Scott, Given that I both co-moderated the ISP security BOF AND gave a ~9 minute presentation covering *empirical* data and stats of observed attack vectors across 100 ISP networks over 640 days, and shared a slide or two with stats from an infrastructure security survey we've been doing and sharing with the operations community for 4 years now, I take a bit of offense to your comments below. I make a concerted effort to decouple vendor pitches from both the data sets presented and believe I did so effectively. There was open microphone time and you were welcome to share your thoughts. There has been context set with both the data I presented and the survey in previous meetings and NANOGs, it's unfortunate you're unfamiliar with this. Rodney's presentation was one vendor's approach to a very real problem, one that has consumed a significant amount of ISP operations resources over the past 6 months, and you were certainly welcome to comment on that as well - as you note Vixie and others did - and that's a large part of the point of the BOF, IMO. You're welcome to contribute positively in some manner to the next BOF - proactively - or co-moderate if you'd like, but to address the question in the subject line directly - "Am I mistaken", I believe yes. Also, please don't confuse discussion of what happened at beer n gear with what happened at the BOF. -danny