Possible Critical Zero-day Vulnerability in Tor Enabling DDOS Attacks on all Hidden Services

A Torproject ticket marked “critical” suggests a possible zero day vulnurability with Tor that is enabling DDOS attacks on all hidden services.

Source.

TOR CPU load 100%. Hidden service unavailable. Maybe zero-day vulnerability like “circuit storm”.
After start tor- in few minutes CPU load 100% and hidden service unavailable.
If disable concrete hidden service and restart tor- all normal.
Problem very same as
​https://lists.torproject.org/pipermail/tor-talk/2014-December/035807.html

In log many same records:

Mar 26 10:57:48.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:8333. Giving up.
Mar 26 10:58:26.000 [notice] We tried for 15 seconds to connect to ‘[scrubbed]’ using exit $3EAAAB35932610411E24FA4317603CB5780B80BC~AccessNow002 at 176.10.99.201. Retrying on a new circuit.
Mar 26 10:58:42.000 [notice] We tried for 15 seconds to connect to ‘[scrubbed]’ using exit $379FB450010D17078B3766C2273303C358C3A442~aurora at 176.126.252.12. Retrying on a new circuit.
Mar 26 10:59:04.000 [notice] Closing stream for ‘[scrubbed].onion': hidden service is unavailable (try again later).
Mar 26 11:01:21.000 [notice] Tried for 130 seconds to get a connection to [scrubbed]:8333. Giving up.
Mar 26 11:02:05.000 [notice] Tried for 123 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Mar 26 11:02:05.000 [notice] Tried for 123 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Mar 26 11:02:05.000 [notice] Tried for 121 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Mar 26 11:02:05.000 [notice] Tried for 129 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Mar 26 11:02:05.000 [notice] Tried for 124 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)
Mar 26 11:02:18.000 [notice] Tried for 131 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for circuit)

Or
Mar 26 11:02:51.000 [notice] Your Guard torpidsUKuk2 ($C9933B3725239B6FAB5227BA33B30BE7B48BB485) is failing more circuits than usual. Most likely this means the Tor network is overloaded. Success counts are 116/171. Use counts are 48/49. 117 circuits completed, 1 were unusable, 0 collapsed, and 126 timed out. For reference, your timeout cutoff is 87 seconds.

Absolutely same situation as
​https://lists.torproject.org/pipermail/tor-talk/2014-December/035833.html

use little bandwidth,
and seem to involve each request having a new rendezvous for each
attempt, using lots of resources

Problem exist at all versions(0.2.5, 0.2.6, master from git)

At current time few hidden services in TOR network DDOSed by this method.

DarknetMarkets.org will follow this situation closely and report on any developments. Follow @DarknetMarkets on twitter for the most up-to-date information.

UPDATE: DeepDotWeb has reported that some market operators are confirming that they are currently under DDOS attacks.



Shortlink to this page: drk.li/651