The operator of an underground marketplace hosted within the Tor network has reported a flaw in Tor that he claims is being used for an ongoing denial of service attack on the site.
The problem, which is similar to one reported by another hidden site operator in December on the Tor mailing list, allows attackers to conduct a denial of service attack against hidden sites by creating a large number of simultaneous connections, or “circuits,” via Tor, overwhelming the hidden service’s ability to respond.
The problem is still under review, but it appears to be related to abuse of the “introduce” message in the Tor Hidden Services protocol, which is used to negotiate the connection between the client and the hidden server. By sending multiple “introduce” requests to the same hidden service, an attacker could make the targeted server create multiple circuits (paths over the Tor network used for the session), eating the server’s available CPU and network resources and making it inaccessible to users.
An individual associated with Middle Earth, one of the hidden sites targeted by the denial of service attacks, posted to reddit’s “darknet markets” subreddit earlier this week to apologize for the long downtime associated with the attack. Using the reddit account name MEMGandalf, he claimed “Middle Earth and Agora are the focus of the most serious attack TOR has ever seen.” He additionally reported that Middle Earth’s operator had reported the flaw to Tor. (The bug report was opened under the name “alberto.”) The attack raised the server’s processor load to 100 percent utilization.
Read the Full Article: Source – Ars Technica