The solution, dubbed “network stress analysis,” comes in the form of a fine piece of research presented by Hal Brunch and Bill Cheswick at the LISA conference in 2000.^[112] Brunch and Cheswick proposed an interesting use for tree-type network topology data (similar to the graph shown earlier in Figure 17-1) obtained for a specific location. They came up with a way to use the data to detect the origin of a particular type of spoofed traffic: Denial of Service. The approach itself is fairly trivial and is based on the assumption that such an attack would stress not only the system against which it is being carried out, but also interim routers, and that this stress could be externally measured by the victim and used to—almost ...