Re: [tor-relays] Torservers relay family decreased?
I don't think that niftybunnys reply was that rude, but it could be more efficient. Anyway i wouldn't say this has anything to do with to big to fail, Tobias Westerhever did a really poor job at researching and did not ask anything, instead started speculating random stuff, this is what I would call rude. Get your facts together, before starting shitting on each other, would be the minimum i would expect out of respect. The Internet is different to like it was in the 80s and 90s get used to or you will have no fun. On 13.09.2018 19:11, Paul wrote: Hello Tobias, please stay - this list needs people like you and your curious questions! I was away for a couple of days and feel ashamed that nobody came along to support you or stops this bunny. I assume those Nifty rodents produce a lot of "Stop making shit up, fucking disclaimer, complete bullshit, flying shit, claims shit,..." but must we all read this here? 10-15 percent of Tor reminds me very much on "too big to fail" and the behavior and rudeness in the mentioned mail is very similar to those former bank lords. I personally don't like people showing such kind of attitude in our rows and i really hope there are more, who share my opinion. No matter how big someone here is, or even the bigger he is, the more mindful and sensitive should he act and give example - never losing the higher goals out of sight,why we do this. The given facts probably leave more questions then answers, but I hope some other fellows in here do have interest in them as well and start asking. Paul Am 10.09.2018 um 19:05 schrieb Tobias Westerhever: Hello *, thanks for your replies. Since this topic seems to be overheated by now, I decided not to ask any further questions. In my point of view, some of the confusion was caused due to poor documentation (as Moritz pointed out), some because of tools returning outdated information (HE BGP, for example) - or my own incompetence to interpret them. However, for being new on this list, I did not expect to get answers as rude as nifty one's (<8d6b7146-f094-428f-97ed-f16219b5f...@to-surf-and-protect.net>). I will stop using this mailing list. Best, T. Westerhever ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
His complete story is a pile of bullshit. If you want me out, get me banned, I am happy to throw all the money I am paying every month into blackjack and hookers with my good friend Bender. niftybunny > On 13. Sep 2018, at 19:11, Paul wrote: > > Hello Tobias, > > please stay - this list needs people like you and your curious questions! > I was away for a couple of days and feel ashamed that nobody came along to > support you or stops this bunny. > > I assume those Nifty rodents produce a lot of "Stop making shit up, fucking > disclaimer, complete bullshit, flying shit, claims shit,..." but must we all > read this here? > > 10-15 percent of Tor reminds me very much on "too big to fail" and the > behavior and rudeness in the mentioned mail is very similar to those former > bank lords. > > I personally don't like people showing such kind of attitude in our rows and > i really hope there are more, who share my opinion. > > No matter how big someone here is, or even the bigger he is, the more mindful > and sensitive should he act and give example - never losing the higher goals > out of sight,why we do this. > > The given facts probably leave more questions then answers, but I hope some > other fellows in here do have interest in them as well and start asking. > > Paul > > > > Am 10.09.2018 um 19:05 schrieb Tobias Westerhever: >> Hello *, >> >> thanks for your replies. >> >> Since this topic seems to be overheated by now, I >> decided not to ask any further questions. In my point >> of view, some of the confusion was caused due to poor >> documentation (as Moritz pointed out), some because of >> tools returning outdated information (HE BGP, for example) >> - or my own incompetence to interpret them. >> >> However, for being new on this list, I did not expect >> to get answers as rude as nifty one's >> (<8d6b7146-f094-428f-97ed-f16219b5f...@to-surf-and-protect.net>). >> >> I will stop using this mailing list. >> >> Best, >> T. Westerhever >> >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > <0xC2CCD607C8C330E7.asc>___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
