[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

When using Tor, DoS is much more than attack on availability

#1

Bad for clients:

https://tor.stackexchange.com/questions/386/why-is-a-longer-guard-rotation-period-with-fewer-guards-better-than-the-other-wa/387#387

Fatal for hidden services?

Anecdotally, many hidden services have experienced sustained and intense DoS attacks this year. On clearnet, these attacks may result in economic or reputation loss. On Tor, they should be treated first as attacks on anonymity. Timely blog article on what can happen if DoS attacks aren’t addressed.

http://www.hackerfactor.com/blog/index.php?/archives/779-Behind-the-Tor-Attacks.html

These attacks are so prevalent, that I have little doubt that every hidden service experiencing them has already been uncloaked and identified by someone.

(Krawetz is Computer Science PhD. Runs FotoForensics & archive.org onion service)

#2

Yes, further reading shows frequent guard rotation causes:

  • Increased risk of correlation attacks.
  • Greater chance of hitting Internet infrastructure points controlled by advanced adversaries (IXP, ASes etc).
  • Greater chance the set of guards in use get fingerprinted, then, adversaries who are able to enumerate guards can link that to specific points in the network based on damn mathematics (not for everything, all the time though).

That said, at least it’s not Tails, where they don’t have persistent guards, meaning new ones all the time, making someone using it at home for example, extremely trackable (damn mathematics again).

Yes, there are a couple of Trac tickets at least talking about it i.e. sustained attacks and limited countermeasures currently available. It will become more sustained unless they change something in the design to afford more protection.

#3

I glanced at some of the tickets under keyword: dos. Attacks on the Tor network are nothing new. Some of those tickets go back 6-8 years. It’s my limited understanding that the Tor network is naturally resistant to network level DoS attacks by virtue of its design, but has multiple chokepoints that are a high priority to defend (ie DirAuths).

The blog I linked was more concerned about application level DoS attacks. It’s debatable how much of a priority it should be for Tor Project to defend against those - or how effective that could ever be. Ultimately, hidden service operators need to implement custom solutions / filters. One thing that TPO can address is making sure that hidden services don’t do something stupid when an attack succeeds (like entry-guard hopping). Probably safe to say that most would rather be offline than deanonymized.