[tor-talk] Possible Whois demasking of Tor using
Alan Hiew
alanhiew at openmailbox.org
Sun Oct 12 09:33:16 UTC 2014
Hello, listers!
I have detected that some IP addres of obfs3 briges have demasking
WHOIS information.
For example
obfs3 bridge with IP at range 192.36.31.0 - 192.36.31.255
(there are several bridges; I dont want to publish it at the list but
can send by private messages if somebody wants).
RIPE WhoIs tool at https://apps.db.ripe.net/search/query.html
reports on this address:
--------------------------
inetnum: 192.36.31.0 - 192.36.31.255
netname: ZWIEBELFREUNDE
descr: Zwiebelfreunde e.V.
...
address: Palaisplatz 3
address: 01097 Dresden
address: Germany
phone: +49-351-21296018
fax-no: +49-911-3084466748
abuse-mailbox: abuse at torservers.net
remarks: ---------------------------------
remarks: This network is used for research
remarks: in anonymization services and
remarks: provides Tor exit nodes to end
remarks: users.
remarks: ---------------------------------
remarks: Dieser Netzblock wird zur
remarks: Erforschung von Anonymisierungs-
remarks: techniken genutzt und stellt
remarks: Endnutzern Tor zur Verfuegung.
remarks: ---------------------------------
remarks: http://www.torservers.net/abuse.html
remarks: ---------------------------------
nic-hdl: MB22990-RIPE
---------------------------
I think these whois data and remarks easy can demasking using
of Tor network by ISPs. Also it may cause blocking of bridges IP in
some areas.
194.132.208.0 - 194.132.208.255 IP range has the same problem.
I wrote to Tor developers about this but have no answer received yet.
WBR, Michael Hock
More information about the tor-talk
mailing list