Is there currently a major DDOS affecting the network's availability?

I’ve used Tor and Tor Browser on a regular everyday basis for the last few years, and I know there is always natural fluctuating variance in the network’s performance at different times. But for the past several days or so, 90% of page-load attempts time out, and the 10% that succeed take the better part of a minute to finish, contrasted with fewer than ten seconds under normal circumstances.

Nothing has changed in my local configuration, and I don’t see anything mentioned at https://status.torproject.org/ , but something is definitely noticeably different at present in terms of network availability and/or load.

Is anything specific known about this?

2 Likes

Same here.
Log file has been flooded with this message since yesterday.

[warn] Possible compression bomb; abandoning stream.

2 Likes

I can confirm. Tor network is working extremely slowly these days. I think it is kind of massive DDoS attack against Tor relays.

Tor has been working very slowly for two weeks already. Any ideas how to fix it? We need to improve the protection against DDoS attacks on Tor relays.

2 Likes

UPD 05/10/24:

Users are still reporting about the issues with Tor network. Tor networking speed has become very slow.

Reddit (r/TOR community):

https://www.reddit.com/r/TOR/comments/1cnmsdz/tor_extremely_slow_lately/

Whonix Forums:

I guess it’s either a bug in Tor or a kind of attack against Tor infrastructure.

1 Like

I’ve been experiencing overload on both my relays, which is not the usual. Running 2 relays on 4 cores and 8GB of RAM. RAM is not an issue but CPU load is usually at 60%. These last days it’s been over 80-85%, getting warnings from time to time about my computer not being able to hold that many circuits for long.

Over a span of 20 days uptime:

06:08:12 [NOTICE] Heartbeat: DoS mitigation since startup: 1.078 circuits killed with too many cells, 60.081.539 circuits rejected, 751 marked addresses, 6 marked addresses for max queue, 88 same address concurrent connections rejected, 0 connections rejected, 1.633 single hop clients refused, 479 INTRODUCE2 rejected.

06:08:16 [NOTICE] Heartbeat: DoS mitigation since startup: 1.151 circuits killed with too many cells, 40.438.538 circuits rejected, 727 marked addresses, 1 marked addresses for max queue, 883 same address concurrent connections rejected, 0 connections rejected, 1.244 single hop clients refused, 0 INTRODUCE2 rejected.

I’ve considered about further configuring my relays in order to handle a higher capacity, but I’m not sure it’s the right thing with just 4 cores.

2 Likes

I just started noticing it in the last 2-3 days. That’s why I came here today actually. I’m only getting 100-200KB/sec most of the time, where I usually get 1-2MB/sec, and a lot of connections are getting dropped prematurely.

Long-term DDoS’s like this have been happening once or twice a year for the past several years now it seems like. Tor Project has been implementing mitigations but attackers keep discovering new weaknesses. It’s a game of cat and mouse, I guess.

2 Likes

A massive DoS attack against Tor relays is confirmed.

1 Like

I’m not a heavy Tor user but have noticed a slowdown lately.

Any idea by whom and for what purpose? A state player or just a trouble maker?
Even some sort of a conspiracy theory idea.

The one which comes to mind is the Sniper Attack:

Is this it.

1 Like

Tor network is still very slow. A DDoS attack is still being performed.

Too difficult to implement. I guess it’s just an ordinary TCP SYN flood attack from outside of Tor. There was an issue here some years ago:

A relay operator discovered many incoming connections to his relay from Hetzner AS. He set up his relay on top of Windows OS though.

I think that Tor relay operators should set up their relays under FreeBSD and set up firewall rules as it described here:

Also they should turn on SYN cache which is available on FreeBSD but not on Linux.

https://man.freebsd.org/cgi/man.cgi?query=syncache&sektion=4&manpath=FreeBSD+14.0-RELEASE+and+Ports

1 Like

Well, 05/16/24 and Tor network is still under a massive DDoS attack. Users are still reporting about issues with Tor slowdown:

https://www.reddit.com/r/onions/comments/1cr0g1t/tor_is_slow_asf_randomly/

I signed up to this forum because I don’t know how to create a bug report in Tor repository and I also don’t have a Gitlab account. It seems like Tor Project team leader is here. Are we going to do something in order to stop this DDoS attack? May be we should initiate an another Tor Relay operators meetup and ask relay operators to set up firewall rules against DDoS? I would like to receive a feedback from Tor Project developers. Thank you.

1 Like

Here you can request an account for torprojects gitlab. https://gitlab.onionize.space/

Do you run a relay?

1 Like

Onion versions of websites have become completely unusable. They just time out or do not connect at all. It’s weird that the status page doesn’t mention any issues when such a critical part of Tor is broken.

2 Likes

Are you running relays? If so, which ones?

2 Likes

FWIW, the data of this graph is from two days ago, so this network health event might have changed.

However, if the slowness is related to onion services, there is nothing that relay operators can do.

Onion services operators are strongly advised to enable Proof-of-Work: Proof Of Work - The Onion Services Ecosystem and monitor it: Proof Of Work - The Onion Services Ecosystem.

2 Likes

I use Tor to evade my school censorship and currently i cant acess onion sites at all and google takes like 1m to load( it might be my school network too or my bridge)

1 Like

Tor worked just perfect yesterday. Today it is a slowdown again but it’s still faster than it was 4-5 days ago.

It’s because a DoS attack is being performed against Tor intermediate relays first of all. It makes Onion v3 services completely unusable and causes a huge slowdown when Tor users are trying to connect to clearnet websites.

4 Likes