Yes, indeed a single traceroute packet with forged address can generate
many responses. However, there is at least one technique to eliminate
its usefulness as an attack weapon -- namely source address filtering
(which is going to be implemented anyway, sooner or later; there are
other types of attacks).
Another way is to have ICMP TRACEROUTE to return one packet with all
information _and_ the IP address of the next hop router (i.e. replace
recursive behaviour with iterative) . It is still more useful than
UDP kludge; and it will still work in case of load-sharing.
Actually, the "multiplication" type of flooding attacks is nothing
new, but they are more easily done on application level. For example,
connecting to different SNMP speakers and causing them to send a long
error reply to the target address. Or subscribing victim to many many
mailing lists (including USENET gateways, urgh!). Or using MBONE
feeds creatively.
--vadim