Hello Tobias, please stay - this list needs people like you and your curious questions! I was away for a couple of days and feel ashamed that nobody came along to support you or stops this bunny. I assume those Nifty rodents produce a lot of "Stop making shit up, fucking disclaimer, complete bullshit, flying shit, claims shit,..." but must we all read this here? 10-15 percent of Tor reminds me very much on "too big to fail" and the behavior and rudeness in the mentioned mail is very similar to those former bank lords. I personally don't like people showing such kind of attitude in our rows and i really hope there are more, who share my opinion. No matter how big someone here is, or even the bigger he is, the more mindful and sensitive should he act and give example - never losing the higher goals out of sight,why we do this. The given facts probably leave more questions then answers, but I hope some other fellows in here do have interest in them as well and start asking. Paul Am 10.09.2018 um 19:05 schrieb Tobias Westerhever: > Hello *, > > thanks for your replies. > > Since this topic seems to be overheated by now, I > decided not to ask any further questions. In my point > of view, some of the confusion was caused due to poor > documentation (as Moritz pointed out), some because of > tools returning outdated information (HE BGP, for example) > - or my own incompetence to interpret them. > > However, for being new on this list, I did not expect > to get answers as rude as nifty one's > (<8d6b7146-f094-428f-97ed-f16219b5f...@to-surf-and-protect.net>). > > I will stop using this mailing list. > > Best, > T. Westerhever > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > 0xC2CCD607C8C330E7.asc Description: application/pgp-keys ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
Just so we are on the same page: You accused us to counterfeit to be Zwiebelfreunde, even being a bad (state) actor, did nothing at all to contact us and cant even read simple Interwebs tools. What did you expect? niftybunny > On 10. Sep 2018, at 19:05, Tobias Westerhever > wrote: > > Hello *, > > thanks for your replies. > > Since this topic seems to be overheated by now, I > decided not to ask any further questions. In my point > of view, some of the confusion was caused due to poor > documentation (as Moritz pointed out), some because of > tools returning outdated information (HE BGP, for example) > - or my own incompetence to interpret them. > > However, for being new on this list, I did not expect > to get answers as rude as nifty one's > (<8d6b7146-f094-428f-97ed-f16219b5f...@to-surf-and-protect.net>). > > I will stop using this mailing list. > > Best, > T. Westerhever > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
Hello *, thanks for your replies. Since this topic seems to be overheated by now, I decided not to ask any further questions. In my point of view, some of the confusion was caused due to poor documentation (as Moritz pointed out), some because of tools returning outdated information (HE BGP, for example) - or my own incompetence to interpret them. However, for being new on this list, I did not expect to get answers as rude as nifty one's (<8d6b7146-f094-428f-97ed-f16219b5f...@to-surf-and-protect.net>). I will stop using this mailing list. Best, T. Westerhever ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Torservers relay family decreased? (solved)
