Furthermore, nodes that think they're being smart and protecting their nodes and the network by filtering out who can access their OR ports... aren't... because
- A real attack from clearnet will wipe out significant numbers of the rest of the network leaving their OR's with far fewer left talking to them, and certainly a whole lot of compromised talkers, which means path discovery, correlation, manipulation, and other game over situations.
- Attackers will simply stand up sybils and attack from within the core.. again wiping out the network and such "protected" boxes straight through their leeto trusted filter holes. Oopsie, plan demolished.
- Are potentially creating segmentation breaks in the p2p network that will get their relays flagged down out of the consesus for obstructing node traffic.
A better use of such pedantic time would be inspecting the code and protocols to discover and patch attack vectors that could be used against the network, including those that will sneak right through their filters.
Who cares, operators are independant, do what you will, be creative, drop some pps worth of ORPort stray junk into /dev/null, filter out whatever exit traffic content you hate, make sure all subscribers to all blocklists can censor users, etc, etc... a few random boxes don't make a network, let alone a secure one.