> Either pre-fill the packet with enough (bogus?) recorded routes to
> fill the IP options field
That would be hard to get around, yes. Any magic tag you put in there
to say "this is REAL recorded info" can be spoofed by the attacker too.
Hmmm... I don't know enough to think of a counter to that.
> or attack something far enough away to
> cause the IP option field to be filled with correct information.
That's not a problem... it's saving the information near the attacker, and
that's the information you want.
> Besides, the backbone routers of most service providers probably
> can't do this and keep up with current traffic loads, since any
> packet rewriting is generally out of the fast path...
It would probably be possible to get that fixed if this turns into a big