The Tor anonimity network is a generic carrier for all kinds of (TCP) traffic. Its goal is enabling people to use the internet without anyone between them and the destination point being able to determine what is happening. It also allows you to offer services without anyone being able to trace back these services to you.|
Now botnets need to communicate with a central instance which lets them know what to do (e.g. send spam, ddos websites, etc.). Tor is an ideal carrier for this: no outsider can see what kind of traffic comes out of a system running such a bot and no-one is able to see whereto this traffic goes. So you can't stop the traffic between the bot and its master without blocking the whole Tor network and it is kind of hard as well to find where all this traffic goes to (the botnet master node). So; what should we do? Dis-allow hidden services in Tor? Or block Tor totally?