I have a smal knowledge of Tor, but could this be an attack to uncover sources?
For example, let’s say a nation state controlled a large number of exit nodes (10%), and then DDOSed the other legitimate 90%. Would this force all traffic to the 10% they controlled?
Yes! Targeted DoS is one way to force traffic to your evil exit node, and also to attack onion service anonymity (by forcing the service to choose a new guard).
The 10/90 attack you're describing is probably not feasible due to monitoring by the network team. Those remaining unaffected nodes would be easy to spot as malicious relays and get removed from the netwotk.
It would not surprise me if nation states did control 10% of exit nodes. Onion routing however, means that exit nodes alone can not deduce sources. An attacker would need to control a whole chain to know both traffic source and destination, and the most important aspect of Tor architecture is to make that as difficult as possible.
Actually, it’s Hillary Clinton DDoSing Tor to cover up recently released evidence linking her and the DNC to a child-trafficking organisation that worked with Jeffrey Epstein.
On a more serious note, Tor DDoS attacks are always DNM related.
It doesn’t make any sense for Russia to DDoS Tor, they haven’t even blocked it domestically.
Keeping russians from reading unapproved media. You know, the kind that tells something closer to the truth than "ukraine loves russia for saving them from their jewish nazi leader".
I doubt that. The majority are using plain old proxies and VPNs. A very temporary attack on Tor would hardly make a dent.
There's near-constant ddosing on Tor of darknet markets, some if it might've spilled over. Even more likely a random group is doing it because they can. Russia is definitely not the only or main choice even if they are on everyone's minds currently.
Initiating a DDoS is costly in many cases. It exposes infected bot net nodes that will most likely be pulled off the botnet by their owners or ISPs. Botnet owners don't randomly let their botnet be used for anything unless they're paid well for it. Something this massive isn't for shits and giggles.
in maybe <0.1% of cases, unless you're trying to abuse port 25, which is not being discussed here.
> Botnet owners don't randomly let their botnet be used for anything unless they're paid well for it
That's just not true. Botnets have never been cheaper, and despite all of the pageantry by Microsoft et al, the reality is that organized distributed-origin attacks expand far beyond just being general rabblerousers, and are on the rise. Our abilities to detect, thwart, and report on them are far outnumbered.
Without any previous established reputation you can log on today and command a large swarm to do your bidding on almost any target for less than the cost of a tank of gas. Botnets large and small, and for all purposes are available, to anybody, for meager first world sums.
Botnets are not always 1 bot 1 stone thrown. People often mistakenly equate large attacks with large bot swarms. As we learned with amplification attacks, or even the primitive malformed packet attacks, big things quite often come in very small packages.
For example, let’s say a nation state controlled a large number of exit nodes (10%), and then DDOSed the other legitimate 90%. Would this force all traffic to the 10% they controlled?