› Hello, › › recently, I noticed some strange aspects related to networks › of Torservers/Zwiebelfreunde. Since there was no way to get any › further information on this topic so far, I am posting it here. › Maybe someone can help. Lets recap this for a moment: 1. Every relay of my family has my e-mail. Write an e-mail and ask. Problem solved. 2. The e-mails are running on a domain, registered my me, make a whois lookup for the domain. Problem solved. 3. The /24 IP space is registered by me. Make a RIPE (or whoever provides IP lookup) and you also have my name. Problem solved. 4. Ask someone from Torservers about me. They gave me the /24 for hosting Tor exits. Problem solved. 5. Take a look at the Tor relay mailing list, I was active there. Problem solved. 6. I am an registered InterExchangeCarrier under German law. Ask the Bundesnetzagentur for my Information. Problem solved. 7. The RIPE entries are maintained by F3Netze/Zwiebelfreunde. Ask Tim about me. Problem solved. 8. Write a snail mail letter to my address. Problem solved. 9. Send me a facsimile to my official RIPE abuse records. Problem solved. and the list goes on and on … Welcome to the Interwebs where people ask who you are ... To perfect sum it up: https://i.imgur.com/20wmhNT.jpg › (b) Who is the operator behind family B771AA877687F88E6F1CA5354756DF6C8A7B6B24 ? › There are some /24 IPv4 BGP allocations claiming to belong to the › umbrella organisation "Zwiebelfreunde e.V.", which operate(d|s) › the relay family mentioned above. There is still no family fingerprint. We did not ever claimed to belong to Zwiebelfreunde e.V. Stop making shit up. › I will ask further questions about this in (c) . › › However, there is a _huge_ relay family (27 members, with a › total bandwith of ~ 1,245 MB) located in 185.220.101.0/24 , › which uses Zwiebelfreunde as a contact role and has not been › changed since 2017-09-08. No, we do not. We are the ADMIN-C and the TECH-C. Zwiebelfreunde is just the MNT-REF. Look it up for yourself: https://apps.db.ripe.net/db-web-ui/#/query?bflag=185.220.101.0=RIPE#resultsSection It even has a fucking disclaimer on it: netname: MK-TOR-EXIT remarks: --- remarks: This network is used for Tor Exits. remarks: We do not have any logs at all. remarks: For more information please visit: remarks: https://www.torproject.org remarks: --- remarks: Dieses Netz hostet nur Tor remarks: Exists. Wir haben keinerlei Logs. remarks: Mehr Informationen unter: remarks: https://www.torproject.org The (current) owner of the IPs is: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe=ORG-MK113-RIPE=organisation and the abuse contact: https://apps.db.ripe.net/db-web-ui/#/lookup?source=RIPE=ACRO11287-RIPE=role › The relays itself, however, all use › as contact address (which does not seem to be related to › Zwiebelfreunde at all) and use a description beginning with › "nifty". Have you tried to send uns an e-mail and ask? No? They are not related to Zwiebelfreunde because we are not Zwiebelfreunde. And btw, its Nifty + name of a rodent. Yes, I know hedgehogs are no rodents. But they are cute too. › Since most of them have both Guard and Exit flag assigned, I › figure they are handling a huge consensus weight. No. Complete bullshit. Exit flag indicates thats an Exit and Guard indicates a longer uptime. I can make an relay on a wee DSL line with these flags. It indicates not a huge consensus weight at all. RTFM! › Does anybody know the person/organisation behind them? Yes. › Are they related to Zwiebelfreunde/Torservers? Besides the /24, no. What is the physical location of the servers (BGP claims DE, but upstream AS200052 uses UK)? NL BGP claims DE? BGP is a routing protocol, it claims nothing. It doesnt give a flying shit about countries. It routes packets between different ASs. Show me the BGP routing table. › (c) Strange BGP allocations using Zwiebelfreunde as contact role › At the moment, 9 IPv4 BGP prefixes with a length of /24 are › known to use a contact role pointing to Zwiebelfreunde [4] . › › These are as follows: › - 37.218.246.0/24 (Upstream AS47172 "Greenhost", claims EU, but is likely NL, 0 Tor relays found) › - 193.235.207.0/24(Upstream AS196689 "Digicube", claims EU, but is likely FR, 0 Tor relays found) › - 192.36.61.0/24 (Upstream AS60781 "Leaseweb", claims EU, but is likely NL, 0 Tor relays found) › - 192.36.41.0/24 (Upstream AS34305 "BaseIP", claims EU, but is likely NL, 0 Tor relays found) › - 192.36.27.0/24 (Upstream AS60729 "Zwiebelfreunde" !, claims EU, physical location unknown, 0 Tor relays found) › - 185.220.102.0/24(Upstream AS60729 "Zwiebelfreunde" !, claims EU, physical location unknown, 0 Tor relays found) › - 185.220.101.0/24(Upstream AS200052 "Joshua Peter McQuistan",
Re: [tor-relays] Torservers relay family decreased?
