Josh Beck writes:
I think it's critical that routers be capable of logging the
hardware addresses of ICMP, along with source addresses, so that these
attacks can be traced across shared media at exchanges. As it is now, it's
hard enough to trace it back across a backbone, but if it crosses a MAE,
it's perfectly anonymous unless new techniques are around that we aren't
and TCP (Syn flooding) and UDP (pepsi.c)...
an IOS port of tcpdump would probably make it a lot simpler.