
Ongoing DDoS on the Tor Network: Status - murxmaster
https://lists.torproject.org/pipermail/tor-project/2017-December/001604.html
======
gitgud
Since all TOR traffic is encrypted, how can they differentiate between
legitimate TOR traffic and DDOS traffic?

~~~
gizmo686
I assume the DDOS is not a generic flood of traffic, but rather a particular
kind of traffic that causes a disproportionate ammount of work (or, rather,
memory usage) in the target. In this case, the offending component would
necessarily be part of the unencrypted portion of a TOR packet that the relay
is processing.

