Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 96 97 [98] 99 100 ... 208
1456
Security / Re: How to stop the DOS attack
« on: April 30, 2013, 02:06 pm »
Is anyone else finding it increasingly difficult to use the forum? It keeps delaying or timing out.

Anyway, I was under the impression that all hops must use fully formed TCP streams. That's why syn floods are not possible. Your Tor client makes a full connection to the entry, which makes a full connection to the next relay, and so on. I guess I didn't consider that in the last hop it may allow you to blast the service with whatever data. :)


1457
Security / Re: How to stop the DOS attack
« on: April 30, 2013, 01:59 pm »
Sure it will. Otherwise it would close a circuit as soon as a page is done being loaded. It keeps an established but inactive circuit open for about ten minutes before discarding it.

Those are the baseline ones I was talking about, the 3 hop circuits that it always keeps open and rotates every times minutes.

You can prolong the life of the circuit by trying to open streams through it, even if the streams fail to connect it resets the remaining time to keep the circuit open. I was able to indefinitely keep the circuit to the market open despite never being able to establish an open stream through it, but after manually closing the circuit I wasn't able to establish another one, likely because the introduction nodes are being pwnt.

Right, you're sending data through it. How often did you do that?

1458
Security / Re: How to stop the DOS attack
« on: April 30, 2013, 01:45 pm »
Tor is not going to keep empty circuits open other than the baseline ones it always keeps open.

1459
Security / Re: How to stop the DOS attack
« on: April 30, 2013, 01:36 pm »
If the actual service goes down, like the web server, then a TCP connection won't be formed and the circuit will (or should) be killed.

1460
Security / Re: How to stop the DOS attack
« on: April 30, 2013, 12:22 pm »
Yep it definitely looks like it is the introduction nodes being DoSed and not the server itself, because circuits cannot even be established. The server out of resources message probably is referencing to the introduction nodes of SR. I think the best bet is to take Astors advice and modify the source code in order to use a lot of introduction nodes.

I threw that out there without knowing what the problem is, hoping to get a conversation started, but now I think it's the intro points too. I go from 4 or 5 open circuits to 20 and then it dies, no error message.

1461
Security / Re: How to stop the DOS attack
« on: April 30, 2013, 01:16 am »
The old security through obscurity.

The attacker knows what kind of attack he's running, thus he already knows how it can be mitigated, if that's possible at all. Openly discussing it reveals nothing new to the attacker.*

What appears to be the case is that DPR doesn't know how to mitigate it, which is why he mentioned several options in his latest post. That's why we need to be throwing out suggestions.



*Not to mention that if we throw out enough ideas, he won't know which ones were implemented.

1462
I started a brainstorming session over here for anyone who is technically inclined:

http://dkn255hz262ypmii.onion/index.php?topic=153182.0

1463
Security / Re: How to stop the DOS attack
« on: April 29, 2013, 08:04 pm »
Ok, while you all work on killing the attacker, anyone else have technical advice?

It's time for the community to step up and help the site they love.

1464
I know about TorStatusNet, which is like Twitter. Friendica and Diaspora are more like Facebook. Are there hidden services like that?

1465
Off topic / Re: Fuck /r/SilkRoad/
« on: April 29, 2013, 06:56 pm »
/r/silkroad is the bottom of the barrel of SR users. I suspect a large percentage of them have never used the browser bundle. They access SR through clearnet proxies like onion.to and onion.sh, which of course means they post on /r/silkroad with their real IP addresses. The more sophisticated people might use a VPN, which offers little protection if LE really wants to find them. There appears to be very little overlap between the /r/silkroad and forum communities. Occasionally I see people over there reference the forum, but for the most part they seem to not have a clue about the conversations going on over here, or much of anything for that matter.

All that being said, why are you trying to get it shut down? Who gives a fuck what they do. The information is out there on how to be safe, if they choose not to read or follow it, that's their problem.

1466
We need a proper hidden service social network with pseudonymous users. There are open source, federated social network applications like Friendica and Diaspora. Someone with the knowledge and talent to properly secure one of them should offer it as a hidden service.

The main drawback is that it costs money to run a server, and it would be really hard to display ads on a hidden service, so if it got popular enough, they would have to charge for the service.

