Layer 7 DOS against I2P darknet

11 Sept 2012

Download here

I wrote a small proof of concept in python for a slowloris attack performed against hidden sites on the I2P darknet.

The idea comes from the Slowloris attack where the attacker depletes the web servers resourses by initiating a few very slow request, filling up the sockets and rendering the site unaccesable.

Since the attack works on layer 7 (sending partial GET requests), it works very well over darknets like TOR or I2P.

One way to protect against against the Slowloris attack is to limit the time a client is allowed to stay connected, but this proves hard in a high latency enviroment like the I2P darknet.

How does it work

First I open a socks proxy in my I2P configurations on port 4475.

Then I run the script with the host (change the host variable to i.e. the base32 address) I want to take down.

>python darkloris.py

Before script is fired.


After script is fired.

Please remember that Denial of Service-attacks are illegal. Only use this script when trying to secure your own eepsite against this kind of attacks.
A good tip is to lower the amount of connections one IP is allowed to have to your site at a given moment.

Update

As the goog people at forum.i2p pointed out there are good protections against this attack built in to the i2p routing software. It is not activated by default but you can find it on the advanced settings for the server tunnel.

In the advanced panel you can limit the amount of incoming connections from one client per minute/hour/day. Here is a screen dump of the settings (but unfortunately in Swedish).

blog comments powered by Disqus