Silk Road forums

Discussion => Newbie discussion => Topic started by: DDOS on April 24, 2013, 10:27 pm

Title: This is not a DOS attack
Post by: DDOS on April 24, 2013, 10:27 pm
This is not a denial of service attack. You can not do a DOS attack on tor hidden services. This is a null byte attack. This is only happening because Silk Road is coded very poorly.
Title: Re: This is not a DOS attack
Post by: mpj15 on April 24, 2013, 10:42 pm
What makes you so sure?
Title: Re: This is not a DOS attack
Post by: jaxfrost on April 24, 2013, 10:47 pm
Perhaps you should PM Dread Pirate Roberts and let him know?  The more feedback the better on how to combat the bastard(s) that are pulling this off and doing a pretty damn job at it I might add.  Just when you think you've got it covered someone has exploits vulnerability. 

I think it's just timing that the Bitcoins are going up.  The correlation would perhaps be more convincing if people had all of their orders in, SR was being attacked and the the value of the bitcoins plummeted.  Now that would seem more like it was orchestrated but because the bitcoins are rising that's not something that I see as a correlation to SR going down.   You could day trade Bitcoins right now as they're swinging like a big dick and stuff some profit in your pocket.  I've been trying to make a few couple hundred here and there, might as well take advantage while the volatility is ever present.   
Title: Re: This is not a DOS attack
Post by: DDOS on April 24, 2013, 11:08 pm
What makes you so sure?
For one it is not possible to perform a denial of service attack on a TOR hidden service. Tor only transports correctly formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. You can't do specialized forms of this attack like SYN flooding either. So denial of service attacks are not possible over Tor. Tor also doesn't allow bandwidth amplification attacks against external sites. You need to send in a byte for every byte that the Tor network will send to your destination.
Title: Re: This is not a DOS attack
Post by: Gаtillac on April 24, 2013, 11:24 pm
So DPR lied to us?
Title: Re: This is not a DOS attack
Post by: joolz on April 24, 2013, 11:33 pm
So DPR lied to us?
again?
Title: Re: This is not a DOS attack
Post by: Bill Paxton on April 24, 2013, 11:38 pm
It does seem like in the past we've gotten one story only to find out later its something else. This is very typical for website/online businesses... When bitinstant was hacked they had a message up all weekend saying they were down for routine maintenance. I believed them and immediately deposited $$ when the came online Monday... it took me 1.5 weeks to finally get my BTC on my SR account..

As long as its not the DEA or some other equally hated entity I don't really care.

I don't think anybody really cares whats going on as long as things go back to normal and all our information and BTC are safe!!

Any idea's as to what IS going on?  I read OP but due to my lack of knowledge on these things I have no idea how to make sense of it.  Everything written could be complete jibberish made to sound logical/intelligent and I wouldn't have a clue. LOL

-BP

-BP 
Title: Re: This is not a DOS attack
Post by: Neebor on April 24, 2013, 11:40 pm
We are all just par of someones sick and twisted ecperiment. Grab a board and ride the waves man. In the meantime all illegal cotraband can be found on black market reloaded. Dunno if its safe cause ive never used it. Just happened to stumble across it today whilst looking for hookers. Anyone know any sites. I want a hagandas.
Title: Re: This is not a DOS attack
Post by: TuggingOnSupermansCape on April 24, 2013, 11:44 pm
I posted about this earlier, but no one listens to the new guys. It is definitely not a DDOS. Use your heads. Why would the latest maintenance message state that the DDOS is still going on, yet you can access the site, but certain features don't work (picture uploads). This is a lie to cover up the fact that SR is on php 4 and got hit with the null byte attack. Theyre trying to upgrade not only their site code, but also their LAMP to fix the issue. Problem is, this shouldn't have been an issue to begin with. This is what happens when you have someone learning to code, while fixing a site.
Title: Re: This is not a DOS attack
Post by: mountainwhiskey on April 24, 2013, 11:57 pm
I just logged into SR and got a dea seized page after I logged in, seems very dogy to me as it wasn't a .gov address and it was after I logged in.
Title: Re: This is not a DOS attack
Post by: jizzmasterzero on April 25, 2013, 12:01 am
Funny how all the "new guys" just want to praise Atlantis and claim SR is not under a DOS attack...... nothing suspicious about that..... nope nothing suspicious at all.... The culprits have already revealed themselves.

