Skip to main content

Tor will finally fix a bug that allowed for DDoS attacks against dark web sites

(Image credit: Shutterstock)

Launching DDoS attacks against dark web sites could soon be a little more difficult to pull off now that the Tor Project is preparing to fix a bug that has been abused by attackers for years.

As reported by ZDNet, the bug itself is a denial of service (DoS) issue that an attacker can exploit to initiate thousands of connections to a targeted dark web site. 

For each of these connections, the remote Onion service needs to negotiate a complex circuit through the Tor network to secure the connection between a user and the site's server. As this process is very CPU intensive, initiating thousands of these connections can quickly overload a site's server to the point where it can't accept any new connections.

While Tor developers have known about this bug for years, they haven't released a fix for it yet as doing so would be quite difficult as the bug exploits the same process used to establish user connections to other sites on the Tor network.

Dark web DDoS attacks

In a blog post, the Tor Project provided further insight on the DoS attacks that some Onion services have experiencing over the past few years, saying:

“The attacks exploit the inherent asymmetric nature of the onion service rendezvous protocol, and that makes it a hard problem to defend against. During the rendezvous protocol, an evil client can send a small message to the service while the service has to do lots of expensive work to react to it. This asymmetry opens the protocol to DoS attacks, and the anonymous nature of our network makes it extremely challenging to filter the good clients from the bad.”

To make matters worse, a tool named Stinger-Tor was uploaded to GitHub more than four years ago which allows anyone to carry out a DoS attack on a Dark Web site just by running a Python script. There are other tools like this one out there that exploit the bug in Tor and cybercrime groups have been selling them on underground forums.

In order to help put an end to these attacks, members of the Dread community have been encouraging users to donate to the Tor Project. These donations seem to have done the trick as developing a fix for this vulnerability is now being prioritized. The proposed fix won't completely deal with the issue but it will make DoS attacks less effective against Dark Web sites.

The fix is scheduled to arrive with the upcoming Tor protocol 0.4.2 release and it should make things a bit easier for sites running on the Tor network.

Via ZDNet