This article in ZDNET UK entitled "WIth ISPs like this, who needs enemies?" http://comment.zdnet.co.uk/andrewdonoghue/0,39027004,39175983,00.htm contains some rather unflattering comments about ISPs who don't help customers deal with DDOS attacks. The head of security technology for a major ISP named in the article said: "Why should ISPs do something? It's very much as if people want something for nothing. This noise is superfluous and silly." The thinking is this. There are two operational problems here, one big and one small. The big one is when your customer is the target of DDoS. The small one is when your customers originate the DDoS. I think the writer is telling us to treat these as two sides of the same problem. If management buys into this view then it would make the business case for the operational effort needed to clean up botnets. And if enough people clean up the bots on their network, then a case can be made for depeering (or severely damping) networks that don't clean up their act. --Michael Dillon