it's amazing how fucking stupid you are, and how stupid you believe us to be.
Title: Re: This is not a DOS attack
Post by: DDOS on April 25, 2013, 12:07 am
Funny how all the "new guys" just want to praise Atlantis and claim SR is not under a DOS attack...... nothing suspicious about that..... nope nothing suspicious at all.... The culprits have already revealed themselves.

it's amazing how fucking stupid you are, and how stupid you believe us to be.
I haven't praised anything or even mentioned atlantis. However since you bring it up I will mention it. It is coded much better and has a far better user interface. That is all I can say about atlantis.
Title: Re: This is not a DOS attack
Post by: Bill Paxton on April 25, 2013, 12:09 am
I just logged into SR and got a dea seized page after I logged in, seems very dogy to me as it wasn't a .gov address and it was after I logged in.

BULLSHIT
Title: Re: This is not a DOS attack
Post by: SkoomaPuma on April 25, 2013, 12:15 am
I just logged into SR and got a dea seized page after I logged in, seems very dogy to me as it wasn't a .gov address and it was after I logged in.

Lol failed attempt at tyring to make SR look bad
Title: Re: This is not a DOS attack
Post by: DDOS on April 25, 2013, 12:16 am
I just logged into SR and got a dea seized page after I logged in, seems very dogy to me as it wasn't a .gov address and it was after I logged in.

BULLSHIT
He's just a troll. Pay no mind.
Title: Re: This is not a DOS attack
Post by: joolz on April 25, 2013, 12:30 am
hes making 8 grand a day   ??? get some tech folk.
Title: Re: This is not a DOS attack
Post by: gunitbot6 on April 25, 2013, 12:49 am
get some tech folk is a bad idea, if shit hits the fan, and people have to testify dnr would be screwed. 
Title: Re: This is not a DOS attack
Post by: Jack N Hoff on April 25, 2013, 12:59 am
get some tech folk is a bad idea, if shit hits the fan, and people have to testify dnr would be screwed.
I guess you were unaware that DPR posted a job opening for a database expert awhile back.
Title: Re: This is not a DOS attack
Post by: berserkr on April 25, 2013, 01:10 am
Was good while it lasted. JK.
Title: Re: This is not a DOS attack
Post by: titsmcgee123 on April 25, 2013, 01:10 am
gotta pay the troll toll to get in
Title: Re: This is not a DOS attack
Post by: foreverfloyd on April 25, 2013, 01:19 am
Why are you so sure?
Title: Re: This is not a DOS attack
Post by: DDOS on April 25, 2013, 01:24 am
Why are you so sure?
What makes you so sure?
For one it is not possible to perform a denial of service attack on a TOR hidden service. Tor only transports correctly formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. You can't do specialized forms of this attack like SYN flooding either. So denial of service attacks are not possible over Tor. Tor also doesn't allow bandwidth amplification attacks against external sites. You need to send in a byte for every byte that the Tor network will send to your destination.
Title: Re: This is not a DOS attack
Post by: bullmarkets4ever on April 25, 2013, 01:24 am
read the most recent "maintenance" thread.. newbie's aren't the only ones scratching their heads about this  "DDoS" downtime.  I'm a newb and completely agree. Do five minutes of research and you'll understand the basics on how, and what a DDoS attack is and does.  It's not sophisticated, but effective at bringing a webserver down.  The question that is relevant is how that could take place over a Tor networked connection/s, and more importantly, how come users are seeing the 500 error messages; this means the file serves are not responding, at least by us.

I would assume DPR and staff have literally unplugged the gear and are logged into their servers tying to isolate the problem and confirm no data was compromised.  Sophisticated attacks are not just entry-point vulnerabilities but also malicious via embedded code (virus') once they've breached the security systems.

Ideally all data would be able to be mirrored in a secondary, or even tertiary environment, invisible to the attackers so that if a breach occurred it could be isolated, studied, and fixed, while the file and web servers would kick on via alias private network mapping and allow the "storefront" to continue.  I doubt SR has an active-active data environment... but would be nice, and ironically would save all of us money (SR and DPR included).

