[tor-relays] Torservers relay family decreased?

Sat Sep 8 21:24:36 UTC 2018

Hi!

On 08.09.2018 09:43, Tobias Westerhever wrote:
> (a) Torservers relay family decreased?
> The organisation used to maintain much more relays than their
> family [1] currently contains. At the moment, only four relays
> located in NL belong to them, while the Metrics page indicates
> some orphaned family members.

Please note: "Torservers" is a umbrella project by 23 organizations
https://torservers.net/partners.html , each of which has their own
independent infrastructure. So far, only the German founding member
Zwiebelfreunde has been using the @torservers.net addresses (which are
open to other members as well), which adds to the confusion.

We are a bunch of volunteers that are very bad about keeping everything
well documented. There is nothing secret or strange happening, just some
poor overworked few that have failed to attract flesh blood with time to
take over.

We have a bunch of exit relays on our own AS
https://metrics.torproject.org/rs.html#search/185.220.102 and the NForce
ones. We used to run more, but are shutting down more and more because
of lack of time to properly maintain everything.

> This coincidences with [2], but I am unaware of any announcements
> of Torservers/Zwiebelfreunde itself (i.e. tight financial
> situation). Does anybody have further details here?

It's less a problem of finances, but of time.

> (b) Who is the operator behind family B771AA877687F88E6F1CA5354756DF6C8A7B6B24 ?
> There are some /24 IPv4 BGP allocations claiming to belong to the
> umbrella organisation "Zwiebelfreunde e.V.", which operate(d|s)
> the relay family mentioned above.

We became RIPE LIR, and as such have a /22 which we can re-assign to
"end users". One such "end user" is nitfy, who was one of the few
interested parties who repied to our offer of IP addresses on tor-relays
some time back.

> However, there is a _huge_ relay family (27 members, with a
> total bandwith of ~ 1,245 MB) located in 185.220.101.0/24 ,
> which uses Zwiebelfreunde as a contact role and has not been
> changed since 2017-09-08.

185.220.101.0/24 does not use Zwiebelfreunde as contact role? This is
niftys network, which uses IPs provided by Zwiebelfreunde but admin-c
and tech-c point to nitfy.

> (c) Strange BGP allocations using Zwiebelfreunde as contact role
> At the moment, 9 IPv4 BGP prefixes with a length of /24 are
> known to use a contact role pointing to Zwiebelfreunde [4] .
> 
> These are as follows:
> - 37.218.246.0/24	(Upstream AS47172 "Greenhost", claims EU, but is likely NL, 0 Tor relays found)
> - 193.235.207.0/24	(Upstream AS196689 "Digicube", claims EU, but is likely FR, 0 Tor relays found)
> - 192.36.61.0/24	(Upstream AS60781 "Leaseweb", claims EU, but is likely NL, 0 Tor relays found)
> - 192.36.41.0/24	(Upstream AS34305 "BaseIP", claims EU, but is likely NL, 0 Tor relays found)
> - 192.36.27.0/24	(Upstream AS60729 "Zwiebelfreunde" !, claims EU, physical location unknown, 0 Tor relays found)

We used to use those for a larger operation with partner organizations
exclusively for bridges and are in the process of removing them and
givign them back to the IP provider.

> - 185.220.102.0/24	(Upstream AS60729 "Zwiebelfreunde" !, claims EU, physical location unknown, 0 Tor relays found)

We use this for exits, which are currently down because of some ongoing
maintenance (while I am on vacation writing from a camping site in Italy).

> - 185.220.101.0/24	(Upstream AS200052 "Joshua Peter McQuistan", claims DE, physical location unknown, 27 Tor relays found)

There should also be 185.220.103.0/24 in use for exits by another
organization, and 185.220.104.0/24 currently unassigned.

> 2. The appearing relays solely belong to the strange and huge
> family mentioned in (b) , which cannot be exactly pinpointed to
> be run by Torservers/Zwiebelfreunde.

We own the IP space, but have delegated them to other parties for actual
exit operation.

> 3. I suspected the mentioned IP ranges to be fakely allocated
No, everything is correct, just heavily underdocumented and not well
maintained. :)

Thanks for watching out!

Moritz