A system (126-129) detects transmission of potentially malicious packets.
The system (126-129) receives packets and generates hash values
corresponding to each of the packets. The system (126-129) may then
compare the generated hash values to hash values corresponding to prior
packets. The system (126-129) determines that one of the packets is a
potentially malicious packet when the generated hash value corresponding
to the one packet matches one of the hash values corresponding to one of
the prior packets and the one prior packet was received within a
predetermined amount of time of the one packet. The system (126-129) may
also facilitate the tracing of the path taken by a potentially malicious
packet. In this case, the system (126-129) may receive a message that
identifies a potentially malicious packet, generate hash values from the
potentially malicious packet, and determine whether one or more of the
generated hash values match hash values corresponding to
previously-received packets. The system (126-129) may then identify the
potentially malicious packet as one of the previously-received packets
when one or more of the generated hash values match the hash value
corresponding to the one previously-received packet.