Silk Road forums

Discussion => Security => Topic started by: narcocapitalist9 on May 05, 2013, 06:14 am

Title: A proposal for collective action to help stave off the attack on SR
Post by: narcocapitalist9 on May 05, 2013, 06:14 am
I posted this more or less in the newbie forum and got a lotta interest, and I want to bring this into the security section of the forum.

First, a pretty picture:

https://metrics.torproject.org/networksize.png?start=2005-02-04&end=2013-05-05

This is a chart showing the number of tor relays on the tor network dating back to 2005. Obviously, tor only kicked off around the beginning of 2006. But look at the numbers. When it started, there was very quickly about 1500 relays. Now there is just a bit over 3000.

in 6 years, this is very slow take-off. This is why Silk Road is slow, mainly. Tor does not have any built-in incentives for people to provide bandwidth to the network. However, SR users most definitely have a reason to want to see more tor nodes in existence. The recent attacks would have been more expensive for the scumbags if there was closer to 5000 tor relays of about 1mbit capacity each. I am running a non-exit relay with 15mbit capacity, and since SR users want better access to hidden services, first and foremost, there is no need to run an exit node.

Most SR users are most likely running the torbrowser bundle. It is very simple to set this up to relay traffic, the only tricky part is in getting inbound connections, for most people, this will require configuring their router to forward 9001 and (optionally, but recommended) 9030 to the machine you run your torbrowser bundle.

Here is the link to the instructions for how to do it:

https://www.torproject.org/docs/tor-doc-relay.html.en

This is one thing that many people could actually be doing and it would definitely help SR stay more available, maybe only by a margin of 12-20%, but that's still raising the cost of attacking SR, and on top of that, it will definitely improve people's experiences using SR.

Another thing that I have been tinkering with is HTTP Keep-Alive. For clearnet sites, keep-alive does not really matter anymore. Most browsers and proxies are set to about 5 minutes for this. However, the processing and time cost of establishing a connection through a rendezvous node to a hidden service is much higher than it is on the clearnet. I have set mine to an hour (3600 seconds) and I don't know if this exceeds the session time on SR's cookies, but once I'm logged in, I get new pages faster, and the other thing is that as a legitimate user of SR, and not an attacker, this is a connection that can't be used by an attacker. In any case, a longer keep-alive timeout definitely makes SR work faster for me, YMMV.

Apart from that, I think it is clear that further defenses need to be developed against this kind of flood attack stopping people being able to use SR. An idea I have had is that of writing a small firefox extension that gets a small list of alternative onion addresses that route to the SR server, that you can get from any open and accessible (not flooded) onion address, but that you need to authenticate to get this list. The list should ideally be mostly not publicly known, and users only get two or three every half hour. This way, when someone tries to attack one of these alt addresses, it can be seen on the log of the webservice script which users were given which addresses, and which nodes are getting attacked will be correlated with a subset of users currently connected, thus enabling the SR admins to do the detective thing on it and narrow down eventually which user is doing it and locking out their account.

This is a relatively small and simple thing that could be done that would only take a few weeks to implement and bugfix, and would massively disadvantage would-be attackers, while the process of getting tor hidden services code to be more robust to DDoS attacks is being implemented by the SR team. It may be that attackers do not darken SR's hidden doorway again before a serious defence is added to tor, but such a system could have broader application for hidden services anyway. There is many other useful things that could be provided by a tor hidden service than just a marketplace also, things like a whistleblower website or other such things, would be made very hard to suppress if they could remain up and available on the darkweb.
Title: Re: A proposal for collective action to help stave off the attack on SR
Post by: narcocapitalist9 on May 05, 2013, 12:14 pm
I originally started this thread in the newbie forum as I was racking up my minimum 50 to be able to post elsewhere:

http://dkn255hz262ypmii.onion/index.php?topic=155667

There is a bit more information there. I have linked from that topic to this one so people can find it from there, and now people can find that topic from here. :)
Title: Re: A proposal for collective action to help stave off the attack on SR
Post by: Wepromisetwenty on May 05, 2013, 12:17 pm
Really useful stuff. I'm looking into relaying right now.

If someone wants to give this guy a +1 on my behalf - i'd be grateful.
Title: Re: A proposal for collective action to help stave off the attack on SR
Post by: narcocapitalist9 on May 05, 2013, 12:28 pm
I'm glad to see that I'm only getting +1s :) I haven't really run into trolls so far here or upset anyone yet, I hope I can keep my karma balance nice and positive.
Title: Re: A proposal for collective action to help stave off the attack on SR
Post by: CHROOT on May 05, 2013, 12:42 pm
Narco, has anyone in here set one of these up yet? I'd like to give it a try but I'm curious to hear from others how challenging the implementation is for us less tech-savvy individuals.

And props on working toward a solution!
Title: Re: A proposal for collective action to help stave off the attack on SR
Post by: narcocapitalist9 on May 05, 2013, 01:15 pm
https://www.torproject.org/docs/tor-doc-relay.html.en  << it's pretty simple really. just make sure you untick all the allowed exit types.
Title: Re: A proposal for collective action to help stave off the attack on SR
Post by: narcocapitalist9 on May 05, 2013, 01:18 pm
oh, and i am already running one, with a capacity of about 1.8MiB/s (about 15mbit). I configured mine as a service rather than using the vidalia bundle though. I prefer this because it means it automatically starts up when I boot the machine, which I don't do very often, most of the time it just sits there for like a week or more before I bother rebooting it. I run xubuntu, and it's solid as a rock.