The GRC page talks about his dos attack, and he also rants about the "dangers" of the IP stack in XP, but his dos attack didn't come from
sources
sending spoofed packets, so source address filtering wouldn't have helped in this case. GRC complaining about the spoofed packet problem should be a separate rant on his website (who knows...it probably is!). I suspect that there were two attacks - because a few days after he posted a smug "I blocked all the compromised machines at the ISP and didn't even notice later attacks" on his site, he posted a handsup "I surrender, you win" - and started ranting about the dangers of XP. The reaction is about what I would expect if his smug "I beat the haxors" page annoyed someone enough that he *did* launch a spoofed attack, and one with a sufficient variety of source IPs that there was no blocking it.