Government scrutiny is headed our way http://www.fcw.com/pubs/fcw/1998/0615/fcw-frontcyber-6-15-1998.html The feds are worried that it is too hard to track down cyber attackers. Although the article doesn't say this explicitly I expect that it won't be long before we see politicians calling for some sort of mandated tracing capabilities between network providers And since IOPS http://www.iops.org/ is hosted by a government funded agency located on the outskirts of DC, I expect that it will be involved in this whole thing. If we could track attacks to their source more quickly, then government would not feel the need to intervene. This may require some changes to router software but unless network operators ask for the changes, the manufacturers will not do it. We need some sort of protocol that will recursively track spoofed source address packets back to their source one hop at a time. Given a destination address the protocol would track it to the previous hop router and recurively initiate the same tracking procedure on that router. Once the attack is tracked to the source, the probe would unroll and report the results to all routers along the probe path for logging or reporting. We have seen that when misconfigured equipment can be quickly identified, such as the smurf amplifiers, then we can apply pressure and get things fixed. Similarly if we can quickly identify the source of a spoofed source address attack then we can apply pressure to get filters in place and have people arrested or secure an insecure machine as the case may be. -- Michael Dillon - Internet & ISP Consulting Memra Communications Inc. - E-mail: michael@memra.com http://www.memra.com - *check out the new name & new website*