The Tor Project is preparing a patch for a vulnerability that has been exploited in DDoS attacks on .onion sites for several years.
According to Fossbytes report, the problem will be fixed in the Tor 0.4.2 protocol version.Using the abovementioned DoS vulnerability, an attacker can initiate thousands of connections to the attacked site and leave them hanging. For each connection, the remote .onion-service must establish an intricate communication channel on the Tor network, ensuring the protection of user’s remote connection to the server.
This process requires high processor’s cost, and with each connection, the server processor load increases to 100%, it can no longer accept new connections, and a denial of service occurs.
Tor developers have been aware of the vulnerability for several years, but due to the lack of a simple solution (to exploit vulnerability used process that is important for establishment o legitimate connections) and the lack of human resources the problem has not yet been fixed.
For several years, hackers have actively exploited the vulnerability. Firstly, DDoS attacks with its use were reported on legitimate darknet sites, but in recent months vulnerability has been used primarily to attack underground marketplaces.
“The bug in itself is a tricky one as it exploits the very process which is necessary to establish a genuine user’s connection. In the Tor network, there is no way to identify if the incoming connection requests are from a genuine user or an attacker until the connection is established — but at this point, it’s too late to recover”, — said in Fossbytes.
In March of this year, the administration of one of the largest black markets of the dark market, Dream Market, announced its closure after a series of powerful DDoS attacks. According to the operators of the Dream Market, the attackers demanded $400 thousand in bitcoins to stop the attack, but instead of paying for the site operators decided to close it.
A month after closure of the Dream Market, other major trading pltforms were attacked by DDoS attacks, including the Empire Market and Nightmare Market.
Persistent DDoS attacks force operators of .onion sites to switch from Tor to I2P. The first tried to migrate to I2P illegal trading site Libertas Market, but after unsuccessful attempts, it was closed.