms 16.102 ms > 16.001 ms > 8 ae0.cr1.cbr2.on.ii.net (150.101.33.7) 16.761 ms 14.979 ms 14.643 ms > 9 ae2.br1.syd4.on.ii.net (150.101.33.22) 18.526 ms 21.261 ms 18.534 ms > 10 203.8.176.5 (203.8.176.5) 20.021 ms 19.026 ms 19.636 ms > 11 bundle-ether13.ken-edge902.sydney.telstra.net (139.130.214.101) 18.918 > ms 19.201 ms 21.643 ms > 12 bundle-ether14.ken-core10.sydney.telstra.net (203.50.11.96) 21.073 ms > 19.223 ms 23.181 ms > 13 gigabitethernet5-1.pit-service2.sydney.telstra.net (203.50.20.124) > 21.935 ms 19.090 ms 19.341 ms > 14 * * * > 15 * * * > 16 * * > > ______________ > > traceroute to 144.53.226.90 (144.53.226.90), 64 hops max, 40 byte packets > 1 ----------- 10.976 ms 0.992 ms 0.361 ms > 2 ----------- 1.148 ms 1.019 ms 3.286 ms > 3 ----------- 15.018 ms 13.977 ms 14.045 ms > 4 ----------- 24.397 ms 14.901 ms 14.519 ms > 5 ----------- 17.593 ms 14.193 ms 16.235 ms > 6 te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185) 14.313 ms 14.582 ms 14.794 > ms > 7 xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196) 15.105 ms 14.726 ms > 14.874 ms > 8 ae0.cr1.cbr2.on.ii.net (150.101.33.7) 19.050 ms 14.960 ms 17.762 ms > 9 ae2.br1.syd4.on.ii.net (150.101.33.22) 22.196 ms 26.937 ms 44.181 ms > 10 * 203.8.176.5 (203.8.176.5) 18.987 ms 28.516 ms > 11 syd-optus.gw.aapt.net.au (203.8.183.45) 18.684 ms 18.918 ms 19.162 ms > 12 * * * > 13 * * * > 14 * * * > 15 * * * > 16 * * 59.154.142.208 (59.154.142.208) 23.464 ms > 17 * 119.225.50.190 (119.225.50.190) 25.832 ms * > 18 * * * > 19 * * * > 20 * * * > 21 119.225.50.190 (119.225.50.190) 32.199 ms 32.096 ms 32.018 ms > 22 * * * > 23 * * * > 24 * * * > > [Is this a loop I see before me?] > > ______________ > > -- > Roger Clarke http://www.rogerclarke.com/ > > Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA > Tel: +61 2 6288 6916 http://about.me/roger.clarke > mailto:[email protected] http://www.xamax.com.au/ > > Visiting Professor in the Faculty of Law University of N.S.W. > Visiting Professor in Computer Science Australian National University > _______________________________________________ > Link mailing list > [email protected] > http://mailman.anu.edu.au/mailman/listinfo/link -- Kim Holburn IT Network & Security Consultant T: +61 2 61402408 M: +61 404072753 mailto:[email protected] aim://kimholburn skype://kholburn - PGP Public Key on request _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
