For many years, various attackers were abusing a DDoS attack method on the Tor network and now the community has responded against it. The bug that has been exploited for so long is going to be fixed to give Tor users a clean and safer network than ever. As mentioned by ZDNet, a vulnerability that can be abused by a hacker to link thousands of users to a specific, anonymous website is a negative service (DoS) issue.
To maintain the link between a customer and the site’s computer, Onion remote will navigate a dynamic circuit across the Tor network. Given that this process is incredibly CPU-intensive, the creation of thousands of such ties will exhaust the server of a site quickly to the point where no new connections are acceptable.
Not many people know about this bug but the Tor developers were aware of this issue for several years, it is still not simple to address it because it uses the same bug to create useful links to other Tor pages.
DDoS Attacks On The Dark Web Sites
In its blog post, the Tor Project provided additional insights into the various DDoS attacks experienced by certain Onion services in recent years, saying: “The attacks exploit the inherent asymmetric nature and make it difficult to protect against the protocol. A bad user will send a tiny message to the company during the rendezvous process, whilst the company has to do tons of expensive work to reply to it. This asymmetry opens up a DoS protocol and it makes it extremely difficult to filter the good customers from the bad because we have an anonymous network.
To make it worse, more than four years ago a device named Stinger-Tor was posted to the GitHub, enabling someone to assault a Dark Website with a Python script. There are other devices, such as this, that use Tor’s flaw and cybercrime gangs have offered them on various internet and secret hacking Forums.
A majority of the dread community members have encouraged other Tor network users to donate to the Tor Project in order to help end these attacks. The request seems to have been made about the donations because the Tor network is now prioritizing to develop a solution for this vulnerability. The suggested approach will not deal entirely with the issue but reduces the effectiveness of DoS attacks on Dark Websites. The change is expected for the upcoming version of Tor protocol 0.4.2 and it will make it even simpler for Tor network users.