Predecessor Attack

This is going to be brief because it's late and I'm tired. This is a popular attack on anonymous systems like Tor and it's pretty basic. Tor creates virtual circuits (or paths) and creates communication sessions over these circuits (one or more). Sometimes nodes along that path goes down and new paths have to be reformed. Let's say that an attack has various malicious OR (onion routers) on the network. By shutting down nodes periodically, the attacker forces path reformation. Since each circuit is identifiable by unique id, the attacker just looks for the most frequent predecessor. Since routers are uniformly chosen, it should be unlikely that you have the same predecessor for the same session unless that predecessor is actually the entry TOR router. So, basic probability wins again. This probably wont make sense to anyone but myself but that's ok for now.