[kahoon]

I know very little of networking but I assume to perform a TCP reset injection attack, the ISP would need to rely on the IP address of the public onion routers. Now, why do they play around with the reset flag instead of just simply swallowing the packets directed at a tor router?

[marshray]

Because effectively blocking packets at requires supervising all routes through which they might escape (i.e., managing a lot of dynamic rules on a lot of very critical routers), whereas injecting forged packets only requires one little box.

Kinda like the Berlin Wall. Easier to shoot people attempting to cross than hermetically seal the entire border.

[openasocket]

I don't quite follow. You can't inject an RST packet unless you know someone is trying to connect to a Tor node, so you still need to supervise all the routes, right?

[spydum]

Difference is I can do traffic analysis and RST generation over lots of machines (if it gets slow, worst case my RST gets there late). Changing routes/forwarding table action has to happen on machine moving large data, in real time.

[detaro]

You can sniff the traffic out-of-band, possibly implement it on already existing spy/monitoring infrastructure.

[betaby]

And ignoring RST may work. In fact that method worked against earlier implementations of the great firewall of China.