Hi, NANOGers. Ooooo, you just knew I'd have to chime in eventually. :) ] 1) The OS/software/default settings for a lot of internet connected ] machines are weak, making it easy to attack from multiple locations. Yep, quite true. Vulnerable hosts are a commodity, not a scarce resource. There are 728958 entries in my hacked device database since 01 JAN 2003 that attest to this fact. ] 2) A lot of networks have no customer or egress filtering and make it a ] lot more difficult to trace DDoS traffic because it generally uses faked ] source addresses. I've tracked 1787 DDoS attacks since 01 JAN 2003. Of that number, only 32 used spoofed sources. I rarely see spoofed attacks now. When a miscreant has 140415 bots (the largest botnet I've seen this year), spoofing the source really isn't a requirement. :| Filtering the bogons does help, and everyone should perform anti-spoofing in the appropriate places. It isn't, however, a silver bullet. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);