Hi, nusenu: > > Moritz Bartl: >> On 08.09.2018 22:19, Paul wrote: >>> i am glad that somebody else got notice and i agree, suspecting >>> something nasty (or highly unusual) is going on. There was a discussion >>> about that in Berlin in July already >>> https://trac.torproject.org/projects/tor/wiki/org/meetings/BerlinRelayOperatorsMeetupJul18 >>> but no public follow-up since then. >> >> It's weird because nobody asked us, whereas the IP assignments clearly >> point to us (and the meeting even happened in a space I am responsible >> for)... > > > I noted the same thing on 2018-07-25 as well: > https://lists.torproject.org/pipermail/tor-relays/2018-July/015759.html > > maybe a...@torproject.org (author of the wiki page) can clarify? Usually when a person organize a meetup it has the role of collecting/taking notes as the author of this wiki page did. I cannot speak for the people that made the comments/inquiries and that's why we have this list and many more communication channels (such as IRC). Regarding the IP assignments we had a talk at #torservers as well as private chats. I think Moritz clarified the IP assignments situation already. Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
Moritz Bartl: > On 08.09.2018 22:19, Paul wrote: >> i am glad that somebody else got notice and i agree, suspecting >> something nasty (or highly unusual) is going on. There was a discussion >> about that in Berlin in July already >> https://trac.torproject.org/projects/tor/wiki/org/meetings/BerlinRelayOperatorsMeetupJul18 >> but no public follow-up since then. > > It's weird because nobody asked us, whereas the IP assignments clearly > point to us (and the meeting even happened in a space I am responsible > for)... I noted the same thing on 2018-07-25 as well: https://lists.torproject.org/pipermail/tor-relays/2018-July/015759.html maybe a...@torproject.org (author of the wiki page) can clarify? -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
On 08.09.2018 22:19, Paul wrote: > i am glad that somebody else got notice and i agree, suspecting > something nasty (or highly unusual) is going on. There was a discussion > about that in Berlin in July already > https://trac.torproject.org/projects/tor/wiki/org/meetings/BerlinRelayOperatorsMeetupJul18 > but no public follow-up since then. It's weird because nobody asked us, whereas the IP assignments clearly point to us (and the meeting even happened in a space I am responsible for)... > There seems to be a private person who is holding this family > https://metrics.torproject.org/rs.html#search/family:1084200B44021D308EA4253F256794671B1D099A > and ran between 10-15% exit probability in the last six months - which i > personally judge as far too high for a single person, or even an entity. Agreed. I had a longer discussion with nifty around diversity some time ago, but ultimately it is up to individual operators. I have no reason to doubt the legimitate interest of nifty to simply support the Tor network. There used to be times when single operators were in control of 80% of the exit capacity, and we worked hard to get it more diversified. There is a lot of room for improvement, and other networks like OVH see even more Tor traffic... Moritz ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
Hi! On 08.09.2018 09:43, Tobias Westerhever wrote: > (a) Torservers relay family decreased? > The organisation used to maintain much more relays than their > family [1] currently contains. At the moment, only four relays > located in NL belong to them, while the Metrics page indicates > some orphaned family members. Please note: "Torservers" is a umbrella project by 23 organizations https://torservers.net/partners.html , each of which has their own independent infrastructure. So far, only the German founding member Zwiebelfreunde has been using the @torservers.net addresses (which are open to other members as well), which adds to the confusion. We are a bunch of volunteers that are very bad about keeping everything well documented. There is nothing secret or strange happening, just some poor overworked few that have failed to attract flesh blood with time to take over. We have a bunch of exit relays on our own AS https://metrics.torproject.org/rs.html#search/185.220.102 and the NForce ones. We used to run more, but are shutting down more and more because of lack of time to properly maintain everything. > This coincidences with [2], but I am unaware of any announcements > of Torservers/Zwiebelfreunde itself (i.e. tight financial > situation). Does anybody have further details here? It's less a problem of finances, but of time. > (b) Who is the operator behind family > B771AA877687F88E6F1CA5354756DF6C8A7B6B24 ? > There are some /24 IPv4 BGP allocations claiming to belong to the > umbrella organisation "Zwiebelfreunde e.V.", which operate(d|s) > the relay family mentioned above. We became RIPE LIR, and as such have a /22 which we can re-assign to "end users". One such "end user" is nitfy, who was one of the few interested parties who repied to our offer of IP addresses on tor-relays some time back. > However, there is a _huge_ relay family (27 members, with a > total bandwith of ~ 1,245 MB) located in 185.220.101.0/24 , > which uses Zwiebelfreunde as a contact role and has not been > changed since 2017-09-08. 