Thus spake Fabio Pietrosanti (naif) (lists@infosecurity.ch):
On 3/29/11 3:30 PM, cmeclax-sazri wrote:
Opening a web page with lots of images results in lots of connections to web servers. If I hit the stop button before the images are loaded, my browser will close those connections without receiving any data. Web pages do not normally contain lots of HTTP links to sites that aren't running web servers, so a lot of refused connections does not look like anything that can happen in normal web browsing. Port scanning results in lots of connections closed upon opening and lots of connections refused; the distinctor is the lots of connections refused.
So then when a website or ad server wants to DoS a tor user, they just introduce a tight open+close XMLHTTPRequest loop in some JS?
Ok, anyone willing to implement a portscan detector using such logic? :-)
I candidate myself to test it with the risk of getting Bad-Exited ;P
At the point where you are implementing stuff there's no reason to risk anything. As I've said before, we can safely signal to clients in real time that they should go elsewhere with their traffic. The Tor Protocol supports this.
There is no need to break stuff for unsuspecting users. Srsly: https://lists.torproject.org/pipermail/tor-relays/2011-March/000675.html