Am 08.09.2018 um 09:43 schrieb Tobias Westerhever: Hi Tobias
I understand your post is about specific larger exit entities. Unfortunately I do not know anything to that. Please let me 2-cent to some of your points.
However, there is a _huge_ relay family (27 members, with a total bandwith of ~ 1,245 MB) located in 185.220.101.0/24
The relays itself, however, all use <abuse@to-surf-and- protect.net> as contact address (which does not seem to be related to Zwiebelfreunde at all) and use a description beginning with "nifty". Since most of them have both Guard and Exit flag assigned, I figure they are handling a huge consensus weight.
May-be you check nusenu's page [1] (Thanks n)
What puzzles me here is:
- None of these networks has any Tor relays known (or
Metrics does not show them), which is strange as Torservers/Zwiebelfreunde is more or less dedicated to operate relays.
[2] shows for the extra info [3]: write-history 2018-09-07 16:49:44 (86400 s) 3061375466496,2883907476480,2783203408896,2792948759552,2777758185472 read-history 2018-09-07 16:49:44 (86400 s) 3076905330688,2882433369088,2788204746752,2786645703680,2708102009856 Which _is_ the bandwidth, but seems not to be displayed on metrics page, though.
Further, I never observed any traffic from or to these networks. If anybody does, please drop me a line.
I checked some of my guard relays. No connections to: 37.218.246.0/24 193.235.207.0/24 192.36.61.0/24 192.36.41.0/24 192.36.27.0/24 185.220.102.0/24 But active inbound connections to: 185.220.101.0/24 (Tor between 0.3.2.10 and 0.3.3.9)
As of these coincidences, and the observations mentioned in (a) and (b), I suspect something nasty (or highly unusual) is going on, but I have no clue what this might be.
Thank you for tracing this.
[1] https://nusenu.github.io/OrNetStats/ [2] https://metrics.torproject.org/rs.html#details/B771AA877687F88E6F1CA5354756D... [3] http://185.220.101.32:10032/tor/extra/authority