The operator of an underground marketplace hosted within the Tor network has reported a flaw in Tor that he claims is being used for an ongoing denial of service attack on the site.
The problem, which is similar to one reported by another hidden site operator in December on the Tor mailing list, allows attackers to conduct a denial of service attack against hidden sites by creating a large number of simultaneous connections, or "circuits," via Tor, overwhelming the hidden service's ability to respond.
The problem is still under review, but it appears to be related to abuse of the "introduce" message in the Tor Hidden Services protocol, which is used to negotiate the connection between the client and the hidden server. By sending multiple "introduce" requests to the same hidden service, an attacker could make the targeted server create multiple circuits (paths over the Tor network used for the session), eating the server's available CPU and network resources and making it inaccessible to users.