...
TULIP only allows one copy of the client to be running on a client host. TULIP also hides the URLs used for the landmarks to reduce the possibility of people gleaning the URLs for a denial of service attack. Editing the landmark URL's requires a password known only to the developers.
Log
There is a centralized log with time stamped records of all requests, the requesting host, and the target. This is analyzed for abusers.
Scanning and Denial of Service
...