[openasocket]

I don't quite follow. You can't inject an RST packet unless you know someone is trying to connect to a Tor node, so you still need to supervise all the routes, right?

[spydum]

Difference is I can do traffic analysis and RST generation over lots of machines (if it gets slow, worst case my RST gets there late). Changing routes/forwarding table action has to happen on machine moving large data, in real time.

[detaro]

You can sniff the traffic out-of-band, possibly implement it on already existing spy/monitoring infrastructure.

[betaby]

And ignoring RST may work. In fact that method worked against earlier implementations of the great firewall of China.