The main difficulty in using the techniques discussed in this chapter for tracking down attackers is that we need to construct and update network maps for each location. It is not immediately clear how often such maps should be refreshed, and what methods would prove most reliable and least intrusive.

Another possible issue is that much of the core Internet infrastructure is redundant. Some alternative routes may be chosen only when the primary route fails or is saturated, though in some cases the switch may occur as a part of load balancing. Thus, some empirical maps may become obsolete in a matter of minutes or hours—although such cases are not very common.

In the end, although private, individual uses of various despoofing tactics ...