Thank you Danny! This is exactly the sort of thing I was getting at. You've basically laid out the algorithm for tracing an attack to a specific port on your router. Now what we need to do is build a tool that can automate this procedure, perhaps by using an "expect" script or something similar like Python with PIPE.
Now comes the fun part, cooridinating with the Operations/Security folks from the corresponding network(s) to track the attack, hop-by-hop, through their network.
I suspect that this part would be a lot easier if some easy to use tools exist. Ever since I heard that IOPS was being formed I've been curious whether or not that would become a venue for building these kind of tools. Perhaps if someone from IOPS would come to Phoenix and tell us what they are up to, we might find some more ways to encourage this kind of inter-network cooperation. ******************************************************** Michael Dillon voice: +1-650-482-2840 Senior Systems Architect fax: +1-650-482-2844 PRIORI NETWORKS, INC. http://www.priori.net "The People You Know. The People You Trust." ********************************************************