185.220.101.0/24 does not use Zwiebelfreunde as contact role? This is niftys network, which uses IPs provided by Zwiebelfreunde but admin-c and tech-c point to nitfy. > (c) Strange BGP allocations using Zwiebelfreunde as contact role > At the moment, 9 IPv4 BGP prefixes with a length of /24 are > known to use a contact role pointing to Zwiebelfreunde [4] . > > These are as follows: > - 37.218.246.0/24 (Upstream AS47172 "Greenhost", claims EU, but is likely > NL, 0 Tor relays found) > - 193.235.207.0/24(Upstream AS196689 "Digicube", claims EU, but is likely > FR, 0 Tor relays found) > - 192.36.61.0/24 (Upstream AS60781 "Leaseweb", claims EU, but is likely > NL, 0 Tor relays found) > - 192.36.41.0/24 (Upstream AS34305 "BaseIP", claims EU, but is likely > NL, 0 Tor relays found) > - 192.36.27.0/24 (Upstream AS60729 "Zwiebelfreunde" !, claims EU, > physical location unknown, 0 Tor relays found) We used to use those for a larger operation with partner organizations exclusively for bridges and are in the process of removing them and givign them back to the IP provider. > - 185.220.102.0/24(Upstream AS60729 "Zwiebelfreunde" !, claims EU, > physical location unknown, 0 Tor relays found) We use this for exits, which are currently down because of some ongoing maintenance (while I am on vacation writing from a camping site in Italy). > - 185.220.101.0/24(Upstream AS200052 "Joshua Peter McQuistan", claims DE, > physical location unknown, 27 Tor relays found) There should also be 185.220.103.0/24 in use for exits by another organization, and 185.220.104.0/24 currently unassigned. > 2. The appearing relays solely belong to the strange and huge > family mentioned in (b) , which cannot be exactly pinpointed to > be run by Torservers/Zwiebelfreunde. We own the IP space, but have delegated them to other parties for actual exit operation. > 3. I suspected the mentioned IP ranges to be fakely allocated No, everything is correct, just heavily underdocumented and not well maintained. :) Thanks for watching out! Moritz ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
Hi, (it is actually not necessary to speak for Moritz [1] here who is a core Tor person, but maybe the lastest raids[2] made him a bit more busy.) Zwiebelfreunde is a legal body registered in Dresden, Saxony (Germany). You can contact them via https://www.zwiebelfreunde.de/contact.html https://twitter.com/Zwiebelfreunde And watch some videos presenting themselves https://vimeo.com/69580427 On Sat, 08 Sep 2018 20:19:00 + Paul wrote: > Hello Tobias, > > i am glad that somebody else got notice and i agree, suspecting > something nasty (or highly unusual) is going on. There was a > discussion about that in Berlin in July already > https://trac.torproject.org/projects/tor/wiki/org/meetings/BerlinRelayOperatorsMeetupJul18 > but no public follow-up since then. > > There seems to be a private person who is holding this family > https://metrics.torproject.org/rs.html#search/family:1084200B44021D308EA4253F256794671B1D099A > and ran between 10-15% exit probability in the last six months - > which i personally judge as far too high for a single person, or even > an entity. More information you can find > here:https://apility.io/search/185.220.101.20 > > The person got invited to the second meeting in Berlin, but didn't > show up to explain. Maybe they are trying some kind of anonymization to protect their members against criminalization. > Die Zeit bringt Rat. Erwartet's in Geduld! > -- Schiller > > Regards > Paul > > > Tobias Westerhever: > > Hello, > > > > recently, I noticed some strange aspects related to networks > > of Torservers/Zwiebelfreunde. Since there was no way to get any > > further information on this topic so far, I am posting it here. > > Maybe someone can help. Sine i can't help you with technical details, i stop here. Keep them up and running! [1] https://www.torproject.org/about/corepeople.html.en#moritz [2] https://blog.torservers.net/20180704/coordinated-raids-of-zwiebelfreunde-at-various-locations-in-germany.html https://twitter.com/hashtag/zwiebelfreunde -- traumschule.org gpg fingerprint: 9356 4DED 8546 8D9A C290 3605 12EE 7D70 7111 2056 /otr info OTR: traumsch...@irc.indymedia.org fingerprint: OTR: 35AACA83 4564616C B6EBEC66 56B6B2FC C8D572F1 OTR: traumsch...@irc.oftc.net fingerprint: OTR: D1CCD207 B60C1866 56A975AE ACE090E9 45E90846 OTR: traumsch...@chat.freenode.net fingerprint: OTR: 51BF8BB9 434840CC 24F264BC 76450C27 A6AADB12 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Torservers relay family decreased?
