it seems that anycasting was quite insufficient to protect netsol's service from being severely damaged (udp dead, tcp worked) for a considerable length of time by a ddos [0] last week [1]. it would be very helpful to other folk concerned with service deployment to understand how the service in question was/is anycast, and what might be done differently to mitigate exposure of similar services. anyone have clues or is this ostrich city? maybe a preso at nanog would be educational. randy --- [0] - as it seems that the ddos sources were ip address spoofed (which is why the service still worked for tcp), i owe paul an apology for downplaying the immediacy of the need for source address filtering. [1] - netsol is not admitting anything happened, of course <sigh>. but we all saw the big splash as it hit the water, the bubbles as it sank, and the symptoms made the cause pretty clear.