Layer 7 DOS against I2P darknet
11 Sept 2012
I wrote a small proof of concept in python for a slowloris attack performed against hidden sites on the I2P darknet.
The idea comes from the Slowloris attack where the attacker depletes the web servers resourses by initiating a few very slow request, filling up the sockets and rendering the site unaccesable.
One way to protect against against the Slowloris attack is to limit the time a client is allowed to stay connected, but this proves hard in a high latency enviroment like the I2P darknet.
How does it work
First I open a socks proxy in my I2P configurations on port 4475.
Then I run the script with the host (change the host variable to i.e. the base32 address) I want to take down.
Before script is fired.
After script is fired.
Please remember that Denial of Service-attacks are illegal. Only use this script when trying to secure your own eepsite against this kind of attacks.
A good tip is to lower the amount of connections one IP is allowed to have to your site at a given moment.
As the goog people at forum.i2p pointed out there are good protections against this attack built in to the i2p routing software. It is not activated by default but you can find it on the advanced settings for the server tunnel.
In the advanced panel you can limit the amount of incoming connections from one client per minute/hour/day. Here is a screen dump of the settings (but unfortunately in Swedish).