[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] DoS and TOR?



A slowloris attack is able to run through the Tor network if target server is vulnerable. The attack is based on consuming sockets by being really slow and keeping sockets open. It wouldn't criple the tor network.

However any sensible sys admin would be able to either block all tor exits orset up a proxy to remove the vulnerability.

So basing a slow loris attack of tor does have some potential but it is easy to defend against. (luckily) tor is not that usefull for attacking websites this way ;)

Gijs


On 2012-11-07 21:44, Chris Smart wrote:
thanks Roger. :)




At 03:39 PM 11/7/2012, you wrote:
On Wed, Nov 07, 2012 at 03:35:38PM -0500, Chris Smart wrote:
> Hi folks.
>
> Disclaimer: The following question refers to website testing,
> vulnerability identification etc.
>
> Please bare in mind that I am an end user and not very knowledgeable
> about internet security or so-called "white hat" activity.
>
> While researching DoS activities, many people recommend LOIC.  I'm
> using Windows 7 and the latest Tor Browser. How do I integrate LOIC
> and Tor?

I haven't looked in detail at the LOIC design, but:

a) If you're trying to send UDP packets (or anything other than correctly formed TCP streams), it won't work because Tor doesn't transport that.
https://www.torproject.org/docs/faq-abuse#DDoS

b) If you're trying to open a bazillion TCP connections or something,
you'll likely end up DoSing the Tor network way before your target
site notices.

Or to phrase it more simply: "don't do that and also it wouldn't do what
you want."

--Roger

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--------------------------------------------------
CTS MASTERING, affordable and professional mixing and mastering:
http://www.ctsmastering.com
Twitter: https://twitter.com/#!/CTSMASTERING
BLOG: www.ctsmastering.com/blog
Linked In: http://ca.linkedin.com/pub/chris-smart/46/824/536

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk