[tor-bugs] #29919 [- Select a component]: Tor DOS attack help, can a dev take this seriously please?

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 27 11:46:23 UTC 2019 

#29919: Tor DOS attack help, can a dev take this seriously please?
-----------------------+--------------------------------------
 Reporter:  HelpDOS    |          Owner:  (none)
     Type:  defect     |         Status:  new
 Priority:  Very High  |      Component:  - Select a component
  Version:             |       Severity:  Normal
 Keywords:             |  Actual Points:
Parent ID:             |         Points:
 Reviewer:             |        Sponsor:
-----------------------+--------------------------------------
 Multiple times in the past, I and other hidden service operators have
 published tickets for help with extreme DoS attacks that are preventing
 our hidden services from being accessed. This seems like a complete flaw
 in how Tor works and there is no logical solution in sight.

 One reference from an operator I have spoken with:
 https://trac.torproject.org/projects/tor/ticket/29607

 Exact same attack as myself and we were both initially able to prevent it
 until the attacker changed their method.

 At first the attack was overloading the Tor process CPU of 100% and so new
 connections could not be processed. After running Tor-vanguards add-on I
 found a recurring fingerprint for an authority relay was being used for
 the attack. I excluded the fingerprint in my Torrc and immediately the
 site was back online. He then changed to ANOTHER authority relay, which
 seems strange to be a coincidence considering they are low bandwidth
 relays so wouldn't make sense to me to use in this type of attack.

 Again, blocked this fingerprint and then the attack completely changed and
 is seemingly undiscoverable other than a few warnings that stick out in
 the logs, but they aren't much help.

 Any suggestions we have been given we have tried to no avail. The
 difference with this ticket, if a Tor dev is actually willing to put some
 time into investigating, I can provide full server access to an under
 attack hidden service so it can be actively monitored and hopefully
 resolved. I beg that someone helps with this, it has been going on for
 years with no real solutions to similar attacks.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29919>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list