After finding out more about the current round of denial of service attacks, I think I have an answer for several of the periods of congestion different providers experienced during the last couple of weeks of January. In January there were several reports of unusually large amounts of traffic. This caused congestion problems at several different places, but no provider or company made any public reports. With 20/20 hindsight it appears someone was testing how well their DDoS tool worked on less noticable sites. The engineers I spoke with indicated they saw heavy congestion on certain links for a few hours, but it would stop on its own accord. Later, they would see the same congestion, and again it would stop. If you think of it as "congestion" instead of a DoS, are there any tools we use to control congestion which could be adapted to lessen the effects of a DoS? Would RED(and RED variations), rate limiting, or any of the many QoS knobs help?