Anyway there you have it...takes probably a few weeks for the feds to locate the hidden service and passively analyze connections to it....and after doing that for a year you will have about 12% chance of not being deanonymized if they have 50 entry guards. Best way around this attack is frequently changing the physical location of the server, on a monthly basis or faster would be the best option. For clients the best way to deal with this is the use of persistent entry guards, or using WiFi from random locations in addition to Tor. BTW the hidden service itself changes entry guards just as quickly, so just from that alone the hidden service could be traced with about 88% probability after one year, if the attacker has 50 entry guards. It is certainly going to be faster for them to brute force circuits up to the entry guards and then use legal power to get entry guards monitored though, rather than playing the "wait and listen" game.