Hello Tobias,
i am glad that somebody else got notice and i agree, suspecting
something nasty (or highly unusual) is going on. There was a discussion
about that in Berlin in July already
https://trac.torproject.org/projects/tor/wiki/org/meetings/BerlinRelayOperatorsMeetupJul18
but no public follow-up since then.
There seems to be a private person who is holding this family
https://metrics.torproject.org/rs.html#search/family:1084200B44021D308EA4253F256794671B1D099A
and ran between 10-15% exit probability in the last six months - which i
personally judge as far too high for a single person, or even an entity.
More information you can find here:https://apility.io/search/185.220.101.20
The person got invited to the second meeting in Berlin, but didn't show
up to explain.
Die Zeit bringt Rat. Erwartet's in Geduld!
-- Schiller
Regards
Paul
Tobias Westerhever:
> Hello,
>
> recently, I noticed some strange aspects related to networks
> of Torservers/Zwiebelfreunde. Since there was no way to get any
> further information on this topic so far, I am posting it here.
> Maybe someone can help.
>
> (a) Torservers relay family decreased?
> The organisation used to maintain much more relays than their
> family [1] currently contains. At the moment, only four relays
> located in NL belong to them, while the Metrics page indicates
> some orphaned family members.
>
> This coincidences with [2], but I am unaware of any announcements
> of Torservers/Zwiebelfreunde itself (i.e. tight financial
> situation). Does anybody have further details here?
>
> (b) Who is the operator behind family
> B771AA877687F88E6F1CA5354756DF6C8A7B6B24 ?
> There are some /24 IPv4 BGP allocations claiming to belong to the
> umbrella organisation "Zwiebelfreunde e.V.", which operate(d|s)
> the relay family mentioned above.
>
> I will ask further questions about this in (c) .
>
> However, there is a _huge_ relay family (27 members, with a
> total bandwith of ~ 1,245 MB) located in 185.220.101.0/24 ,
> which uses Zwiebelfreunde as a contact role and has not been
> changed since 2017-09-08.
>
> The relays itself, however, all use
> as contact address (which does not seem to be related to
> Zwiebelfreunde at all) and use a description beginning with
> "nifty".
>
> Since most of them have both Guard and Exit flag assigned, I
> figure they are handling a huge consensus weight. Does anybody
> know the person/organisation behind them? Are they related to
> Zwiebelfreunde/Torservers? What is the physical location of the
> servers (BGP claims DE, but upstream AS200052 uses UK)?
>
> (c) Strange BGP allocations using Zwiebelfreunde as contact role
> At the moment, 9 IPv4 BGP prefixes with a length of /24 are
> known to use a contact role pointing to Zwiebelfreunde [4] .
>
> These are as follows:
> - 37.218.246.0/24 (Upstream AS47172 "Greenhost", claims EU, but is likely
> NL, 0 Tor relays found)
> - 193.235.207.0/24(Upstream AS196689 "Digicube", claims EU, but is likely
> FR, 0 Tor relays found)
> - 192.36.61.0/24 (Upstream AS60781 "Leaseweb", claims EU, but is likely
> NL, 0 Tor relays found)
> - 192.36.41.0/24 (Upstream AS34305 "BaseIP", claims EU, but is likely
> NL, 0 Tor relays found)
> - 192.36.27.0/24 (Upstream AS60729 "Zwiebelfreunde" !, claims EU,
> physical location unknown, 0 Tor relays found)
> - 185.220.102.0/24(Upstream AS60729 "Zwiebelfreunde" !, claims EU,
> physical location unknown, 0 Tor relays found)
> - 185.220.101.0/24(Upstream AS200052 "Joshua Peter McQuistan", claims DE,
> physical location unknown, 27 Tor relays found)
>
> What puzzles me here is:
> 1. None of these networks has any Tor relays known (or Metrics
> does not show them), which is strange as Torservers/Zwiebelfreunde
> is more or less dedicated to operate relays.