1467
Security / How to stop the DOS attack
« on: April 29, 2013, 05:23 pm »
Does anyone want to brainstorm ways to mitigate the DOS attack? Of course, without knowing the nature of the attack, we can't offer specific help, but if we compile enough ideas, DPR should know which ones work, or test them until he finds a solution.

I can start with two suggestions.

1. Increase the number of intro points.

You'll have to download the Tor source code and edit /src/or/rendservice.c

Which can be viewed here:

https://gitweb.torproject.org/tor.git/blob/ab3d5c049032651a9c9164262f9a8f81de9709d4:/src/or/rendservice.c

Look at this section:

  72 /** Try to maintain this many intro points per service by default. */
  73 #define NUM_INTRO_POINTS_DEFAULT 3
  74 /** Maintain no more than this many intro points per hidden service. */
  75 #define NUM_INTRO_POINTS_MAX 10
  76
  77 /** If we can't build our intro circuits, don't retry for this long. */
  78 #define INTRO_CIRC_RETRY_PERIOD (60*5)
  79 /** Don't try to build more than this many circuits before giving up
  80  * for a while.*/
  81 #define MAX_INTRO_CIRCS_PER_PERIOD 10
  82 /** How many times will a hidden service operator attempt to connect to
  83  * a requested rendezvous point before giving up? */
  84 #define MAX_REND_FAILURES 30
  85 /** How many seconds should we spend trying to connect to a requested
  86  * rendezvous point before giving up? */
  87 #define MAX_REND_TIMEOUT 30
  88
  89 /** How many seconds should we wait for new HS descriptors to reach
  90  * our clients before we close an expiring intro point? */
  91 #define INTRO_POINT_EXPIRATION_GRACE_PERIOD (5*60)


Increase NUM_INTRO_POINTS_DEFAULT to something like 8, and NUM_INTRO_POINTS_MAX to 20. You may also experiment with changing the other values.

Then take a look at this section:

https://gitweb.torproject.org/tor.git/blob/ab3d5c049032651a9c9164262f9a8f81de9709d4:/src/or/rendservice.c#l1001

That's the formula for changing the number of intro points. You might try increasing the fudge factor from 1.5 to 2, or otherwise adjusting the formula to be more "sensitive" to intro point usage, and increase by a larger factor when they are getting hammered.

Build instructions are in the INSTALL file and here: https://www.torproject.org/docs/tor-doc-unix



2. Increase the number of entry guards.

This is potentially dangerous. It increases the likelihood of certain kinds of attacks and should only be used temporarily to mitigate an attack, if at all. You probably already know how to do this, but add NumEntryGuards to your torrc and set the value to something like 8 or 10.


Does anyone with experience defending web or database servers from attacks want to offer advice?

1468
Quote
5) The auto-encryption service only works IF the user or vendors uploads their PGP public key (we support key sizes of 1024 - 16384 bits). However, Atlantis also supports manual encryption outside of Atlantis in which users can use a PGP client to encrypt their message. Atlantis administrators and law enforcement could not decipher the encrypted message without the users private key. With all this said, the security comes down to the end user. If they don't trust the auto-encryption service, they can STILL manually encrypt the message outside of Atlantis and thus there is absolutely no risk of anyone being able to decipher the message. To this day, PGP with large key sizes (>= 4096bits) is still uncrackable, you can find more information about it here: http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Security_quality. Noting: 'there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means.'

They didn't even try to defend their in-browser encryption feature, implicitly admitting that it's insecure.

I still stay you're a fool if you use it.

1469
Security / Re: Bank Questioned Me
« on: April 29, 2013, 03:43 pm »
Shit like this is why we need Bitcoin and Zerocoin. Banks are supposed to hold your money. Their business is to make money by loaning your money to other people (fractional reserve banking). Unfortunately, banking laws have turned them into police organizations. Every purchase is watched and stored forever. Inconsistent with your last decade of banking? Jesus. They know about that sandwich you bought in 1993.

1470
There are techniques you can use to make this sort of attack harder to pull off

Presumably you're talking about TRESOR. Another reason Linux > Windows. You can hack it to make it safer, if you're competent enough to do so.

Pages: 1 ... 96 97 [98] 99 100 ... 208