› Hello, › › recently, I noticed some strange aspects related to networks › of Torservers/Zwiebelfreunde. Since there was no way to get any › further information on this topic so far, I am posting it here. › Maybe someone can help.
Lets recap this for a moment:
1. Every relay of my family has my e-mail. Write an e-mail and ask. Problem solved.
2. The e-mails are running on a domain, registered my me, make a whois lookup for the domain. Problem solved.
3. The /24 IP space is registered by me. Make a RIPE (or whoever provides IP lookup) and you also have my name. Problem solved.
4. Ask someone from Torservers about me. They gave me the /24 for hosting Tor exits. Problem solved.
5. Take a look at the Tor relay mailing list, I was active there. Problem solved.
6. I am an registered InterExchangeCarrier under German law. Ask the Bundesnetzagentur for my Information. Problem solved.
7. The RIPE entries are maintained by F3Netze/Zwiebelfreunde. Ask Tim about me. Problem solved.
8. Write a snail mail letter to my address. Problem solved.
9. Send me a facsimile to my official RIPE abuse records. Problem solved.
and the list goes on and on … Welcome to the Interwebs where people ask who you are ...
To perfect sum it up:
https://i.imgur.com/20wmhNT.jpg
› (b) Who is the operator behind family B771AA877687F88E6F1CA5354756DF6C8A7B6B24 ? › There are some /24 IPv4 BGP allocations claiming to belong to the › umbrella organisation "Zwiebelfreunde e.V.", which operate(d|s) › the relay family mentioned above.
There is still no family fingerprint. We did not ever claimed to belong to Zwiebelfreunde e.V. Stop making shit up.
› I will ask further questions about this in (c) . › › However, there is a _huge_ relay family (27 members, with a › total bandwith of ~ 1,245 MB) located in 185.220.101.0/24 , › which uses Zwiebelfreunde as a contact role and has not been › changed since 2017-09-08.
No, we do not.
We are the ADMIN-C and the TECH-C. Zwiebelfreunde is just the MNT-REF. Look it up for yourself:
https://apps.db.ripe.net/db-web-ui/#/query?bflag&searchtext=185.220.101....
It even has a fucking disclaimer on it:
netname: MK-TOR-EXIT remarks: ----------------------------------- remarks: This network is used for Tor Exits. remarks: We do not have any logs at all. remarks: For more information please visit: remarks: https://www.torproject.org remarks: ----------------------------------- remarks: Dieses Netz hostet nur Tor remarks: Exists. Wir haben keinerlei Logs. remarks: Mehr Informationen unter: remarks: https://www.torproject.org
The (current) owner of the IPs is: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=ORG-MK113-RI...
and the abuse contact:
https://apps.db.ripe.net/db-web-ui/#/lookup?source=RIPE&key=ACRO11287-RI...
› The relays itself, however, all use <abuse at to-surf-and-protect.net> › as contact address (which does not seem to be related to › Zwiebelfreunde at all) and use a description beginning with › "nifty".
Have you tried to send uns an e-mail and ask? No? They are not related to Zwiebelfreunde because we are not Zwiebelfreunde. And btw, its Nifty + name of a rodent. Yes, I know hedgehogs are no rodents. But they are cute too.
› Since most of them have both Guard and Exit flag assigned, I › figure they are handling a huge consensus weight.
No. Complete bullshit. Exit flag indicates thats an Exit and Guard indicates a longer uptime. I can make an relay on a wee DSL line with these flags. It indicates not a huge consensus weight at all. RTFM!
› Does anybody know the person/organisation behind them?
Yes.
› Are they related to Zwiebelfreunde/Torservers?
Besides the /24, no.
What is the physical location of the servers (BGP claims DE, but upstream AS200052 uses UK)?
NL
BGP claims DE? BGP is a routing protocol, it claims nothing. It doesnt give a flying shit about countries. It routes packets between different ASs. Show me the BGP routing table.
