[LINK] RFI: Census Site Implosion

Marghanita da Cruz marghanita at ramin.com.au
Tue Aug 9 21:57:23 AEST 2016


    And now I get this:


    "We are experiencing a high volume of calls
    <http://help.census.abs.gov.au/help/popquestions>

Do not worry if you have not received your Census materials. You will 
not be fined if you complete your Census after Census night. Try calling 
again after August 10 when we expect call volumes to reduce."

Marghanita



On 09/08/16 21:51, Marghanita da Cruz wrote:
> Just got onto the site after not being able to earlier this evening.
> This is what I got.
>
> "Log in to your 2016 Census
>
>  * Thank you for participating in the Census. The system is very busy
>    at the moment. Please wait for 15 minutes before trying again. Your
>    patience and cooperation are appreciated. [code 9]
>  * JavaScript is required to use this online form. Please enable
>    JavaScript on your device or for assistance call the Census Inquiry
>    Service on 1300 214 531. [code 950]"
>
> I expect like the election Government Agencies are feeling budget cuts.
>
> Marghanita
>
>
> On 09/08/16 21:00, Roger Clarke wrote:
>> [Declaration:  I've been knee-deep in the policy aspects of the 
>> Census since March.  But this question is specifically about the 
>> technical aspects of the site.]
>>
>> The comprehensiveness of the debacle during the evening of the Census 
>> seems to me to challenge the normal presumption that you choose 
>> incompetence over vindictiveness.
>>
>> I'm not so much suggesting that either ABS insiders or IBM staff 
>> might have indulged in sabotage.  (Now that *would* be 
>> significant!).  But I'm wondering whether some skilled hackers might 
>> have done so.
>>
>> Alright, allow for both, e.g.:
>> (1) inadequate implementation and hence easily-found vulnerabilities, 
>> and
>> (2) script-kiddies using mainstream attack tools.
>> (Apologies if I'm using dated terminology).
>>
>> In case they're of use for the purposes of collaborative post-debacle 
>> sleuthing, a couple of snapshots are below.
>>
>> Two aspects of the whois listing are contributors to my suspicions:
>>> Updated 23 minutes ago
>>       The snapshot was taken c. 20:30 UT+10
>>       OTOH, Last Modified shows 22-Mar-2016 05:20:10 UTC
>>> DNSSEC:   unsigned
>> Okay, given that the traceroutes to *both* DNS-servers get nowhere 
>> fast, there's a possibility that some of the nearby networks weren't 
>> scaled for the hammering that they got this evening?  (Self-inflicted 
>> DDOS?).
>>
>> But, as linkers know, I'm not very good once we get under the bonnet ...
>>
>> ________
>>
>>
>> ; <<>> DiG 9.3.6-APPLE-P2 <<>> abs.gov.au any
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48375
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
>>
>> ;; QUESTION SECTION:
>> ;abs.gov.au.            IN    ANY
>>
>> ;; ANSWER SECTION:
>> abs.gov.au.        3846    IN    A    144.53.228.30
>> abs.gov.au.        2089    IN    NS    ns1.abs.gov.au.
>> abs.gov.au.        2089    IN    NS    ns1.telstra.net.
>>
>> ;; AUTHORITY SECTION:
>> abs.gov.au.        2089    IN    NS    ns1.telstra.net.
>> abs.gov.au.        2089    IN    NS    ns1.abs.gov.au.
>>
>> ;; ADDITIONAL SECTION:
>> ns1.abs.gov.au.        6397    IN    A    144.53.226.90
>> ns1.telstra.net.    54738    IN    A    139.130.4.5
>>
>> ;; Query time: 17 msec
>> ;; SERVER: 192.168.2.1#53(192.168.2.1)
>> ;; WHEN: Tue Aug  9 20:28:38 2016
>> ;; MSG SIZE  rcvd: 151
>>
>> _____________
>>
>> http://www.whois.com/whois/abs.gov.au
>> abs.gov.au registry whois
>>
