Tor client: If the user tried to connect port 1, then 3, and 4 and all of them failed(3 times in a row), deny connection to destination.onion for 3 minutes. Tor server: If the port request come from circuit X, and it is trying port 2, 5, and 8, and all of them failed(3 times in a row) deny connection from this circuit; just drop connection. This guy didn't allowing people from delisting his attacklist: http://zlal32teyptf4tvi.onion/ Portscanning unauthorized servers are illegal. Why scanning tor service is okay?