Opposed to a DB admin, they need to hire a CCIE and an Ethical Hacker and begin the task of moving SR into a much improved phase 2, redundant, environment.  Given: not an easy task by any stretch.
Title: Re: This is not a DOS attack
Post by: OzFreelancer on April 25, 2013, 01:28 am
I am not any sort of tech-geek, but I emailed Tor directly and asked if DDoS attacks were possible on hidden services.  They sent me a link to the following:

Quote
Defense against Denial of Service of Introduction Points

The adversarial version of the previous section involves attackers intentionally hammering the Introduction Points of a Hidden Service to make it unreachable by honest clients. This means that an attacker can temporarily bring down a Hidden Service by DoSing a small number of Tor relays.

To defend against such attacks, Syverson and Øverlier introduced Valet nodes in their PETS 2006 paper: "Valet Services: Improving Hidden Servers with a Personal Touch". Valet nodes stand in front of Introduction Points and act as a protection layer. This allows Hidden Services to maintain a limited number of Introduction Points, but many more contact points, without clients learning the actual addresses of the Introduction Points.

Valet nodes are not implemented yet, mainly because of the big implementation and deployment effort they require.

So, I don't really understand a lot of what it says, but it looks to me like it's saying a DDoS attack *IS* possible on an .onion
Title: Re: This is not a DOS attack
Post by: Chaosforpeace on April 25, 2013, 01:38 am
I am not any sort of tech-geek, but I emailed Tor directly and asked if DDoS attacks were possible on hidden services.  They sent me a link to the following:

Quote
Defense against Denial of Service of Introduction Points

The adversarial version of the previous section involves attackers intentionally hammering the Introduction Points of a Hidden Service to make it unreachable by honest clients. This means that an attacker can temporarily bring down a Hidden Service by DoSing a small number of Tor relays.

To defend against such attacks, Syverson and Øverlier introduced Valet nodes in their PETS 2006 paper: "Valet Services: Improving Hidden Servers with a Personal Touch". Valet nodes stand in front of Introduction Points and act as a protection layer. This allows Hidden Services to maintain a limited number of Introduction Points, but many more contact points, without clients learning the actual addresses of the Introduction Points.

Valet nodes are not implemented yet, mainly because of the big implementation and deployment effort they require.

So, I don't really understand a lot of what it says, but it looks to me like it's saying a DDoS attack *IS* possible on an .onion
Thanks you for a voice of reason.

Chaos
Title: Re: This is not a DOS attack
Post by: DDOS on April 25, 2013, 01:39 am
I am not any sort of tech-geek, but I emailed Tor directly and asked if DDoS attacks were possible on hidden services.  They sent me a link to the following:

Quote
Defense against Denial of Service of Introduction Points

The adversarial version of the previous section involves attackers intentionally hammering the Introduction Points of a Hidden Service to make it unreachable by honest clients. This means that an attacker can temporarily bring down a Hidden Service by DoSing a small number of Tor relays.

To defend against such attacks, Syverson and Øverlier introduced Valet nodes in their PETS 2006 paper: "Valet Services: Improving Hidden Servers with a Personal Touch". Valet nodes stand in front of Introduction Points and act as a protection layer. This allows Hidden Services to maintain a limited number of Introduction Points, but many more contact points, without clients learning the actual addresses of the Introduction Points.

Valet nodes are not implemented yet, mainly because of the big implementation and deployment effort they require.

So, I don't really understand a lot of what it says, but it looks to me like it's saying a DDoS attack *IS* possible on an .onion
Reread that then read it again if you have to. 
Quote
by DoSing a small number of Tor relays.
DOSing the relays. Relay IPs are public so yes you can DOS relays. Those are peoples connections. There would still be many people able to access the site. Now if you DDosed all relays then TOR wouldn't work for anyone and the SR forums wouldn't load either. We are all on TOR just fine right now. The relays are not being DOSed and neither is Silk Road.
Title: Re: This is not a DOS attack
Post by: bullmarkets4ever on April 25, 2013, 02:27 am
Correct.


Title: Re: This is not a DOS attack
Post by: TuggingOnSupermansCape on April 25, 2013, 02:31 am
The above is correct.

