Silk Road forums
Discussion => Silk Road discussion => Topic started by: Naloxone on April 30, 2013, 07:00 am
-
Hello.
I'm sure the computer geniuses behind SR will have thought of this but I'm just wondering why this couldn't be done? Perhaps it's all about connections allowed in and out rather than actual data being processed.
If it's about data then surely you could have a 72byte file loaded whenever anyone accesses an SR page:
one + two
<form action="x.php"><input type="textbox" name="f*(i"><form>
Firefox still outputs messy, improper html. People will push enter after they input the answer I'm sure. If unsure maybe you could stretch the extra 10-15 bytes for a submit button.
The back end has access to the answer associated with the name and if they submit correctly they'll get a cookie granting access to the site.
Obviously this would be a temporary solution if it worked at all since I'm sure hackers would eventually get through that but a temporary solution would be better than nothing at this point.
I also apologize if I'm being ignorant of the hard work going on behind scenes. I have a simple brain and try to come up with simple answers!
-
That's not such a simple thing, bro. The SR Web server responds, but the traffic is over the SR Tor connection possibilities.
-
That's not such a simple thing, bro. The SR Web server responds, but the traffic is over the SR Tor connection possibilities.
Any chance you could phrase that differently? It doesn't make sense.
I understand that the web server responds anyway but if it's responding with less data then it'll be less load on the server even if the DDoS attack keeps coming at the same rate.
-
Have a look at the post below. We think we know what the issue is.
http://dkn255hz262ypmii.onion/index.php?topic=153182.0
If anyone can think of alternative fixes or preventative measures then please speak up!
-
That's not such a simple thing, bro. The SR Web server responds, but the traffic is over the SR Tor connection possibilities.
Any chance you could phrase that differently? It doesn't make sense.
I understand that the web server responds anyway but if it's responding with less data then it'll be less load on the server even if the DDoS attack keeps coming at the same rate.
Basically the malicious traffic originates from Tor nodes, it is impossible to distinguish from legitimate traffic - that is a huge problem when mitigating DDoS attacks. Makes it very difficult to isolate an attacker since they can obviously use any available Tor node like you and everyone else reading this text. I don't think the exact details of this attack are public for obvious reasons, whatever the malicious traffic consists of; the server still has to respond to all of this data being sent to it. Even if the server is only identifying and ignoring the malicious packets, this is evidently enough to completely overwhelm it thus rendering the site unusable. Since this is the hidden web, conventional methods of mitigating DDoS are useless here. Solutions on the surface web are notoriously expensive.
And just to clarify, attacks of this nature are not relevant to the efficiency of client side code on SilkRoad nor the size of pages themselves. It could be a blank page of 0 bytes, as long as the server is overwhelmed, it has the efficiency of a fucking paper plate. I hope this cleared it up for you.
-
+k for thinking OP :)
-
I was always under the impressions that there is not much that can be done to stop a DDoS attack. I believe the best solution is more bandwidth (obviously not as easy as it sounds).
I believe you can replicate the same IP address across many servers to cause the traffic load to split into many groups that the individual servers can deal with and/or inspect allowing it to sniff out the legitimate traffic. This is not something i know to much about, more rusty memory's from college. I do remember however that this method is an expensive one as obviously it requires the servers to be spread in different locations but it removes the bottleneck that's causing the problem.
what worries me is that i remember being told this is one of the hardest things to be able to defend against, i hope SR manage to find a solution!
-
Any chance you could phrase that differently? It doesn't make sense.
OK. DDoS traffic exceeds the tor connection bandwidth. That's the only problem.
-
There are several known types of attack that can be performed against SR and DPR hasn't said what the problem is, so we can't know for sure what the hell is going on.
He has hinted at this being a transport layer problem, which would suggest that it's an attack on the Tor hidden service protocol and "fixes" at the HTTP layer and above are completely worthless.
What needs to happen is SR publish what the fuck is going on, then the people who have the technical skills can set up their own test Tor network, attack it in the same way and test out some fixes.
-
What needs to happen is SR publish what the fuck is going on, then the people who have the technical skills can set up their own test Tor network, attack it in the same way and test out some fixes.
I like this idea. There is a HUGE community here anxious to get things going, and I'm sure that we have plenty of technical people that would be more than willing to take part in this.
-
^agreed.
-
I would love to know what is going on too but these forums are public so posting exactly whats going could be like telling your opponent what you plan to do before you do it.
DPR just let us know they they are still working, seemed like for 20 hours straight...
I hate this too I miss SR but we have the forums to pass our time and speculate!! that's kind of fun..
-
Thanks for all the replies to this. It helps me understand it a bit more and make me more worried. I'll do some more reading around it all since it is an interesting problem. Also around bandwidth since I clearly don't really know about it even although it should be a simple concept. It'll keep me occupied while I can't order anything. On the plus side something arrived for me today. Unfortunately for the vendor he'll be out of pocket for it until everything is fixed.
-
Something even more basic that could be done is simply put a click to load button next to the captcha. DDoS's work by just requesting the page a bunch. The attacker would have to rewrite his program to press the button after loading the page on each of his connections. Would delay him quite a bit I believe.