Hi everyone,

(Tor advocacy vs. panicked small-time hosting company suffering from "massive attacks")

What advice can I offer to someone who's blocking traffic from Tor because their network is apparently experiencing sustained DOS attacks via some exits?

They explained to me that they were aware of the value of anonymity online, but couldn't see a way to protect their hosting customers from "attacks making the systems inaccessible".

In the end I offered some vague handwaving ("why don't you temporarily throttle traffic just from the nodes where the attacks come from"). I'm not going to do *their* job.

But it would still be useful to have something better to point to than just a vague remark.

This is a situation where the standard reasons why one needn't block Tor don't really work, and next time I'd like to be better prepared to argue why this isn't a reason either.

So, is there some ready-made explanation I could send to such a company, that explains in technical detail how they can *properly* mitigate this without overblocking?

K.