[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Possible Whois demasking of Tor using

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Possible Whois demasking of Tor using
From: Alan Hiew <alanhiew@xxxxxxxxxxxxxxx>
Date: Sun, 12 Oct 2014 09:33:16 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 12 Oct 2014 05:42:24 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=openmailbox.org; h=content-transfer-encoding:content-type:content-type :mime-version:message-id:subject:subject:from:from:date:date :received; s=openmailbox; t=1413106404; bh=jBmNVTN9rpl4AfApz6eKs awdp5lUUxIl09F1e7hBPD8=; b=f2ziI5FTEUk8KrIP9hXOpyV54KvV+m2/Aa72N EOaRleuMTUfyyTrNlUg37W0Zrj9O2NmAK+dO/OabRcKuHIlqJYTiU9kG7uyITQdu bQE7vTJwHUSBYiAxiHUUc6+QnwtpAF+7I3riF6c/TAX6eT3/FjcTSNnvO+UjWjWg D7CQVg=
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello, listers!

I have detected that some IP addres of obfs3 briges have demasking
WHOIS information. 

For example

obfs3 bridge with IP at range 192.36.31.0 - 192.36.31.255

(there are several bridges; I dont want to publish it at the list but
can send by private messages if somebody wants).

RIPE WhoIs tool at https://apps.db.ripe.net/search/query.html

reports on this address:

--------------------------
inetnum:         192.36.31.0 - 192.36.31.255
netname:         ZWIEBELFREUNDE
descr:           Zwiebelfreunde e.V.

...

address:         Palaisplatz 3
address:         01097 Dresden
address:         Germany
phone:           +49-351-21296018
fax-no:          +49-911-3084466748
abuse-mailbox:   abuse@xxxxxxxxxxxxxx
remarks:         ---------------------------------
remarks:         This network is used for research
remarks:         in anonymization services and
remarks:         provides Tor exit nodes to end
remarks:         users.
remarks:         ---------------------------------
remarks:         Dieser Netzblock wird zur
remarks:         Erforschung von Anonymisierungs-
remarks:         techniken genutzt und stellt
remarks:         Endnutzern Tor zur Verfuegung.
remarks:         ---------------------------------
remarks:         http://www.torservers.net/abuse.html
remarks:         ---------------------------------
nic-hdl:         MB22990-RIPE
---------------------------


I think these whois data and remarks easy can demasking using
of Tor network by ISPs. Also it may cause blocking of bridges IP in
some areas.

194.132.208.0 - 194.132.208.255 IP range has the same problem.

I wrote to Tor developers about this but have no answer received yet.

WBR, Michael Hock
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Possible Whois demasking of Tor using
  - From: Moritz Bartl

Prev by Author: Re: [tor-talk] Facebook brute forcing hidden services
Next by Author: Re: [tor-talk] Facebook brute forcing hidden services
Previous by thread: Re: [tor-talk] Tor Relay Smartphone App
Next by thread: Re: [tor-talk] Possible Whois demasking of Tor using
Index(es):
- Author
- Thread