>
> 2. The appearing relays solely belong to the strange and huge
> family mentioned in (b) , which cannot be exactly pinpointed to
> be run by Torservers/Zwiebelfreunde.
>
> 3. I suspected the mentioned IP ranges to be fakely allocated,
> but most of them were not changed for more than half a year. Further,
> I never observed any traffic from or to these networks. If anybody
> does, please drop me a line.
>
> 4. All for relays which do belong to Torservers are located in
> AS43350 ("NForce Entertainment") and do not have their own IPv4
> prefix.
>
> ***
>
> As of these coincidences, and the observations mentioned in (a)
> and (b), I suspect something nasty (or highly unusual) is going on,
> but I have no clue what this might be.
>
> It would be great if someone who is in Tor more deeply than I am
> could take a look at this. Also, if there is further information
> available, please tell me.
>
> "Mit dem Wissen wächst der Zweifel. / Doubt grows with knowledge."
> -- Goethe
>
> Best regards,
> T. Westerhever
>
> Links:
> [1]
> https://metrics.torproject.org/rs.html#search/family:0FF233C8D78A17B8DB7C8257D2E05CD5AA7C6B88
> [2]
>
Re: [tor-relays] Torservers relay family decreased?
Am 08.09.2018 um 09:43 schrieb Tobias Westerhever: Hi Tobias I understand your post is about specific larger exit entities. Unfortunately I do not know anything to that. Please let me 2-cent to some of your points. > However, there is a _huge_ relay family (27 members, with a > total bandwith of ~ 1,245 MB) located in 185.220.101.0/24 > The relays itself, however, all use protect.net> as contact address (which does not seem to > be related to Zwiebelfreunde at all) and use a description > beginning with "nifty". > Since most of them have both Guard and Exit flag assigned, > I figure they are handling a huge consensus weight. May-be you check nusenu's page [1] (Thanks n) > What puzzles me here is: > 1. None of these networks has any Tor relays known (or > Metrics does not show them), which is strange as > Torservers/Zwiebelfreunde is more or less dedicated to > operate relays. [2] shows for the extra info [3]: write-history 2018-09-07 16:49:44 (86400 s) 3061375466496,2883907476480,2783203408896,2792948759552,258185472 read-history 2018-09-07 16:49:44 (86400 s) 3076905330688,2882433369088,2788204746752,2786645703680,2708102009856 Which _is_ the bandwidth, but seems not to be displayed on metrics page, though. > Further, > I never observed any traffic from or to these networks. > If anybody does, please drop me a line. I checked some of my guard relays. No connections to: 37.218.246.0/24 193.235.207.0/24 192.36.61.0/24 192.36.41.0/24 192.36.27.0/24 185.220.102.0/24 But active inbound connections to: 185.220.101.0/24 (Tor between 0.3.2.10 and 0.3.3.9) > As of these coincidences, and the observations mentioned > in (a) and (b), I suspect something nasty (or highly unusual) > is going on, but I have no clue what this might be. Thank you for tracing this. [1] https://nusenu.github.io/OrNetStats/ [2] https://metrics.torproject.org/rs.html#details/B771AA877687F88E6F1CA5354756DF6C8A7B6B24 [3] http://185.220.101.32:10032/tor/extra/authority -- Cheers, Felix ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Torservers relay family decreased?
Hello,
recently, I noticed some strange aspects related to networks
of Torservers/Zwiebelfreunde. Since there was no way to get any
further information on this topic so far, I am posting it here.
Maybe someone can help.
