http://www.symbiot.com/media/iwROE.pdf The Symbiot whitepaper on their service describes a process with a little more imagination and use than simply flooding attacking nodes with packets. It describes a process which appears to require human intervention through an Operations Center to aid in tracking down offending nodes and notifying the offenders service providers prior to an deployment of active defenses. That being said, it also specifically mentions "distributed denial of service counterattacks" as a not quite so last resort, and possibly automated response gesture for multiple identified offenders with whom intervention from service providers and other authorities has not been forth coming. I applaud the idea of a outsourced department that will manage the denial of service, and "hordes of script kiddie" (nod to Ranum) problems that plague modern networks. Anything that keeps me from being distracted from more interesting lines of thought, rather than constantly following up on outside nuisances is a Good Thing (tm). However, the deployment of "active defenses" in response to a failure of service providers to adequately secure their egress and ingress points is not a choice any reasonable person would make. Vigilante justice might be rewarding in the short term, but I choose not to leave the judgment of friend and foe in the hands of someone with large amounts of bandwidth at the tips their itchy trigger fingers. James Baldwin WorldWide Technology, Services, and Operations Operations Center Electronic Arts, Inc.