3

Recently, I have seen more and more forums, image boards, and market places that are shifting to Tor for the safety of their users. This undoubtedly brings the many attackers that dislike these people with them.

This brings me to a simple question, could a person (granted that they have enough bandwidth, and the attack is layer 7) launch a DDoS attack that would be strong enough to bring down a web server, but not slow down the network. How would they do it? I know botnets have run over Tor, and I know that Tor has used in the past to hide DDoS attackers (mainly skids).

In addition, how could someone protect against a DDoS attack within the Tor network? Given the nature of Tor, is it even possible to set up a firewall that would prevent against it?

Roya
  • 3,240
  • 3
  • 19
  • 40
Aurora
  • 189
  • 11

1 Answers1

1

Using something like tor's Hammer could may work, however what will work and what won't depends a lot on the target server, Nginx, for example, tends to be able to cope with level 7 attacks much better than Apache or IIS.

UPDATE

Just to be clear, with Level 7 attacks (well the above attack anyway) it's not so much about bandwidth but about resources, Nginx (IIRC, it's been a while since I read the technical info) will drop connections that take a long time, and so go some way to preventing this. Also, depending on how the hidden service is structured, you could (I think, I've not idea how you would go about doing this) prevent/block POST requests, this would also prevent tor's Hammer/slowloris style attacks.

For more info on this type of attack see http://ha.ckers.org/slowloris/