ICMP is only one of a dozen ways to attack people. There is no point in specially targetting ICMP.
Of course... so you have the capability to turn on logging for certain protocols or interfaces or whatever for a short time. If someone is seeing random source addresses ICMP packets for instance, a 20 second sample of a busy interface can provide enough information to trace this (with hardware addresses). And this is something that can be done right away.
In my opinion, the only long term solution here is software that is "smart" about tracebacks -- that is, can be directed in real time to log certain classes of traffic.
It would be nice, but for now logging the hardware addresses along with the ip addresses would be cool. Josh Beck jbeck@connectnet.com ---------------------------------------------------------------------- CONNECTNet INS, Inc. Phone: (619)450-0254 Fax: (619)450-3216 6370 Lusk Blvd., Suite F-208 San Diego, CA 92121 ----------------------------------------------------------------------