[tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)

[Virgil Griffith]

Tom: If a hostile relay receives a connection from a ip-address A that
is not listed in the Tor consensus, as far as I understand the hostile
relay stills has two possibilities about ip-address A:

(1) A is the client
(2) A is a bridge

I do not understand how the "reverse renumeration" attack you mention
(p136 of your 100-ft-summary) is able to distinguish between these two
cases.

Any help?
-V