On a less technical note: I think it is somewhat important to point out that one long term solution to these problems is for commercial orgs to fund, either together or alone, R&D efforts that support the reliability and robustness of their operations. Many, in the words of Roger Waters, are 'riding the gravey train' by exploiting the Internet for profit without contributing back into the community. In short, however harsh it sounds, denial-of-service-attacks are old-tech, low-tech, ways to exploit TCP/IP weaknesses that have been around for a long time. How about commercial organizations (such as NANOG, CIX) expanding their charter to basic R&D into reinforcing security weaknesses within their mutual are of commerical interest? Or, as it seems, do commercial organizations just cry out for help and wait for another handout? Sorry for the 'antisocial, un-bonding, non-obsequious, slash of cold water in the face of this thread', but another RFC, BCP, XYZ is not the answer. This is not the pre-commerical internet days, and it is past-due for commerical providers of Internet services and products to regenerate some of their profits into R&D, don't you think? Tim