https://www.freehaven.net/anonbib/cache/sniper14.pdf " extremely low cost - highly destructive denial of service attack used to anonymously disable arbitrary Tor relays" even more interesting : "adversary can quickly, efficiently, and perfectly identify all guards of hidden service H. Moreover, the discovery process looks fairly innocuous to H, which only sees a series of normal rendezvous requests. Of course, all such requests are to the same rendezvous point, the connections may appear abnormally fast, and no data is ever carried on the circuits. If stealthiness is a goal, the attack could be mounted from client with normal rendezvous point selection, at a slower rate, and including some typical data requests as cover. This would come at the cost of some speed and efficiency. Note also that Ă˜verlier and Syverson [34] describe a less-efficient method of guard identification that depends on performing traffic correlation that is less precise but is more robust to countermeasures." the reader should put 2 and 2 together and consider what can happen once the guards for a 'hidden service' are found.