› (c) Strange BGP allocations using Zwiebelfreunde as contact role › At the moment, 9 IPv4 BGP prefixes with a length of /24 are › known to use a contact role pointing to Zwiebelfreunde [4] . › › These are as follows: › - 37.218.246.0/24 (Upstream AS47172 "Greenhost", claims EU, but is likely NL, 0 Tor relays found) › - 193.235.207.0/24 (Upstream AS196689 "Digicube", claims EU, but is likely FR, 0 Tor relays found) › - 192.36.61.0/24 (Upstream AS60781 "Leaseweb", claims EU, but is likely NL, 0 Tor relays found) › - 192.36.41.0/24 (Upstream AS34305 "BaseIP", claims EU, but is likely NL, 0 Tor relays found) › - 192.36.27.0/24 (Upstream AS60729 "Zwiebelfreunde" !, claims EU, physical location unknown, 0 Tor relays found) › - 185.220.102.0/24 (Upstream AS60729 "Zwiebelfreunde" !, claims EU, physical location unknown, 0 Tor relays found) › - 185.220.101.0/24 (Upstream AS200052 "Joshua Peter McQuistan", claims DE, physical location unknown, 27 Tor relays found)
BGP still claims shit. BGP is still a routing protocol. Look at a looking glas server and start reading RTFs.
› What puzzles me here is: › 1. None of these networks has any Tor relays known (or Metrics › does not show them), which is strange as Torservers/Zwiebelfreunde › is more or less dedicated to operate relays.
https://nusenu.github.io/OrNetStats/
https://metrics.torproject.org/rs.html
› 2. The appearing relays solely belong to the strange and huge › family mentioned in (b) , which cannot be exactly pinpointed to › be run by Torservers/Zwiebelfreunde.
Yeah, these strange and huge relays are here for over 3 years, growing.
Nusenu twitter page, https://twitter.com/nusenu_ , you should check it out.
› 3. I suspected the mentioned IP ranges to be fakely allocated, › but most of them were not changed for more than half a year. Further, › I never observed any traffic from or to these networks. If anybody › does, please drop me a line.
Yes! Complete right! You just destroyed our super secret FBI/NSA/BND/MI6 plan to take over the Tor network. Good job, Sherlock!
› As of these coincidences, and the observations mentioned in (a) › and (b), I suspect something nasty (or highly unusual) is going on, › but I have no clue what this might be.
100% perfect conclusion. Good job, Sherlock!
› It would be great if someone who is in Tor more deeply than I am › could take a look at this. Also, if there is further information › available, please tell me.
› "Mit dem Wissen wächst der Zweifel. / Doubt grows with knowledge." › -- Goethe
› Best regards, › T. Westerhever
Whatever,
niftybunny
Hello *,
thanks for your replies.
Since this topic seems to be overheated by now, I decided not to ask any further questions. In my point of view, some of the confusion was caused due to poor documentation (as Moritz pointed out), some because of tools returning outdated information (HE BGP, for example) - or my own incompetence to interpret them.
However, for being new on this list, I did not expect to get answers as rude as nifty one's (8D6B7146-F094-428F-97ED-F16219B5F480@to-surf-and-protect.net).
I will stop using this mailing list.
Best, T. Westerhever
Just so we are on the same page:
You accused us to counterfeit to be Zwiebelfreunde, even being a bad (state) actor, did nothing at all to contact us and cant even read simple Interwebs tools.
What did you expect?
niftybunny
On 10. Sep 2018, at 19:05, Tobias Westerhever tobias.westerhever@skyline.link38.eu wrote:
Hello *,
thanks for your replies.
Since this topic seems to be overheated by now, I decided not to ask any further questions. In my point of view, some of the confusion was caused due to poor documentation (as Moritz pointed out), some because of tools returning outdated information (HE BGP, for example)
- or my own incompetence to interpret them.
However, for being new on this list, I did not expect to get answers as rude as nifty one's (8D6B7146-F094-428F-97ED-F16219B5F480@to-surf-and-protect.net).
I will stop using this mailing list.
Best, T. Westerhever
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hello Tobias,
please stay - this list needs people like you and your curious questions! I was away for a couple of days and feel ashamed that nobody came along to support you or stops this bunny.
I assume those Nifty rodents produce a lot of "Stop making shit up, fucking disclaimer, complete bullshit, flying shit, claims shit,..." but must we all read this here?
10-15 percent of Tor reminds me very much on "too big to fail" and the behavior and rudeness in the mentioned mail is very similar to those former bank lords.
I personally don't like people showing such kind of attitude in our rows and i really hope there are more, who share my opinion.
No matter how big someone here is, or even the bigger he is, the more mindful and sensitive should he act and give example - never losing the higher goals out of sight,why we do this.