Seems some who are shouting DDOS don't even know how TOR or DDOS works. Please educate yourselves prior to offering your opinion.
Title: Re: This is not a DOS attack
Post by: bullmarkets4ever on April 25, 2013, 02:32 am
i would LOVE to get my hands on a visio of how SR is networked and setup.

Wonder where the server farm is/are?
Title: Re: This is not a DOS attack
Post by: bullmarkets4ever on April 25, 2013, 02:37 am
I bet it is in some state run datacenter is some banana republic or third world country.
OR, more likely: state sponsored by China, or the Soviets!
Title: Re: This is not a DOS attack
Post by: Leukart on April 25, 2013, 02:39 am
It may well require another address change and a re-distribution of a new URL address. However, I don't think this will present too much of a challenge to the dedicated, as they seem to be growing by the day!
Title: Re: This is not a DOS attack
Post by: OzFreelancer on April 25, 2013, 02:50 am
I'll happily defer to those who are far more tech-savvy than me ::)

However, I have emailed Torproject with more specific questions and will let you know what their response is :)
Title: Re: This is not a DOS attack
Post by: Hammered on April 25, 2013, 02:52 am
This guy doesn't know what hes talking about, its a copy / paste from reddit... and that guy copy pasted from TOR faq lol.

http://www.reddit.com/r/SilkRoad/comments/1d1ibb/bad_news_availability_of_sr_down_to_confirmed/

Title: Re: This is not a DOS attack
Post by: flwrchlds9 on April 25, 2013, 02:53 am
DOS is a broad term. Unplugging the server is a DOS attack.
Title: Re: This is not a DOS attack
Post by: thernabulax on April 25, 2013, 03:04 am
This IS a DOS attack, what you're having is a Denial of Sanity attack OP.

Come on, that's a decent joke! heh

But to be serious, the best up-to-date info points to DDoS, almost consensus level.
Title: Re: This is not a DOS attack
Post by: thelorax on April 25, 2013, 03:11 am
its a dos attack cuz DPR says its a dos attack..

got this when trying to post on here

Connection Problems
Sorry, SMF was unable to connect to the database. This may be caused by the server being busy. Please try again later.
Title: Re: This is not a DOS attack
Post by: itsthecops on April 25, 2013, 03:12 am
Does anyone think upgrading the Apache plugin for PHP would resolve the breech, or would it also require the recoding of the pages?  Even still, it can't be that many pages to edit. The site is pretty small.

Fuck, lets pitch in our money and buy the guy a fucking redundant setup.  Enough of this downtime stuff.
Title: Re: This is not a DOS attack
Post by: DDOS on April 25, 2013, 03:12 am
This guy doesn't know what hes talking about, its a copy / paste from reddit... and that guy copy pasted from TOR faq lol.

http://www.reddit.com/r/SilkRoad/comments/1d1ibb/bad_news_availability_of_sr_down_to_confirmed/
http://www.reddit.com/r/Hammered_u_wrong/
Title: Re: This is not a DOS attack
Post by: DDOS on April 25, 2013, 03:16 am
its a dos attack cuz DPR says its a dos attack..

got this when trying to post on here

Connection Problems
Sorry, SMF was unable to connect to the database. This may be caused by the server being busy. Please try again later.
You do realize that Silk Road and Silk Road forums are on separate servers right? This is not a DOS attack. There is no way in the world that you can put up a maintenance page for two days during a DOS attack. You can't even perform a DOS attack on a hidden service. Please remove Robby's dick from your mouth son.
Title: Re: This is not a DOS attack
Post by: thelorax on April 25, 2013, 03:22 am
well got the dick out my mouth to say.. yeah i do know that ..

i was just stating thats what message i just got..

and actually i kinda am wondering how dpr put up that page...

either way fuck u faggot making a burner account cuz ur scared to speak up fucking pussy eat i hope u get rapped
Title: Re: This is not a DOS attack
Post by: xollero on April 25, 2013, 03:23 am
Already posted on the maintenance thread, but this thread is filled to the brim with bullshit so I'll post here too.

There are many application layer attacks on HTTP which make for very effective DDOSing. No malformed packets or SYN floods or UDP protocol required. OP can be forgiven ignoring these, I'm guessing that despite his very authoritative tone that his experience in the field probably amounts to reading the nmap man page a few times.

