And finally, would they be more successfull in tracking the source the the problem by doing something different?
So thats another interesting question.. How do you go about doing a packet trace on routers passing giabits of traffic every second without killing the router/network and actually get usefull information out of it?
passive monitoring. we don't have anything yet to run at oc-x speed (pos) but caida is working on several versions of passive monitors and at least one commercial vendor is working on one (ip capable). there was talk in the caida member meeting at nanog of doing some security bits in some of their software, and i don't remember for sure but i think someone mentioned security with respect to the passive monitors. if we installed passive monitors on IX links between providers, we might be able to do some interesting security traces. -brett