Opened 7 months ago

Closed 7 months ago

#29637 closed defect (duplicate)

Denial of service on v2 onion service

Reported by: pidgin Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Critical Keywords: tor-dos
Cc: Actual Points:
Parent ID: #29607 Points: 3
Reviewer: Sponsor:

Description

Dear tor team,
We have setup a discussion board, on the tor network.
And there is someone that is exploiting within our servers, by taking it down it every time and the forums will respond with "Server not found".
We are pretty sure this problem is on the side of the TOR browser, is there anything we could do to sort this?
With many thanks for taking time into reading this.

The other ticket was closed, cause i could not reply to question why it's on tor side.
My answer to that :
the service behind onion HiddenService is fine, it is serving requests.
before the DDOS there have not been "Server Not Found".
Actually it was the hackers third iteration.
First step from hacker was brute force DDOS which made tor cpu load 100%. countermeasure: vanguards and using ExcludeNodes (torrc)
Second iteration from hacker was to use random nodes, about 1000+, to do tor cpu load 100%. countermeasure: vanguards / onionbalance.
now tor browser gives "server not found", countermeasure not found yet

Also some server sided information :

onionbalance is active
vanguard is active
vanguard tor process is at 5%
serving tor process is at 5%

attacker has found a way to DDOS not based on tor cpu usage attack or tor traffic exhaust attack.

I also appoligize for the duplicate ticket, but the others are closed so this one should be fine for now.
With many thanks.

Child Tickets

Change History (3)

comment:1 Changed 7 months ago by teor

Component: Core TorCore Tor/Tor
Keywords: tor-dos added
Milestone: Tor: unspecified
Points: 3
Status: newneeds_information
Type: projectdefect

The attack probably isn't on the Tor client. It's more likely it's on the HSDir or Intro Points. It may be on the service's Guard or Rendezvous Point, but they're harder to target.

Have you tried v3 onion services?
They are much more resistant to attacks.
There is no OnionBalance for v3 yet, but the v3 crypto is more efficient, so you might not need it.

comment:2 Changed 7 months ago by teor

Summary: Tor exploitDenial of service on v2 onion service

comment:3 Changed 7 months ago by teor

Parent ID: #29607
Resolution: duplicate
Status: needs_informationclosed

This is a duplicate of #29607, which is still open.

I understand that you need help. But opening multiple tickets makes it hard for us to help you. And that means you won't get the best help.

Please stop opening multiple tickets. Just use #29607.

Note: See TracTickets for help on using tickets.