Silk Road forums

Discussion => Security => Topic started by: offbeatadam on September 17, 2013, 08:44 pm

Title: TOR and its recent issues (and impact on SR)
Post by: offbeatadam on September 17, 2013, 08:44 pm
Greetings Folks,

So, I've had some issues getting on lately, as have many others. Speculation has been rather frequently focused on a few things... the Pirate Bay thing, various espionage theories, public increased awareness of its existence, and botnets.

Clearnet: http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/

This is 12 days old now, but as I'm sure many don't actually read torproject, I figured now that I'm back from a rather disruptive few weeks of work I'd start attacking my issue of getting on. There is a botnet that is presently using TOR as its network for control and commands from its admins. The size of the botnet, accounts for the drastic (as of today, nearing a quintuple) increase in clients.

This is causing an issue. The problem isn't that its affecting exit nodes - in fact, they're fine, when you actually establish a circuit that connects to any TOR site, you have no issues for as long as that circuit allows you to maintain the connection. Unfortunately, that is up to the operators of those relays - that could be anywhere from 5s idle to 90s idle, or more but... 90s is already pretty high. The reality is, it sucks, as most of the time its difficult to establish a clear circuit.

The relays are essentially overloaded.

The solution: upgrade your tor client.

Clearnet again: https://blog.torproject.org/blog/new-tor-02417-rc-packages

Note: The beta client is below the stable client listings, so scroll down, or just do a text search on the site.

The TOR project is actually actively developed - and while everyone (including myself) likes to point out that a reasonable portion are employees of the government, the truth is that development actively protects our freedom too. The 0.24 release, comes with a massive overhaul of a couple of systems, one in particular is the protocol that facilitates the handshake between your client and the relay nodes... and, ultimately, all other connections on the tor network. This new handshake method is one of the ways that they discovered the botnet in the first place - as the botnet is using the older method.

The advantage, is that upgraded relays (which rely on the tor server software, which is already at 0.24 for most relays) prioritize the new protocol. While this won't correct the overall load issue on the network, it will correct the error rate somewhat.

Ultimately, the botnet being a "cause" is something of a misnomer. The actual problem is a lack of relays. The TOR network is self supportive, it requires users supportive of the protocol to provide additional resources in order for the network to allowably grow. On one end, the botnet has overloaded the network by dumping so many resources into an already strained network to begin with. However, it is not a number of clients that is unreasonable to expect in the TOR network to begin with. It merely demonstrates the lack of relays to begin with.

At the moment, a somewhat running joke is that if a percentage of the infected computers became relays, the network would be operating at a level not seen for some time...

Anyways. I've been running the beta since Saturday. My connectivity since Saturday has been about 70% success rate, where before I had about 10%. There are many other improvements in the new bundle.

When/if you do download the new bundle, be sure to disable HTTPS Everywhere. It's a nice effort in theory, but its still buggy, and it can slow down your connections significantly. It can be done by clicking on the button to the right of the home & favorites list (the one closest to the edge of the window).
Title: Re: TOR and its recent issues (and impact on SR)
Post by: astor on September 17, 2013, 10:00 pm
I think most people figured out they should upgrade to Tor 0.2.4 a week or two ago. A bigger issue is the botnet load combining with the daily user surge in the US daytime, which makes the market difficult to access. I was watching my log earlier today and saw a "200" OK message for the rendezvous descriptor fetch, meaning the market's Tor was up and working, but noticed a bunch of "failed to connect to intro N times" messages, along with another message about waiting for intro-ack at the rendezvous.

The message about intros means that the intro points are basically being DOSed by all the users and many of us can't reach them. It may be possible to mitigate this problem if DPR increases the number of intro points, following this: http://dkn255hz262ypmii.onion/index.php?topic=153182.msg1063761#msg1063761

The message about the rendezvous point means that the user's client has established a connection but the market's client is failing to connect to that relay. Not sure what could be done about that. It's a product of the load on the market's Tor client from the users combined with the overall load on the network from the botnet.

Title: Re: TOR and its recent issues (and impact on SR)
Post by: cryngie on September 18, 2013, 05:03 am
I have the updated on and the beta one and the beta one will not connect to any sites so im back to using the normal updated on sad face
Title: Re: TOR and its recent issues (and impact on SR)
Post by: livestr0ng on September 18, 2013, 07:27 am
How does the Tor version affect a TAILS user? I can't even find what version I'm running. Will it automatically be updated in the next version of TAILS?
Title: Re: TOR and its recent issues (and impact on SR)
Post by: astor on September 18, 2013, 03:21 pm
How does the Tor version affect a TAILS user? I can't even find what version I'm running. Will it automatically be updated in the next version of TAILS?

You can find the version by opening a terminal and running "apt-cache policy tor". I get 0.2.3.25. That will slow down your Tor use. Whonix suffers from the same problem. It hasn't bee updated in 6 months though.

They should upgrade to 0.2.4 in the next version of Tails.
Title: Re: TOR and its recent issues (and impact on SR)
Post by: livestr0ng on September 19, 2013, 04:40 am
How does the Tor version affect a TAILS user? I can't even find what version I'm running. Will it automatically be updated in the next version of TAILS?

You can find the version by opening a terminal and running "apt-cache policy tor". I get 0.2.3.25. That will slow down your Tor use. Whonix suffers from the same problem. It hasn't bee updated in 6 months though.

They should upgrade to 0.2.4 in the next version of Tails.
Cool. Yeah, I get 0.2.3.25 too. I really hope they upgrade the next version. Thanks, astor.