>> Updated 23 minutes ago - Refresh
>>
>> Domain Name:                     abs.gov.au
>> Last Modified:                   22-Mar-2016 05:20:10 UTC
>> Status:                          ok
>> Registrar Name:                  Digital Transformation Office
>>
>> Registrant:                      Australian Bureau of Statistics
>> Registrant ID:                   OTHER n/a
>> Eligibility Type:                Other
>>
>> Registrant Contact ID:           GOVAU-WAAR1000
>> Registrant Contact Name:         Duncan Anderson
>> Registrant Contact Email:        Visit whois.ausregistry.com.au for 
>> Web based WhoIs
>>
>> Tech Contact ID:                 GOVAU-WAAR1001
>> Tech Contact Name:               Duncan Anderson
>> Tech Contact Email:              Visit whois.ausregistry.com.au for 
>> Web based WhoIs
>>
>> Name Server:                     ns1.telstra.net
>> Name Server:                     ns1.abs.gov.au
>> Name Server IP:                  144.53.226.90
>> DNSSEC:                          unsigned
>>
>> _______________
>>
>> traceroute to 139.130.4.5 (139.130.4.5), 64 hops max, 40 byte packets
>>   1  ------------  0.813 ms  0.350 ms  0.347 ms
>>   2  ------------  0.773 ms  1.420 ms  5.011 ms
>>   3  ------------  14.454 ms  14.832 ms  14.789 ms
>>   4  ------------  14.553 ms  16.984 ms  14.401 ms
>>   5  ------------  14.413 ms  14.615 ms  14.066 ms
>>   6  te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185)  14.343 ms 15.494 
>> ms  14.233 ms
>>   7  xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196)  15.073 ms  
>> 16.102 ms  16.001 ms
>>   8  ae0.cr1.cbr2.on.ii.net (150.101.33.7)  16.761 ms  14.979 ms  
>> 14.643 ms
>>   9  ae2.br1.syd4.on.ii.net (150.101.33.22)  18.526 ms  21.261 ms  
>> 18.534 ms
>> 10  203.8.176.5 (203.8.176.5)  20.021 ms  19.026 ms  19.636 ms
>> 11  bundle-ether13.ken-edge902.sydney.telstra.net (139.130.214.101)  
>> 18.918 ms  19.201 ms  21.643 ms
>> 12  bundle-ether14.ken-core10.sydney.telstra.net (203.50.11.96) 
>> 21.073 ms  19.223 ms  23.181 ms
>> 13  gigabitethernet5-1.pit-service2.sydney.telstra.net 
>> (203.50.20.124)  21.935 ms  19.090 ms  19.341 ms
>> 14  * * *
>> 15  * * *
>> 16  * *
>>
>> ______________
>>
>> traceroute to 144.53.226.90 (144.53.226.90), 64 hops max, 40 byte 
>> packets
>>   1  -----------  10.976 ms  0.992 ms  0.361 ms
>>   2  -----------  1.148 ms  1.019 ms  3.286 ms
>>   3  -----------  15.018 ms  13.977 ms  14.045 ms
>>   4  -----------  24.397 ms  14.901 ms  14.519 ms
>>   5  -----------  17.593 ms  14.193 ms  16.235 ms
>>   6  te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185)  14.313 ms 14.582 
>> ms  14.794 ms
>>   7  xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196)  15.105 ms  
>> 14.726 ms  14.874 ms
>>   8  ae0.cr1.cbr2.on.ii.net (150.101.33.7)  19.050 ms  14.960 ms  
>> 17.762 ms
>>   9  ae2.br1.syd4.on.ii.net (150.101.33.22)  22.196 ms  26.937 ms  
>> 44.181 ms
>> 10  * 203.8.176.5 (203.8.176.5)  18.987 ms  28.516 ms
>> 11  syd-optus.gw.aapt.net.au (203.8.183.45)  18.684 ms  18.918 ms  
>> 19.162 ms
>> 12  * * *
>> 13  * * *
>> 14  * * *
>> 15  * * *
>> 16  * * 59.154.142.208 (59.154.142.208)  23.464 ms
>> 17  * 119.225.50.190 (119.225.50.190)  25.832 ms *
>> 18  * * *
>> 19  * * *
>> 20  * * *
>> 21  119.225.50.190 (119.225.50.190)  32.199 ms  32.096 ms 32.018 ms
>> 22  * * *
>> 23  * * *
>> 24  * * *
>>
>> [Is this a loop I see before me?]
>>
>> ______________
>>
>

-- 
Marghanita da Cruz
Telephone: 0414-869202
Email:  marghanita at ramin.com.au
Website: http://ramin.com.au




More information about the Link mailing list