[tor-talk] Why Crimekit Atrax will attract attention

Roger Dingledine arma at mit.edu
Thu Nov 28 10:26:06 UTC 2013

On Thu, Nov 28, 2013 at 08:00:37AM -0200, Noilson Caio wrote:
> https://www.csis.dk/en/csis/blog/4103/
> I know that amplification attacks are not problems in the Tor network
> (Enter one
> bit comes out a bit). DDOS tools originated in the Tor network tend to clog
> the output nodes. Correct ?


That said, not all ddos attacks involve just simple flooding with
traffic. Some of the attacks described on your url use very little
traffic, e.g. instead relying on clogging up the cpu of the target
machine by asking it to provide complex answers.

The right answer to those attacks is "then don't design your services
that way", but for many currently deployed services that's a long-term
dream, not a short-term fix.

*That* said, I would expect bots in this situation to use Tor for C&C,
and do the distributed attacks directly. It's pretty silly to do a
"distributed" attack from 5000 places but then funnel it all into Tor.

Or said more clearly, if you have a botnet, use it -- you don't need Tor.


More information about the tor-talk mailing list