If this was an ancient PHP vuln + null byte attack, it could and would have been fixed by DPR by now, unless you are implying that he is a complete drooling idiot. In which case I don't know why you'd use any of his services at all. This null byte claim is utterly unproven (since once would have to be on the inside of the situation to prove it), yet is curiously popping up all over the place suddenly - often in the same breath as hyping Atlantis.  Interesting.

And you guys making statements like "no way you could have a maintenance page up during a DOS" - christ, you really don't know what you're talking about, please stop making fools of yourselves.

But you know, don't let basic facts stop you guys from wrapping that tinfoil so tight that it cuts off the circulation to your brains. I get the funny feeling that the same people muttering about DPR lying to them now were probably muttering something about "false flag" last week, so there's really no point trying to reason with you. Carry on.
Title: Re: This is not a DOS attack
Post by: itsthecops on April 25, 2013, 03:38 am
Nutty.

So. .. when am I going to get to buy drugs again eggheads?
Title: Re: This is not a DOS attack
Post by: RevDrGod on April 25, 2013, 03:42 am
So DPR lied to us?

 DPR said that he didn't go so far to discover what kind of attack it was. He said that the problem gave an appearance of an attack
Title: Re: This is not a DOS attack
Post by: Durkadurka13579 on April 25, 2013, 04:04 am
So DPR lied to us?

 DPR said that he didn't go so far to discover what kind of attack it was. He said that the problem gave an appearance of an attack


Technically....he said, "The attack appears to be DoS in nature"

From Wikipedia -

"In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users."

At its most basic, the point is to make the site unavailable.....

Seems to be working......
Title: Re: This is not a DOS attack
Post by: logical on April 25, 2013, 04:12 am
So DPR lied to us?

 DPR said that he didn't go so far to discover what kind of attack it was. He said that the problem gave an appearance of an attack


Technically....he said, "The attack appears to be DoS in nature"

From Wikipedia -

"In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users."

At its most basic, the point is to make the site unavailable.....

Seems to be working......
Someone who doesn't know shit about networking might call this a DOS attack.  They would also call unplugging a server a DOS attack as stated earlier in this thread. A North Korean nuclear missile taking out the server or an EMP taking out the server would be a DOS attack by that definition. Hell not paying your power bill would keep anyone from accessing the site.


Quote
In a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely.
That is the real meaning.
Title: Re: This is not a DOS attack
Post by: Durkadurka13579 on April 25, 2013, 04:16 am
So DPR lied to us?

 DPR said that he didn't go so far to discover what kind of attack it was. He said that the problem gave an appearance of an attack


Technically....he said, "The attack appears to be DoS in nature"

From Wikipedia -

"In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users."

At its most basic, the point is to make the site unavailable.....

Seems to be working......
Someone who doesn't know shit about networking might call this a DOS attack.  They would also call unplugging a server a DOS attack as stated earlier in this thread. A North Korean nuclear missile taking out the server or an EMP taking out the server would be a DOS attack by that definition. Hell not paying your power bill would keep anyone from accessing the site.


Quote
In a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely.
That is the real meaning.

Thanks?  Just trying to say shits broken...... but thanks......
Title: Re: This is not a DOS attack
Post by: kmfkewm on April 25, 2013, 07:12 am
This is not a denial of service attack. You can not do a DOS attack on tor hidden services. This is a null byte attack. This is only happening because Silk Road is coded very poorly.

Of course you can do DoS and DDoS against hidden services. The easiest way to prevent anyone from reaching a hidden service is to enumerate all of its introduction points and spam them with fake extend cells to exhaust their processing capabilities. You can also DDoS the hidden service in a traditional way, you simply need the nodes on the botnet to send their traffic through the Tor network up to the hidden service. It is just a normal server, it is not immune from anything. The server software itself could also have some bug or configuration issue that lets an attacker do non-bandwidth resource exhaustion. Tracing hidden services to entry guards is possible as well, at which point the entry guards can be DDoSed and if the HS is set to use strict entry guards then it will go down as well. In summary, you clearly have no idea what the fuck you are talking about so please stfu and gtfo.
Title: Re: This is not a DOS attack
Post by: kmfkewm on April 25, 2013, 07:18 am
What makes you so sure?
For one it is not possible to perform a denial of service attack on a TOR hidden service. Tor only transports correctly formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. You can't do specialized forms of this attack like SYN flooding either. So denial of service attacks are not possible over Tor. Tor also doesn't allow bandwidth amplification attacks against external sites. You need to send in a byte for every byte that the Tor network will send to your destination.

