The official community for Dread announcements, discussion, and feedback. Come post any bugs!
Only posts relating to this site in this subdread allowed! Posts here are manually reviewed before public posting!
by /u/yaboi69 · 3 votes · 3 weeks ago
Why do people ddos dread and the markets? I understand maybe the markets people trying to get more customers to their own market. I just never understood why do it to dread I place where we get to just talk. I know that governments are more then likely behind some. I've been on this side of the internet for just a couple years. I haven't looked to much into things other then the buyers bible.
Tell me what you guys think.
/u/HugBunter A · 6 votes · 3 weeks ago · Link
The main thing has been extortion for money from the markets. These same attackers were then also paid by market to attack their competitors at times.
Dread was mainly hit when we affected their plans with solutions we provided to the markets, most recently with Daunt. Other times, it was targetted simply because it was used as a method of sharing private mirrors to markets safely without the attacker being able to find them.
/u/Wodra3000 · 1 votes · 3 weeks ago · Link
Is 'gustav' still relevant?
/u/HugBunter A · 2 votes · 3 weeks ago · Link
No, it surprizes me how many people are aware of him and attribute him to the attacks. His attack was good and a scale above other copycat attacks, but still no one has compared to the original attacker, who is responsible for the current/recent attacks.
/u/Wodra3000 · 1 votes · 3 weeks ago · Link
Everyone is using a tor-client on the server and every user connects to this client.
Does the attacker attack the each whole path of tor nodes or the introduction nodes only?
/u/HugBunter A · 2 votes · 3 weeks ago · Link
The connections come as a circuit request to the hidden service, just as your Tor client would send when accessing one. They just come in bulk, repeatedly, which firstly will overload the hidden service's Tor process, which is why we scale out, but then other nodes in the chain break down from the requests, the guard nodes and then the introduction points.
/u/Wodra3000 · 1 votes · 3 weeks ago · Link
If the guard nodes and/or the introduction points are under attack or down, are the admins of the nodes/points needed to restart the service or is the service cooling down alone?
Has the TOR-Project any possibility's to mitigate such attacks via a "Tor-Client-[i]Update[/]" and are they working on a solution?
/u/HugBunter A · 2 votes · 3 weeks ago · Link
It depends on the operator, some of them probably don't actively manage them as such and so some will die for long periods, sometimes days, which is why the network as a whole becomes seriously affected. We have ran our own Guard nodes in the past to provide an extra layer of security and it gave us the ability to optimize at the Guard layer to reduce/prevent this from happening. Introduction points you don't have much control of and has been the most recent bottleneck, mainly because the amount you can have for any service is limited by an arbitrary fixed value, which we cannot change.
They did add some rate limiting, which minorly improved things for a short period, it made it harder to attack at least, but it just allowed the attacker to improve their attack further.
The only solution is Proof-of-work, which got merged finally in the last few days, you can see Paris' announcement post on the homepage. Once this makes it into the stable branch of Tor and enough nodes on the network support it, we will be able to enable PoW in our Tor config and attacks will be truly over.
/u/Wodra3000 · 1 votes · 3 weeks ago · Link
Same problem on I2P, even the Java Nodes run sometimes an old version for a long time. But, the Java Node is the only one with an Auto-Updater. After, I believe, a week per default, most nodes are patched. The less old ones are running a Java I2P Version, I guess, without an or deactivated Updater. I don't know in what version the Auto-Updater was introduced.
Good idea, nonetheless seems risky. Respect you did that.
I saw it, thank you for putting things, with guard/introduction points/nodes, and the PoW together.
Has every node, where the traffic goes through, be updated or the Tor-Browser only to accept the challenge and calculate a correct/fitting input?
/u/HugBunter A · 2 votes · 3 weeks ago · Link
I don't know if I am quite sure what you mean, but essentially a hidden service will set PoW defenses in their Tor config, and can define the level of defense based on the severity of the attack. The higher the value, the more complex the PoW challenge will be, which in turn makes connections slower for genuine clients too and may harm accessibility of low spec devices such as cell phones. Based on these configs, this will be the requirement for building a circuit to a hidden service, so other nodes will not be affected if there isn't any initial circuit build processed due to the challenge not being solved: such as an outdated device not supporting it, or an attacker not solving it. These connections can be dropped immediately. If the attack is solving the requests, it will do so, but slowly, slowing down the attack and eating the resources on every server they have as they try to solve each time.
As an end user on Tor Browser, you will see no change, as the Tor process running on your PC will handle the solving when you make a request to a hidden service that has these protections enabled, you'll have a wait time as it solves it and then your circuit will be created and everything will run as normal now you have an open circuit to this onion.
/u/Wodra3000 · 1 votes · 3 weeks ago · Link
So, there it no need to patch a huge amount of or all nodes to use PoW. Dread Hidden-Service and Tor-Browser is enough to get it running.
Thank you.
/u/HugBunter A · 2 votes · 3 weeks ago · Link
The nodes also need to support it as far as I know, I'm not sure where they tie into it and I may be very wrong and over simplifying the process in my explanation, it probably does play a role in other nodes too. /u/Paris would be best to explain this.
/u/Sylfaemo · 1 votes · 2 weeks ago · Link
Money+assholes
/u/dreadykruger · 1 votes · 2 weeks ago · Link
The authorities and their constituents throw a tantrum every now and then and act out by launching a very unsophisticated and ultimately ineffective attack (DDoS). Also it serves to justify their jobs somewhat to the higher ups. You can't fire the guy who knows how to hire a firm to execute trivial cyber attacks. That's a very valuable asset! They make them sound real slick in their powerpoints. Stock images of cyber punk hackers (complete with watermarks) are standard.