Hidden threat to hidden services: a bug in Tor allows you to attack intranet resources

This week, it became aware of a flaw in the Tor protocol that allows attacks to be performed on hidden network services that load the server and make it virtually inoperable. Apparently, the problem is that when connecting to a hidden service, you can open a very large number of introduce-connections with it , which set up the initial connection. As a result, several circuits are formed inside the network, including this server and duplicating each other. The processor and network connection resources of the server are exhausted as a result.

If it turns out that the problem is really in this, then its correction will require serious changes in the network operation protocol, in particular, interaction with the so-called. “Bridges” intended for connecting to the network those nodes that for some reason cannot work with it in the usual way (most often due to restrictions imposed by the network administration - for example, as a result of Tor banning ).

The first about the problem was Darren Martin, a former member of LulzSec, who keeps a hidden service. Then the administrator of the Middle Earth website, selling funny mushrooms, weapons, surveillance equipment and other toys, told Reddit that his service and the similar Agora website would even have to be temporarily closed until the problem with the network implementation was resolved. According to him, site administrators are working with Tor programmers to solve this problem.
')
The popularity of hidden services led network developers to make a statement about the development of these services in the near future. They ask all interested parties to take part in the project of development of services, express their views on their improvement, and also announce a crowdfunding campaign that will finance their further development.