You think that correctly formed TCP streams can not be used to exhaust bandwidth??? Well, that is completely wrong. Someone with a botnet doesn't need to do a bandwidth amplification attack to DDoS a target, they have a massive botnet with lots of bandwidth. Just having thousands of zombie clients refreshing a website constantly, many simultaneous times, is enough to DDoS it, and that is how many DDoS attacks are carried out.  Also there are all kinds of other ways that DoS attacks can be performed. Hidden services are inherently weak to their introduction points being DoSed with CPU exhaustion attacks. They can be traced to their entry guards and the entry guards DDoSed, which will make it impossible to access the hidden service if it has strict entry guards set. The actual web server software can have flaws in it that make it weak to resource exhaustion attacks, a lot of the time DoS is of CPU or RAM and not of bandwidth at all. It is completely and entirely incorrect to say that DDoS or DoS are impossible to do against hidden services.
Title: Re: This is not a DOS attack
Post by: kmfkewm on April 25, 2013, 07:23 am
I posted about this earlier, but no one listens to the new guys. It is definitely not a DDOS. Use your heads. Why would the latest maintenance message state that the DDOS is still going on, yet you can access the site, but certain features don't work (picture uploads). This is a lie to cover up the fact that SR is on php 4 and got hit with the null byte attack. Theyre trying to upgrade not only their site code, but also their LAMP to fix the issue. Problem is, this shouldn't have been an issue to begin with. This is what happens when you have someone learning to code, while fixing a site.

I don't want to make any jumps to conclusions, but the fact of the matter is that a DDoS attack or DoS attack against a Tor hidden service is entirely possible. That said I have not been exceptionally impressed with the apparent security skill of SR, but on the other hand CUSTOMERS ARE RESPONSIBLE FOR THEIR OWN SECURITY. So it really shouldn't matter too much. Relying on a server / site operator to keep you secure is fucking retarded. Security is your own responsibility. On the other hand, maybe a misconfiguration or other issue has needlessly made the site vulnerable to DoS attacks. I have no idea. But it is incorrect to say that bandwidth DDoS , or anything like that, is impossible to do against a hidden service. Some very specific forms of DDoS are impossible to do over Tor, but some forms of DDoS are possible to do against hidden services that are not possible against clearnet sites.
Title: Re: This is not a DOS attack
Post by: kmfkewm on April 25, 2013, 07:32 am
I am not any sort of tech-geek, but I emailed Tor directly and asked if DDoS attacks were possible on hidden services.  They sent me a link to the following:

Quote
Defense against Denial of Service of Introduction Points

The adversarial version of the previous section involves attackers intentionally hammering the Introduction Points of a Hidden Service to make it unreachable by honest clients. This means that an attacker can temporarily bring down a Hidden Service by DoSing a small number of Tor relays.

To defend against such attacks, Syverson and Øverlier introduced Valet nodes in their PETS 2006 paper: "Valet Services: Improving Hidden Servers with a Personal Touch". Valet nodes stand in front of Introduction Points and act as a protection layer. This allows Hidden Services to maintain a limited number of Introduction Points, but many more contact points, without clients learning the actual addresses of the Introduction Points.

Valet nodes are not implemented yet, mainly because of the big implementation and deployment effort they require.

So, I don't really understand a lot of what it says, but it looks to me like it's saying a DDoS attack *IS* possible on an .onion
Reread that then read it again if you have to. 
Quote
by DoSing a small number of Tor relays.
DOSing the relays. Relay IPs are public so yes you can DOS relays. Those are peoples connections. There would still be many people able to access the site. Now if you DDosed all relays then TOR wouldn't work for anyone and the SR forums wouldn't load either. We are all on TOR just fine right now. The relays are not being DOSed and neither is Silk Road.