(a) Torservers relay family decreased?
The organisation used to maintain much more relays than their
family [1] currently contains. At the moment, only four relays
located in NL belong to them, while the Metrics page indicates
some orphaned family members.
This coincidences with [2], but I am unaware of any announcements
of Torservers/Zwiebelfreunde itself (i.e. tight financial
situation). Does anybody have further details here?
(b) Who is the operator behind family B771AA877687F88E6F1CA5354756DF6C8A7B6B24 ?
There are some /24 IPv4 BGP allocations claiming to belong to the
umbrella organisation "Zwiebelfreunde e.V.", which operate(d|s)
the relay family mentioned above.
I will ask further questions about this in (c) .
However, there is a _huge_ relay family (27 members, with a
total bandwith of ~ 1,245 MB) located in 185.220.101.0/24 ,
which uses Zwiebelfreunde as a contact role and has not been
changed since 2017-09-08.
The relays itself, however, all use
as contact address (which does not seem to be related to
Zwiebelfreunde at all) and use a description beginning with
"nifty".
Since most of them have both Guard and Exit flag assigned, I
figure they are handling a huge consensus weight. Does anybody
know the person/organisation behind them? Are they related to
Zwiebelfreunde/Torservers? What is the physical location of the
servers (BGP claims DE, but upstream AS200052 uses UK)?
(c) Strange BGP allocations using Zwiebelfreunde as contact role
At the moment, 9 IPv4 BGP prefixes with a length of /24 are
known to use a contact role pointing to Zwiebelfreunde [4] .
These are as follows:
- 37.218.246.0/24 (Upstream AS47172 "Greenhost", claims EU, but is likely
NL, 0 Tor relays found)
- 193.235.207.0/24 (Upstream AS196689 "Digicube", claims EU, but is likely
FR, 0 Tor relays found)
- 192.36.61.0/24(Upstream AS60781 "Leaseweb", claims EU, but is likely
NL, 0 Tor relays found)
- 192.36.41.0/24(Upstream AS34305 "BaseIP", claims EU, but is likely
NL, 0 Tor relays found)
- 192.36.27.0/24(Upstream AS60729 "Zwiebelfreunde" !, claims EU,
physical location unknown, 0 Tor relays found)
- 185.220.102.0/24 (Upstream AS60729 "Zwiebelfreunde" !, claims EU,
physical location unknown, 0 Tor relays found)
- 185.220.101.0/24 (Upstream AS200052 "Joshua Peter McQuistan", claims DE,
physical location unknown, 27 Tor relays found)
What puzzles me here is:
1. None of these networks has any Tor relays known (or Metrics
does not show them), which is strange as Torservers/Zwiebelfreunde
is more or less dedicated to operate relays.
2. The appearing relays solely belong to the strange and huge
family mentioned in (b) , which cannot be exactly pinpointed to
be run by Torservers/Zwiebelfreunde.
3. I suspected the mentioned IP ranges to be fakely allocated,
but most of them were not changed for more than half a year. Further,
I never observed any traffic from or to these networks. If anybody
does, please drop me a line.
4. All for relays which do belong to Torservers are located in
AS43350 ("NForce Entertainment") and do not have their own IPv4
prefix.
***
As of these coincidences, and the observations mentioned in (a)
and (b), I suspect something nasty (or highly unusual) is going on,
but I have no clue what this might be.
It would be great if someone who is in Tor more deeply than I am
could take a look at this. Also, if there is further information
available, please tell me.
"Mit dem Wissen wächst der Zweifel. / Doubt grows with knowledge."
-- Goethe
Best regards,
T. Westerhever
Links:
[1]
https://metrics.torproject.org/rs.html#search/family:0FF233C8D78A17B8DB7C8257D2E05CD5AA7C6B88
[2]
https://blog.torservers.net/20180704/coordinated-raids-of-zwiebelfreunde-at-various-locations-in-germany.html
[3]
https://metrics.torproject.org/rs.html#search/family:B771AA877687F88E6F1CA5354756DF6C8A7B6B24
[4] https://bgp.he.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
