[tor-relays] Torservers relay family decreased?

Felix zwiebel at quantentunnel.de
Sat Sep 8 17:15:34 UTC 2018


Am 08.09.2018 um 09:43 schrieb Tobias Westerhever:
Hi Tobias

I understand your post is about specific larger exit entities.
Unfortunately I do not know anything to that. Please let me 2-cent to
some of your points.

> However, there is a _huge_ relay family (27 members, with a
> total bandwith of ~ 1,245 MB) located in 185.220.101.0/24

> The relays itself, however, all use <abuse at to-surf-and-
> protect.net> as contact address (which does not seem to
> be related to Zwiebelfreunde at all) and use a description
> beginning with "nifty".
> Since most of them have both Guard and Exit flag assigned,
> I figure they are handling a huge consensus weight.
May-be you check nusenu's page [1] (Thanks n)

> What puzzles me here is:
> 1. None of these networks has any Tor relays known (or
> Metrics does not show them), which is strange as
> Torservers/Zwiebelfreunde is more or less dedicated to
> operate relays.
[2] shows for the extra info [3]:
write-history 2018-09-07 16:49:44 (86400 s)
3061375466496,2883907476480,2783203408896,2792948759552,2777758185472
read-history 2018-09-07 16:49:44 (86400 s)
3076905330688,2882433369088,2788204746752,2786645703680,2708102009856
Which _is_ the bandwidth, but seems not to be displayed on metrics page,
though.

> Further,
> I never observed any traffic from or to these networks.
> If anybody does, please drop me a line.
I checked some of my guard relays. No connections to:
37.218.246.0/24 193.235.207.0/24 192.36.61.0/24 192.36.41.0/24
192.36.27.0/24 185.220.102.0/24
But active inbound connections to:
185.220.101.0/24 (Tor between 0.3.2.10 and 0.3.3.9)

> As of these coincidences, and the observations mentioned
> in (a) and (b), I suspect something nasty (or highly unusual)
> is going on, but I have no clue what this might be.
Thank you for tracing this.

[1] https://nusenu.github.io/OrNetStats/
[2]
https://metrics.torproject.org/rs.html#details/B771AA877687F88E6F1CA5354756DF6C8A7B6B24
[3] http://185.220.101.32:10032/tor/extra/authority


-- 
Cheers, Felix


More information about the tor-relays mailing list