• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Deep Web
  • Hacking
  • DoS attacks against most used default Tor bridges could be very cheap

DoS attacks against most used default Tor bridges could be very cheap

Pierluigi Paganini August 22, 2019

Researchers explained that carrying out attacks against the most used default Tor bridges would cost threat actors $17,000 per month.

According to security researchers Rob Jansen from the U.S. Naval Research Laboratory, and Tavish Vaidya and Micah Sherr from Georgetown University, launching denial-of-service (DoS) attacks against most commonly used default Tor bridges would cost attackers $17,000 per month.

DoS attacks could be used for preventing users to access the popular anonymizing network or to carry out attacks to de-anonymize Tor users with techniques such as traffic correlation.

For a modest sum, threat actors could target Tor bridges saturating their resources and causing significant degradation of network performance.

In a research paper presented at the 2019 USENIX Security Symposium, the experts explained that targeting the entire Tor network with a DoS attack could be very expensive, it would cost millions of dollars each month, but targeted attacks against specific Tor bridges are economically feasible.

“First, we explore an attack against Tor’s most commonly used default bridges (for censorship circumvention) and estimate that flooding those that are operational would cost $17K/mo. and could reduce client throughput by 44% while more than doubling bridge maintenance costs. Second, we explore attacks against the TorFlow bandwidth measurement system and estimate that a constant attack against all TorFlow scanners would cost $2.8K/mo. and reduce the median client download rate by 80%.” reads the paper. “Third, we explore how an adversary could use Tor to congest itself and estimate that such a congestion attack against all Tor relays would cost $1.6K/mo. and increase the median client download time by 47%. Finally, we analyze the effects of Sybil DoS and deanonymization attacks that have costs comparable to those of our attacks.”

The experts estimate that the total link capacity across the Tor network ranged from 429 to 575 Gbit/s over the year; for their research, the experts used the average of 512.73 Gbit/s this means that the attacker would spend around $10,000 per hour to use a DoS stresser service to hit each Tor relay. Overall code per month is $7.2 million. 

An attack on Tor’s most commonly used default bridges and flooding them would only cost around $17,000 per month, in this way the attackers could reduce client throughput by 44% and more than double bridge maintenance costs. 

An attack aimed at all scanners in the Tor Flow bandwidth measurement system would cost $2,800 per month and reduce the median client download rate by 80%. 

The expert discovered that threat actors could use Tor to congest itself and such kind of attack would cost $1,600 per month, resulting in the median client download time increasing by 47%. 

In order to examine the performance of the network’s bridges the experts focused on 25 default bridges that use obfs4 obfuscation protocol2, because most of Tor bridge use default bridges and obfs4.

“To test their performance, we use a modified version of Tor to download a 6 MiB file through each bridge. Surprisingly, we find that only 48% (12/25) of the obfs4 default bridges included in Tor Browser Bundle (TBB) are operational.” continues the experts. “The Tor Browser Bundle (TBB) includes a set of 38 hard-coded default bridges (as of version 8.0.3). Users who cannot directly access Tor relays can configure TBB to connect via one of these default bridges “

To compare against the performance of unlisted bridges, the experts requested 135 unlisted obfs4 bridges from the Tor Project’s bridge authority via its web and email interfaces. 95 of the acquired unlisted bridges were found to be functional.

The researchers estimate that the costs to launch a DoS attack against the 38 default bridges could be of around $31,000 per month. Considering that nation-state actors could be interested in targeting these default Tor bridges, this budget could be a good investment for them.

Experts explained that considering that 90% of bridge traffic passes through default bridges, forcing it to unlisted bridges could have a significant impact on network performance.

Tor bridges attacks

The study also compared the presented attack scenarios with launching a Sybil DoS attack, where the adversary could run Sybil relays and then arbitrarily degrade traffic performance or deny service by dropping circuits, or de-anonymize users by observing both the entry and exit points in a vulnerable circuit, and concludes that attacks on Tor bridges are more flexible and less expensive. 

“On the positive side, we find that Tor’s growth has made it more resilient at least to simple attacks: disrupting the service by na¨ıvely flooding Tor relays using stresser services is an expensive proposition and requires $7.2M/month. Unfortunately, however, several aspects of Tor’s design and rollout make it susceptible to more advanced attacks.” the researchers conclude. “We find that Tor’s bridge infrastructure is heavily dependent on a small set of fixed default bridges, the operational of which can be disrupted at a cost of $17K/month”  

Further technical details on the attack techniques are reported in the interesting analysis published by the experts.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Tor bridges, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

hacking news information security news Pierluigi Paganini Security Affairs Security News Tor tor bridges

you might also like

Pierluigi Paganini July 08, 2025
Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day
Read more
Pierluigi Paganini July 08, 2025
Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

    Security / July 08, 2025

    Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

    Intelligence / July 08, 2025

    U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

    Hacking / July 08, 2025

    IT Worker arrested for selling access in $100M PIX cyber heist

    Cyber Crime / July 08, 2025

    New Batavia spyware targets Russian industrial enterprises

    Malware / July 07, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT