[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #29637 [Core Tor]: Tor exploit

To: undisclosed-recipients: ;
Subject: [tor-bugs] #29637 [Core Tor]: Tor exploit
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 02 Mar 2019 22:10:08 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 02 Mar 2019 17:10:18 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29637: Tor exploit
---------------------+--------------------------
 Reporter:  pidgin   |          Owner:  (none)
     Type:  project  |         Status:  new
 Priority:  Medium   |      Component:  Core Tor
  Version:           |       Severity:  Critical
 Keywords:           |  Actual Points:
Parent ID:           |         Points:
 Reviewer:           |        Sponsor:
---------------------+--------------------------
 Dear tor team,
 We have setup a discussion board, on the tor network.
 And there is someone that is exploiting within our servers, by taking it
 down it every time and the forums will respond with "Server not found".
 We are pretty sure this problem is on the side of the TOR browser, is
 there anything we could do to sort this?
 With many thanks for taking time into reading this.

 The other ticket was closed, cause i could not reply to question why it's
 on tor side.
 My answer to that :
 the service behind onion HiddenService is fine, it is serving requests.
 before the DDOS there have not been "Server Not Found".
 Actually it was the hackers third iteration.
 First step from hacker was brute force DDOS which made tor cpu load 100%.
 countermeasure: vanguards and using ExcludeNodes (torrc)
 Second iteration from hacker was to use random nodes, about 1000+, to do
 tor cpu load 100%. countermeasure: vanguards / onionbalance.
 now tor browser gives "server not found", countermeasure not found yet

 Also some server sided information :

 onionbalance is active
 vanguard is active
 vanguard tor process is at 5%
 serving tor process is at 5%

 attacker has found a way to DDOS not based on tor cpu usage attack or tor
 traffic exhaust attack.

 I also appoligize for the duplicate ticket, but the others are closed so
 this one should be fine for now.
 With many thanks.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29637>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #29637 [Core Tor/Tor]: Tor exploit
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #29637 [Core Tor/Tor]: Denial of service on v2 onion service
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #29637 [Core Tor/Tor]: Denial of service on v2 onion service (was: Tor exploit)
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #28377 [Core Tor/Tor]: Add libnss to the travis apt and macOS packages
Next by Author: [tor-bugs] #29806 [Core Tor/Tor]: Ignore bandwidth file lines with "vote=0"
Previous by thread: Re: [tor-bugs] #29108 [Core Tor/Tor]: Refactor crypto_digest.c to have fewer ifdefs
Next by thread: Re: [tor-bugs] #29637 [Core Tor/Tor]: Tor exploit
Index(es):
- Author
- Thread