If you’ve been experiencing Tor network connectivity and performance issues lately, you’re not the only one since many others have had problems with onion and i2p sites loading slower or not loading at all.
Tor Project’s Executive Director Isabela Dias Fernandes revealed on Tuesday that a wave of distributed denial-of-service (DDoS) attacks has been targeting the network since at least July 2022.
“At some points, the attacks impacted the network severely enough that users could not load pages or access onion services,” Fernandes said on Tuesday.
“We have been working hard to mitigate the impacts and defend the network from these attacks. The methods and targets of these attacks have changed over time and we are adapting as these attacks continue.”
While the goal of these ongoing attacks or the identity of the threat actor(s) behind them are not yet known, Fernandes said the Tor team will keep tweaking the network’s defenses to address this ongoing issue.
The Tor Network team will also be expanded to include two new members focusing on .onion services development.
“In the interest of protecting the Tor network and our global community, we chose to limit public information on the nature of those attacks for now,” Fernandes told BleepingComputer when we reached out for more information on the DDoS attacks.
“To clarify, our services have not been down, but on occasion slow for some users, and it is important to note that the user experience is affected by a variety of factors, including what onion services are being used, or which relays get picked when they build a circuit through Tor.”
DDoS attacks also hit the I2P network
Tor is not the only anonymous communications network currently targeted by DDoS attacks. The I2P (short for Invisible Internet Project) peer-to-peer network has also been dealing with a massive attack for the last three days.
As a result, I2P users might also experience issues due to some i2pd routers crashing with OOM (out of memory) errors when hit by this Denial-of-Service attack.
“As you already know, the I2P network has been targeted by a Denial-of-Service attack for the past ~3 days. The attacker is flooding the network with malicious floodfill routers, which are responding incorrectly or not at all to other routers and feeding the network false information,” one of the I2P subreddit’s mods said yesterday.
“This results in performance and connectivity problems, because the floodfills provide peer information to the participants in the network. The result is a form of sybil attack which is used to cause widespread denial of service.
“This attack has degraded the performance of the network but it remains intact and usable. Java I2P routers still appear to be handling the issues better than i2pd routers. Various mitigations should appear in dev builds of both Java and C++ routers in the next week.”
Just as in Tor’s case, the threat actors are using a variety of tactics as “the attack is starting / stopping / changing several times a day,” as I2P’s project manager and core dev lead said in a Tuesday community meeting on IRC.
