For several weeks now, users have been complaining (see
https://www.reddit.com/r/TOR/comments/1cnmsdz/tor_extremely_slow_lately/,
https://forum.torproject.org/t/is-there-currently-a-major-ddos-affecting-the-networks-availability/12492,
etc) about degraded performance (slow speeds, timeouts) when using Tor, both
to access v3 onion sites and clearnet websites. In my personal experience, most
v3 onion services are responding so slowly that they're completely unusable.
it turns out that's it not just people's imaginations, looking at charts on
metrics.torproject.org, it can be seen that the time to complete a 5MiB request
over Tor has increased substantially (https://ibb.co/tp1CHdh). All of this is
very reminiscent of the large scale DDoS that affected Tor relay nodes in
2022-2023.
Tor relay operators have reported "attacks" on their relays, but there haven't
been many details about what kind of attacks are taking place, other than some
people saying that they have been TCP SYN flooded. But (to me, anyway) SYN
flooding doesn't really make a lot of sense as there are so many Tor relay
nodes that would need to be attacked, (and misconfigured to allow a SYN flood
attack to work), and even if it were a SYN flood, that would cause different
behavior than what users have been seeing (preventing connections to the Tor
network rather than slowing them down).
I understand that DDoS attacks on the Tor network might be kind of a touchy
subject, but it would be good if we could get some information from the project
leadership as to what's going on, what is being done about it, and what Tor
relay operators can do to help prevent attacks like these from happening.
Thanks
Sent with [Proton Mail](https://proton.me/) secure email.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays