Rob G. Jansen, PhD

Computer Scientist, Researcher, and Principal Investigator
U.S. Naval Research Laboratory, Washington, DC, USA

Publication Details

  1. Citation

    The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. Network and Distributed System Security Symposium, 2014.

    Author Links

    Venue Links


    47th Annual Alan Berman Research Publication Award for Best Paper in NRL’s Information Technology Division, 2015-04-17


    Our circuit killer DoS defense was deployed in Tor v0.2.4 on 2013-12-12
    Our work influenced deployed guard selection changes in Tor proposal 271
    Our work influenced proposed authenticated SENDME DoS defense in Tor proposal 289


    Tor is a distributed onion-routing network used for achieving anonymity and resisting censorship online. Because of Tor’s growing popularity, it is attracting increasingly larger threats against which it was not securely designed. In this paper, we present the Sniper Attack, an extremely low cost but highly destructive denial of service attack against Tor that an adversary may use to anonymously disable arbitrary Tor relays. The attack utilizes valid protocol messages to boundlessly consume memory by exploiting Tor’s end-to-end reliable data transport. We design and evaluate a prototype of the attack to show its feasibility and efficiency: our experiments show that an adversary may consume a victim relay’s memory by as much as 2187 KiB/s while using at most only 92 KiB/s of upstream bandwidth. We extend our experimental results to estimate the threat against the live Tor network and find that a strategic adversary could disable all of the top 20 exit relays in only 29 minutes, thereby reducing Tor’s bandwidth capacity by 35 percent. We also show how the attack enables the deanonymization of hidden services through selective denial of service by forcing them to choose guard nodes in control of the adversary. Finally, we discuss defenses against the Sniper Attack that provably render the attack ineffective, and suggest defenses against deanonymization by denial-of-service attacks in general that significantly mitigate the threat.


      title = {The Sniper Attack: Anonymously Deanonymizing and Disabling the {Tor} Network},
      author = {Jansen, Rob and Tschorsch, Florian and Johnson, Aaron and Scheuermann, Björn},
      booktitle = {Network and Distributed System Security Symposium},
      year = {2014},
      doi = {10.14722/ndss.2014.23288},