Josh Beck writes:

I think it's critical that routers be capable of logging the hardware addresses of ICMP, along with source addresses, so that these attacks can be traced across shared media at exchanges. As it is now, it's hard enough to trace it back across a backbone, but if it crosses a MAE, it's perfectly anonymous unless new techniques are around that we aren't aware of.

and TCP (Syn flooding) and UDP (pepsi.c)... an IOS port of tcpdump would probably make it a lot simpler. --Dan