Attacks such as this one have been happening for a long time now, non of us should be surprised. Two new things in the *recent* attacks are:
1. Wide exploitation in the wild, which draws attention.
that the press has been told about it this time, is new. the scope of the attack, either in breadth or intensity, is not new in these recent attacks.
2. Abusing EDNS for a larger amplification factor.
the use of EDNS is not new in these recent attacks, either.
The reason we released the text at this time (before we were ready, we were planning on making it academic-worthy) is that because of the lack of actual data out there and increasing FUD, we were encouraged to do so for the community.
any blame-putting on DNS or EDNS that fails to also mention amplification that's possible via NTP or the fact that refector attacks based on ICMP are still common and practical even without smurf amplification, is itself FUD.
That is why in the paper we cover events that happened to ISP's rather than just theoretical case studies.
in the paper i reviewed, the practical case studies were useful. -- Paul Vixie