If you DDoS all of a hidden services introduction nodes NOBODY who doesn't already have an established connection can access the hidden service. Introduction node DDoS was definitely my first thought because it is quite trivial to exhaust their processing abilities. However, as Astor pointed out in another thread, people who do manage to get established connections to the marketplace are also experiencing slow loading times. That would not be a likely effect of introduction point DDoSing , which would simply make it impossible for new people to establish any connection to the site in the first place. However, there are many other ways to DDoS a hidden service, as I have mentioned multiple times now so will not repeat again.

You are clearly very ignorant of how Tor works and the basics of cyber security.
Title: Re: This is not a DOS attack
Post by: kmfkewm on April 25, 2013, 07:35 am
This guy doesn't know what hes talking about, its a copy / paste from reddit... and that guy copy pasted from TOR faq lol.

http://www.reddit.com/r/SilkRoad/comments/1d1ibb/bad_news_availability_of_sr_down_to_confirmed/

It did sound familiar ! Tor FAQ has something in its abuse section about how Tor is not just a big botnet to be used by anyone who wants to DDoS a target, or amplify the bandwidth output of their botnet. This is true! However, the original poster grossly misinterpreted this as meaning that hidden services cannot be DDoSed, or that DDoS attacks can not be carried out through Tor. What it really means is that, although some things , like UDP based DDoS attacks, cannot be carried out through Tor, that other sorts of attacks are not MAGNIFIED by Tor or made POSSIBLE by Tor. Tor can be used for anonymizing the source of a DDoS attack though. And DDoS attacks against hidden services are possible in all kinds of ways.
Title: Re: This is not a DOS attack
Post by: kmfkewm on April 25, 2013, 07:39 am
So DPR lied to us?

 DPR said that he didn't go so far to discover what kind of attack it was. He said that the problem gave an appearance of an attack


Technically....he said, "The attack appears to be DoS in nature"

From Wikipedia -

"In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users."

At its most basic, the point is to make the site unavailable.....

Seems to be working......
Someone who doesn't know shit about networking might call this a DOS attack.  They would also call unplugging a server a DOS attack as stated earlier in this thread. A North Korean nuclear missile taking out the server or an EMP taking out the server would be a DOS attack by that definition. Hell not paying your power bill would keep anyone from accessing the site.


Quote
In a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely.
That is the real meaning.

No that is one specific implementation of a DoS attack. There are CPU exhaustion attacks, memory exhaustion attacks, and all kinds of attacks that have nothing at all to do with bandwidth exhaustion. I believe what  you just named is an open socket exhaustion attack, it doesn't even have to do with bandwidth. The most commonly known of form for a DoS attack is bandwidth exhaustion, but the term is so incredibly broad that it applies to all kinds of almost completely unrelated things. It is like saying "2 + 2 IS NOT ADDITION 1 + 1 IS ADDITION".
Title: Re: This is not a DOS attack
Post by: Bill Paxton on April 25, 2013, 01:49 pm
So what is the verdict?? :)
Title: Re: This is not a DOS attack
Post by: xollero on April 25, 2013, 05:29 pm
You are clearly very ignorant of how Tor works and the basics of cyber security.
All this bullshit was quite deliberate disinfo, trying to take advantage of the SR downtime. Much of the sudden advertising for this Atlantis site had the same basic message being hammered on: "Not a DDOS, null byte attack on old PHP, shitty DPR code". Followed by the hilarious implication that building their new shit on fucking Bootstrap and some HTML5 somehow makes them more secure and/or resistant to DDOS.

Notice how all the idiots spreading these utterly incorrect 'facts' about TOR and its magical resistance to DDOS have now scattered? No rebuttals offered once there were some adults who know what they're talking about in the room. They don't care. They did what they set out to achieve.

So what is the verdict?? :)
Verdict is: OP is full of shit. Followed by a lot of clueless people latching onto the first guy they see throwing around acronyms like he knows what he's talking about.  I swear, some people will believe any bunch of bullshit so long as it is packaged in the form of "The Man / MSM / bossman / DPR is lying to you!", and argued in a manner than sounds sufficiently authoritative (no matter how actually incoherent it may be). You can practically hear the dog whistle. 
Title: Re: This is not a DOS attack
Post by: foreverfloyd on April 25, 2013, 08:16 pm
its working pretty fast now.
Thanks dpr.