Fred L. Templin wrote:
Alain/Christian,
Maybe I missed something, but could it not be the case that the
attacker is randomly varying his source address? In which case,
the log collected at S6 may contain uncorrelated (and
untraceable) S4's?
No, this would be catched by IPv4 ingress filtering. - Alain.