IMHO, there are two seperate issues here.
- better tools would be nice. Although I think tracking packets
would be too CPU intensive for today's routers I do think having
such a feature would be a good thing. The RAM/ROM to hold the extra
microcode is cheap, and if it can be turned off/on at will I see no
harm in having it. When someone will have time to add the code is
a seperate issue.
- why can't my [NSP | TelCo | GME (Godlike Monolithic Entity)] provide
me with data on who is spamming my net. I think that is a seperate
issue. The TELCOs have an advantage here in that it is MUCH harder
to fake caller ID than to fake ICMP headers. I would be willing to bet
that if someone who really knew their way around the SS7 network decided to
make your life difficult Ma Bell would have a hell of a hard time
tracking them down. Most of the TELCO switchmen I have dealt with
could not trace a phone call with any reliability. At this point
it requires a fair amounf of time, from a fair amount of talented
people to track this stuff down. In all the cases I dealt with,
people from many service providers were very cooperative if the
denial of service attack was in progress. After the fact people
seemed to expend effort to the extent they felt they could help.
Which for most people is 0 (after the fact it is pretty hard to
say who denied what to whom with any certainy)
This is the way it is, but not the way it must always be.
Feel free to talk to the router vendor of choice and explain to
them that this functionality is important to you. In the mean
time, I hope you will excuse me while I go off and cope with my
own problems. I honestly wish you the best of luck in your endeavors,