The given facts probably leave more questions then answers, but I hope some other fellows in here do have interest in them as well and start asking.
Paul
Am 10.09.2018 um 19:05 schrieb Tobias Westerhever:
Hello *,
thanks for your replies.
Since this topic seems to be overheated by now, I decided not to ask any further questions. In my point of view, some of the confusion was caused due to poor documentation (as Moritz pointed out), some because of tools returning outdated information (HE BGP, for example)
- or my own incompetence to interpret them.
However, for being new on this list, I did not expect to get answers as rude as nifty one's (8D6B7146-F094-428F-97ED-F16219B5F480@to-surf-and-protect.net).
I will stop using this mailing list.
Best, T. Westerhever
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
His complete story is a pile of bullshit.
If you want me out, get me banned, I am happy to throw all the money I am paying every month into blackjack and hookers with my good friend Bender.
niftybunny
On 13. Sep 2018, at 19:11, Paul pa011@web.de wrote:
Hello Tobias,
please stay - this list needs people like you and your curious questions! I was away for a couple of days and feel ashamed that nobody came along to support you or stops this bunny.
I assume those Nifty rodents produce a lot of "Stop making shit up, fucking disclaimer, complete bullshit, flying shit, claims shit,..." but must we all read this here?
10-15 percent of Tor reminds me very much on "too big to fail" and the behavior and rudeness in the mentioned mail is very similar to those former bank lords.
I personally don't like people showing such kind of attitude in our rows and i really hope there are more, who share my opinion.
No matter how big someone here is, or even the bigger he is, the more mindful and sensitive should he act and give example - never losing the higher goals out of sight,why we do this.
The given facts probably leave more questions then answers, but I hope some other fellows in here do have interest in them as well and start asking.
Paul
Am 10.09.2018 um 19:05 schrieb Tobias Westerhever:
Hello *,
thanks for your replies.
Since this topic seems to be overheated by now, I decided not to ask any further questions. In my point of view, some of the confusion was caused due to poor documentation (as Moritz pointed out), some because of tools returning outdated information (HE BGP, for example)
- or my own incompetence to interpret them.
However, for being new on this list, I did not expect to get answers as rude as nifty one's (8D6B7146-F094-428F-97ED-F16219B5F480@to-surf-and-protect.net).
I will stop using this mailing list.
Best, T. Westerhever
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
<0xC2CCD607C8C330E7.asc>_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I don't think that niftybunnys reply was that rude, but it could be more efficient.
Anyway i wouldn't say this has anything to do with to big to fail, Tobias Westerhever did a really poor job at researching and did not ask anything, instead started speculating random stuff, this is what I would call rude. Get your facts together, before starting shitting on each other, would be the minimum i would expect out of respect. The Internet is different to like it was in the 80s and 90s get used to or you will have no fun.
On 13.09.2018 19:11, Paul wrote:
Hello Tobias,
please stay - this list needs people like you and your curious questions! I was away for a couple of days and feel ashamed that nobody came along to support you or stops this bunny.
I assume those Nifty rodents produce a lot of "Stop making shit up, fucking disclaimer, complete bullshit, flying shit, claims shit,..." but must we all read this here?
10-15 percent of Tor reminds me very much on "too big to fail" and the behavior and rudeness in the mentioned mail is very similar to those former bank lords.
I personally don't like people showing such kind of attitude in our rows and i really hope there are more, who share my opinion.
No matter how big someone here is, or even the bigger he is, the more mindful and sensitive should he act and give example - never losing the higher goals out of sight,why we do this.
The given facts probably leave more questions then answers, but I hope some other fellows in here do have interest in them as well and start asking.
Paul
Am 10.09.2018 um 19:05 schrieb Tobias Westerhever:
Hello *,
thanks for your replies.
Since this topic seems to be overheated by now, I decided not to ask any further questions. In my point of view, some of the confusion was caused due to poor documentation (as Moritz pointed out), some because of tools returning outdated information (HE BGP, for example)
- or my own incompetence to interpret them.
However, for being new on this list, I did not expect to get answers as rude as nifty one's (8D6B7146-F094-428F-97ED-F16219B5F480@to-surf-and-protect.net).
I will stop using this mailing list.
Best, T. Westerhever
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
niftybunny -
Paul -
root -
Tobias Westerhever