This is why the government needs to get involved and *demand* that the ability exist via a *protocol* for people in a NOC to initiate and follow these traces automatically, without human intervention by the NOCs in the chain.
Would you and other operators be willing to modify peering agreements to include serious fines for running a smurf amplifier or allowing packets with bogus source addresses to enter the system? Tracking back bogus source addresses seems hard. Would fines on smurf amplifiers be good enough to fix the smurf problem? Or do we need to catch a smurfer to use as an example? Currently, NOCs don't have much financial interest in tracking down a smurfer. Karl's stories of non-cooperation make sense if the NOC is looking at their (short term) bottom line rather than the good of the net. The person on the phone won't get any reward for solving Karl's problem (and might get in trouble for sticking his neck out). Is there a way we can change that? One possibility might be to offer a reward to the NOC that gets the evidence on the first smurfer to get tossed in jail or fined more than $100K. Another might be to setup peering contracts that encourage ISPs/NSPs to track down smurfers. I can't quite come up with the right thing to suggest. Everything I think of has too many possibilities for gaming. I'm fishing for something like each ISP/NSP that works on tracking down a smurfer gets to charge the ISP/NSP closer to the source for the time and costs it spends on the problem, including the costs that get passed to it. How much effort is involved in tracking a smurfer through each router? Any router vendors willing to estimate how much it would cost to implement something like Karl's proposed command?
"trace-smurf <forged-victim-address> <amplifier-address>" <return>
Do smurf attacks always happen late at night and on weekends? Would major NSPs be willing to setup a smurf hotline so trusted smart people, like Karl, could bypass the first several layers of screening and get the data to the right person fast?