NZ Darknet Market Forums
Nexus Market
nexusaaso5kxt75bigvtixw63dot3mnthl3pwqxg4d6tlj5yfqjuviid.onionMGM Grand Market
duysanj6lge7vfis24r4zkqrvq6tq4xknajk2wdrne2wgx5hpr5c3tqd.onionTorZon Market
torzonoxqu4kibxr6yjxangdondtzupzba5hhdiakjdkczyiqhdmhgad.onionAbacus Market
abacus5m27pzz3i6cfh7cg7tjt43lkiur6gjqjrwym2avv4uvgfmabad.onionDarknet Bible
Darknet Market education and discussion
You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2022-11-13 11:10
- TormarketEngineer
- Verified Vendor
- Registered: 2022-11-13
- Posts: 3
DOS attacks on TOR hidden services
Each type of DOS attack is targeted at different layers of the protocol stack:
4. Web app layer
3. HTTP application layer
2. TCP/IP transport layer
1. TOR network layer
Defences against attacks at each layer:
4. CAPTCHAs, defences built into the application - for the web app layer.
3. HTTP web application firewall - for HTTP layer.
2. TCP/IP firewall - for TCP transport layer.
1. TOR network layer - not really any good solutions currently. Right now just a battle between attacker and defender for who can add the most servers/resources to maximize numbers of tor circuit creation vs keep up with tor circuit creation requests.Tor software needs redesigning to add costs (CPU/memory/cryptocurrency fees) to make TOR circuit setup expensive when thousands of simultaneous circuits are made. Another anonymity network is I2P which attackers haven't started DOSing yet.
When the TOR network layer is being attacked the attack traffic never reaches the other layers. So the web server runs fine but you need to find a path to it that isn't being attacked. A DOS attack on the TOR layer only effects the path (a specific onion name is the path). This is what the private onions are for - the path isn't known to the public so can't be attacked.
When a TOR layer DOS attack is happening, it only effects the onion name being attacked. The other onion names keep working. If you keep trying long enough to reach the attacked onion name it will eventually work, then it will continue to work normally and fast for 15 minutes. After 15 mins the TOR client retires the working circuit and builds a fresh one, but the process of building a fresh circuit is what a DOS attack impacts, causing intermittent failures and delays of 2-5 minutes as browser keeps trying the connection setup.
In summary, if one onion name doesn't work after it has tried connecting for 5 minutes, then use another. When there are three alternative paths to reach your destination, choose the one with the least traffic. If none work then a DOS attack could be targeting a different layer like the web app layer.
Pages: 1