Wouldn't your onion service uptime become correlated with the guard's uptime? DDoS probes as described in the OP plus some basic monitoring of known onion sites could discover onions paired with single guard nodes. And if I can become certain that the guard node is owned by the onion operator, you're one subpoena away from deanonymization.
>Wouldn't your onion service uptime become correlated with the guard's uptime?
Yes. This is happening on a fairly regular basis. ddos against a tor node in most cases is just trying to figure out someones IP address or guard node.
If you run a big darknet site dealing with things like drugs, CP, fraud, and you want to stay around for a while you need to run lots of nodes otherwise you will be pwned probably within hours. There is no point in doing that for legal onions sites like facebook because everyone knows their real operators.
Now when you run lots of nodes and at the same time a big website on the darknet you are in the perfect position to run traffic correlation attacks yourself.
There is some tutorial available which suggests using some deceptive methods to spoil such tracing efforts. For example when website A is going down you also shut down your site. Or when there is a big blackout of AWS US etc
