Silk Road forums

Discussion => Security => Topic started by: tramonym on May 01, 2013, 06:03 pm

Title: Technical discussion about SR DDOS in Tor network
Post by: tramonym on May 01, 2013, 06:03 pm
i would like to discuss about how this ddos works.

back in march there was the biggest ddos attack so far in clearnet. the attack was against anti-spam organisation "Spamhaus". method used was "DNS Reflection Attack". this means that many faked DNS queries are made in parallel. the victims IP address is put as originator in the DNS query, leading to massive DNS query results flooding the victims IP address. because DNS query results are bigger than the query itself, the bandwith reaching the victim is even multiplied.

i think this method seems not be valuable for onion hidden services since the name resolution is different inside the tor network. additionally i do think that the whole tor network bandwidth is not enough putting one site down without noticable performance decrease of the whole tor network. and i do not have the feeling that tor itself is slow.

if the attacker using dos or ddos he must have a way to flood SR directly, without involving tor nodes (which i guess is very unlikely because of tor architecture). this lets me assume that the attacker does not flood SR with pure bandwidth. he might have found a way to disturb SR web server infrastructure directly. maybe he is using a buffer offerflow / sql injection or whatever of the many attacks possible.

maybe someone here with deeper technical knowledge than my about tor and hidden service and has an idea about how this attack may work?

there was also an interesting blog entry on torpoject.org where some tor hidden service flaws are mentioned

https://blog.torproject.org/blog/hidden-services-need-some-love

Title: Re: Technical discussion about SR DDOS in Tor network
Post by: NickNack on May 01, 2013, 06:33 pm
You might want to read through this thread--->

http://dkn255hz262ypmii.onion/index.php?topic=153182.0