How many thousands of "polls" do you think a looking glass can handle simultaneously? I am all for the doomsday scenarios, but lets make them a little bit less sci-fi, shall we? How about "it would create valid looking OSPF packets with garbage in them?" or "create valid looking STP packets"

It was just a suggestion. I don't think it's plausible on a wide scale, but only a few queries would be needed to get an overview of the topology. Originally I was thinking traceroutes. It's not going to be exact, but it's going to glean enough information to cause more damage than without that info. If you were doing some sort of p2p, each host would simply need to perform many random traceroutes and correlate their data. The devices that appeared most often in that data would obviously be backbone routers, and the attack would start with those and work to the least frequent (with specific emphasis on the hops that were seen from the local trojan/worm/etc). Like I said, it's not going to be perfect, but it is better than blindly spewing out evil packets. Jay