see, its pitty how we dont understand that we are trying to defend
using the wrong principles.
just like the other poster pointed out.. protect your data == plug
holes + preserve + restore data.. != go for a witch hunt.
moreover.. we when "blocking" tor and denying access are assuming 3
things :
1) tor cannot be recreated(dont bet on that.. imagine a tor-2 network
which corrects(takes different policy measures) the blacklisting
facility, if we hold the rope so tight as to choke.. the privacy
people and the community will come up with a better and more effective
tool.. )
2) scarce resources is the way forward. Cmon public open proxies, tor
like public projects..etc are not "scarce" resource for the attacker..
but it is a scarce resource for the users... dont get fooled..
ofcourse all it takes for a determined(and well funded) attacker is
"shift" his cables to get onto a different network to attack you ;)
3)TOR is not the problem.. its a solution for privacy... it would be
much better if you try to find time to code for better webserver
protections against a dos.. or even write a patch for that new
full-disclosure vulnerability.. did i say proof-of-concept.. yikes..
;)
PS : ofcourse right now discussions are on on how to "label" / "mark"
tor users so that CIA triad is maintained for resources accessed by
tor users having different access privileges. psuedonyms are a serious
model thats being considered and researched...
joel.