I think that it may be somewhat ego-centric to accept the argument that this apparent flood is actually directed at the Tor network. It may be that the real goal is to find efficient weapons to attack the Internet as a whole, or major segments of it. It may be measuring the response time of the Tor network as well as that of various defenders who are trying to disarm bot-nets.
David C
On Fri, Sep 06, 2013 at 12:42:28PM -0700, David Carlson wrote:
I think that it may be somewhat ego-centric to accept the argument that this apparent flood is actually directed at the Tor network. It may be that the real goal is to find efficient weapons to attack the Internet as a whole, or major segments of it. It may be measuring the response time of the Tor network as well as that of various defenders who are trying to disarm bot-nets.
That theory seems even more egocentric than the most likely scenario.
The traffic pattern is consistent with a botnet simply using a <foo>.onion for their regular HTTP C&C channel, without keepalives. Each GET results in a new hidden service rendezvous circuit. Slow as heck but the botnet doesn't care, and absurdly inefficient but ibid.
I'm attributing to ignorance that which does not need malice to explain. :)
-andy
tor-relays@lists.torproject.org
-
Andy Isaacson -
David Carlson