What Onion Service Operators Can Do To Mitigate DDoS Attacks

976
man working on a virtual screen of the future and sees the inscription: Ddos attack
What can onion service operators do to mitigate the increasing DDoS and DoS attacks that started late last October?

Since late last October, onion service operators have been on the receiving end of numerous DoS and DDoS attacks, both on the deep web onion service and also on the clearnet websites.

The Dos and DDoS attacks have generally alternated between the deep web and the clearnet over the span of a couple of days and as things stand now, the motivation behind the attacks are anyone’s guesses.

Your TOR usage is being watched

Definition of Terms

DoS means Denial of Service. Typically, a DoS attack involves the flooding of a server or network with traffic from a single device as a way of drastically crippling the website and making it unable to serve legitimate traffic.

Depending on the magnitude of the attack and the capabilities of the server or network, the flooding often gets too overwhelming and forces the website to go offline for a period ranging from a few hours to months.

DDoS stands for Distributed Denial of Service. Like DoS attacks, it seeks to cripple the target’s server by sending it tons of traffic.

Unlike DoS, however, DDoS deploys several devices from all over the internet, DDoS usually infected with malware to serve that exact same purpose, to launch the attacks to the specific server or network.

As such, they can be quite a headache to handle for onion service operators.

Attacks Utilize Onion Services’ Only Weakness

ddos presented in the form of binary code 3d illustration
Mitigating DDoS Attacks Against Your Onion Service.

When carried out properly, DoS and DDoS attacks are very effective ways to bring down a victim’s server and consequently disrupt their services or halt their operations for a period of time.

Ironically, it is much easier to block DDoS and DoS attacks on clearnet websites than it is for onion services to mitigate them.

Read >>
Security Vulnerabilities Could Let Hackers Access In-Flight Systems

This is because in clearnet websites one is able to access individual connection information such as IP addresses and geographic locations, single them out, drop the connection(s) and prevent it from reconnecting.

For onion services, however, this is a luxury they cannot afford.

Simply put, the design of onion services that prevents them from accessing individual connection information becomes a flaw when it comes to mitigating DDoS and DoS attacks because it is impossible to single out an IP address or a geographic location.

There is only one connection that can be seen by the server and block it means blocking out everybody else using it, which is exactly what the attackers want anyway.

How Can Onion Servers Prevent/Deal with DDoS and DoS Attacks?

Seeing that the DoS and DDoS attacks rely on overwhelming both the resources of your network and the capabilities of your server, upgrading them will help to significantly reduce the impact of the resource-limiting DDoS and DoS attacks.

DDoS attacks especially seem to target the network speed of onion services more than anything.

As a result, there are hardly any performance tweaks to be undertaken that can reduce the impact of a DDoS attack that focuses mainly on disabling the network speeds.

Onion services can, however, adopt a number of safety and counter-measures to ensure that they survive DDoS and DoS attacks.

1. Constantly Update Your System

Getting on the mailing list for services such as Tor is important for onion services.

This is because recent upgrades often address some of the biggest vulnerabilities of the onion router and you would be on the safer side if you got the upgrades as soon as possible.

Read >>
Tor Project Implements New Policies And Practices

Tor’s most recent release 0.2.8.9 for example, came as a relief for many users as it fixed a crucial weakness that was being utilized by remote hackers.

2. Upgrade Your Software as Well

Most onion service operators fail to see the simple yet vital importance of upgrading their services.

A powerful server can only do as much when it comes to withstanding heavy influxes of traffic, but improving the software as well can also help mitigate heavy DDoS attacks.

Some of the recommended upgrades include Nginx for apache users, and PHP 7 from the much slower PHP 5.6 in order to triple server response capabilities while reducing memory usage.

3. Monitor Your Information Logs

Logs will help you identify deficiencies with pinpoint accuracy and provide insight on the type of configuration you can go in to make things run a bit smoother.

In the event of Dos and DDoS attack, onion service operators should also avoid piling on to the problem by rate limiting or using code solutions, as these often result in the failing of the server.

4. Tor Limits Bandwidth During the First Few Months

When onion service operators introduce their sites to Tor, it gradually increases the site traffic over time, meaning that it might take a while before your network usage picks up speed.

Using anti-bot repellents is one effective way for users to speed up the process and enjoy full network usage sooner.

To summarize, the best an onion service operator can do to mitigate DDoS and DoS attacks is to improve their service in anticipation of an attack so that they can absorb as much of the influx of traffic as possible without shutting down operations.

Read >>
Opera Added Free VPN To Their Browser
Write for us

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

4 COMMENTS

  1. Not being code savvy my input might not be the most enlightening. It does seem to me, however, that there should be in place a way to identify bad actors, that is those entities attempting to input malware or initiate dos or ddos attacks in an entry process that will identify them before they are allowed actual access to the router itself. Call this a pre-entry protocol that one must enter through before being allowed access to the actual router or site. Perhaps software that VERY quickly identifies attacks ( obviously not zero days ) and mitigates the attack before it can affect the network. Perhaps a ” filter ” of sorts through which ALL traffic must travel. Sort of a security guard at the front door. I do know you guys are, at the very least, as smart as the guys on the ” other ” side. I only wish I could be of more useful help. Not because I buy illicit items on the dark net but because I abhor the invasion of privacy that has spread like a vicious, virulent virus in recent years. I expect this behavior from criminal types but I never, in my wildest dreams, expected to witness this behavior eminating from our own government. The truth is; these people are as wicked as the murderous criminals they seek to apprehend. No not all of them but enough that the decent and righteous ones do not stand a chance. So you brainiac folks truly defending the people buck up and get at it. And get at it HARD.

  2. The DDOS attacks are a collective of governments trying to bring the darknet down! the only way around this problem is by securing the sites where you download your tor browser so they cant be hacked. they even have a virus which embedes into your operating system while you are downloading it, claims administrative rights and connects to zombies automatically whenever you go online, i know cause this has happened to me!

LEAVE A REPLY

Please enter your comment!
Please enter your name here