A method for tracing packets in a communications network directed to tracing a stream of anonymous packets received at a given target host, in order to identify their source, in response, for example, to a Denial-of-Service ("DoS") attack on the target host. Advantageously, the tracing is performed without reliance on knowledge or cooperation from intervening Internet Service Providers (ISPs) along the path. The method is performed by applying a "burst load" (i.e., a brief but heavy load of transmitted packets) to various elements (i.e., links or routers) in the network and measuring the change in the rate with which the stream of packets arrive at the target. If the rate is substantially altered upon introduction of the burst load, then it may be deduced that the given element is most likely on the path from the source host of the DoS attack to the target host.