Recently, there have been several reports of DDOS attacks being directed at TOR exit nodes. While a few of these reports are consistent, it is often difficult to assess a threat via community interaction alone. One user has posted a PGP-signed message on November 9th, and contained the following warning:
“Hi, I am the operator of several exit nodes and would like to stay anonymous due to the nature of the given attacks. Since Thursday (05.11.2015 1800 UTC) I have seen large DDoS attacks on each of my exit nodes from a common /16 source. The attacks originate from UK.”
Along with this claim were several other coincidental connections made by users of the /r/darknetmarkets subreddit. Several website owners have made DDOS announcements, such as Quantik and ScamLogs.
Quantik has specifically stated that these attacks are “massive”, and directly linked his finding to the TOR Project’s metrics website. At the time of posting, the graph clearly indicated that “1/3 of TOR relays simultaneously crashed”. However, it is important to clarify that it was only at the time of posting – since then, the graph detailing the November 4th crash appears to show only a slight decline, not anything like it