Richard Bejtlich wonders in light of Tor being able to be used to anonymously attack other systems, will Tor add extrusion detection capabilities?

I seriously doubt it. First, there are technical reasons for this, namely each exit node would need to have their own policy since some operators would want very strict polices and others more open policies. Pushing knowledge of that policy to the rest of the network to make routing decisions would be very complex and incurr high overhead on a system which is by it’s nature not very efficent.

Secondly, adding additional monitoring to an anonymity system is just ass-backwards. The whole point of Tor is to allow people to be untraceable and access content that they normally are unable to access (get around filters) or unwilling to access if it was known they were accessing it. Actively monitoring anonymity systems reduces the effectiveness of the primary purpose of the system.

Lastly, most attack monitoring systems are simply ineffective out of the box. They require extensive configuration and tuning, something that a Tor node operator either has no interest, time or expertise to do.