Tor will fix long-lasting DoS vulnerability

by Brendan Smith
July 8, 2019

The Tor Project is preparing a patch for a vulnerability that has been exploited in DDoS attacks on .onion sites for several years.

According to Fossbytes report, the problem will be fixed in the Tor 0.4.2 protocol version.

Using the abovementioned DoS vulnerability, an attacker can initiate thousands of connections to the attacked site and leave them hanging. For each connection, the remote .onion-service must establish an intricate communication channel on the Tor network, ensuring the protection of user’s remote connection to the server.

This process requires high processor’s cost, and with each connection, the server processor load increases to 100%, it can no longer accept new connections, and a denial of service occurs.

Tor developers have been aware of the vulnerability for several years, but due to the lack of a simple solution (to exploit vulnerability used process that is important for establishment o legitimate connections) and the lack of human resources the problem has not yet been fixed.

For several years, hackers have actively exploited the vulnerability. Firstly, DDoS attacks with its use were reported on legitimate darknet sites, but in recent months vulnerability has been used primarily to attack underground marketplaces.

“The bug in itself is a tricky one as it exploits the very process which is necessary to establish a genuine user’s connection. In the Tor network, there is no way to identify if the incoming connection requests are from a genuine user or an attacker until the connection is established — but at this point, it’s too late to recover”, — said in Fossbytes.

In March of this year, the administration of one of the largest black markets of the dark market, Dream Market, announced its closure after a series of powerful DDoS attacks. According to the operators of the Dream Market, the attackers demanded $400 thousand in bitcoins to stop the attack, but instead of paying for the site operators decided to close it.

A month after closure of the Dream Market, other major trading pltforms were attacked by DDoS attacks, including the Empire Market and Nightmare Market.

Persistent DDoS attacks force operators of .onion sites to switch from Tor to I2P. The first tried to migrate to I2P illegal trading site Libertas Market, but after unsuccessful attempts, it was closed.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

Cybersecurity analyst with 15+ years digging into malware and threats, from early days reverse-engineering trojans to leading incident responses for mid-sized firms.

At Gridinsoft, I handle peer-reviewed breakdowns of stuff like AsyncRAT ransomware—last year, my guides helped flag 200+ variants in real scans, cutting cleanup time by 40% for users. Outside, I write hands-on tutorials on howtofix.guide, like step-by-step takedowns of pop-up adware using Wireshark and custom scripts (one post on VT alternatives got 5k reads in a month).

Certified CISSP and CEH, I’ve run webinars for 300+ pros on AI-boosted stealers—always pushing for simple fixes that stick, because nobody has time for 50-page manuals. Tools of the trade: Splunk for hunting, Ansible for automation, and a healthy dose of coffee to outlast the night shifts.

View all posts

Leave a Reply

Sending