Sean, The first step is effective emergency response. I have seen hours pass as secret handshakes and people on the "right list" were located and made the right calls. People start their generators on a planned basis to make sure they work. How many people practice DDOS attack recovery? It's something you can actually do today that will help the most in a real attack. This is a malicious attack designed to cause failure, so I think that any measures of the style discussed will only save you from the small attacks. Not that avoiding some attacks isn't good, it's just not much help in the general case. I think the issue of malice makes it very hard to plan for like storm water or freeway traffic. I have no proof to say that large sites fare better than small ones. They can handle more, but attract much more serious attacks with much more glory for the perpetrators. Many people are pinning their hopes on traffic flow tagging as the way to manage/solve this in the long term. No one knows yet when it can be deployed in a large enough scale to work and what it will take then to handle it. I'm hoping you realize the spectacular failure mode of your DNS propose. You DOS the DNS in-addr servers and the whole site goes away. That should take a lot less traffic than swamping the pipes. DNS has enouh problems digesting all the things it's trying to do now (DNSSEC, v6, large packets...), no need to make it worse. jerry