[tor-talk] attacks on Tor hidden services

Gozu-san gozu at xerobank.net
Sat Oct 22 23:50:49 UTC 2011


On 22/10/11 14:42, andrew at torproject.org wrote:

> On Sat, Oct 22, 2011 at 04:26:53AM +0000, gozu at xerobank.net
> wrote 1.1K bytes in 26 lines about:

> : According to the operator of Freedom Hosting on 2011-10-19:
> : > Recently FH was the victim of DoS attacks which resulted in
> : > unavailability of php or mysql on hosted sites.
> : > A user registered an account and used it to run extremely
> : > slow mysql queries among other things to purposely harm
> : > the server.
> 
> These aren't attacks on hidden services. These are attacks
> on php, mysql, and apache running behind a hidden service.

OK, I get the distinction.  It would have been more accurate for me to
say "attacks on hidden-service sites".

> : that I've created, with addresses that I alone know.
> : I suspect that #OpDarknet has figured out how to DDoS Tor.
> 
> I suspect not. I run many hidden services, all are
> reachable without issues.

That's good to know.

> There are pleny of bugs in hidden services, and we're
> working to fix them. However, this doesn't seem like an
> attack on hidden services, but rather the software behind
> the service.

I didn't mean that people are intentionally DDoSing the Tor network.  I
meant that the attacks on hidden-service sites may have spillover
effects.  Let's say that SlowLoris attacks bog Apache serving some
hidden-service site.  With enough attackers, could the site's entry
guards become bogged?

Also, once hidden-service sites have bogged, are they flagged as
unresponsive by their entry guards, or elsewhere in the Tor network?

> Time will tell.

Indeed.  Thank you.


More information about the tor-talk mailing list