Well, they're describing the first part of the attack. The other part is to flood the network with guards, the economics of which is described in VI.C: Unless a cookie is set with the HiddenServiceAuthorizeClient option, the descriptor IDs are deterministic and computable arbitrarily into the future: I'm not sure what you're asking here. The guard node isn't the intro point. The guard and rendezvous nodes are controlled by the attacker.