On Mar 25, 2008, at 5:02 AM, Mike Lyon wrote:
Any input would be greatly appreciated.
There are devices available today from different vendors (including Cisco, full disclosure) which are intelligent DDoS-'scrubbers' and which can deal with more sophisticated types of attacks at layer-7, including HTTP and DNS. S/RTBH is also an option, keeping in mind some of the caveats you mentioned (staying mindful of attacking hosts behind proxies, botted hosts of legit customers, et. al.).
----------------------------------------------------------------------- Roland Dobbins <[EMAIL PROTECTED]> // +66.83.266.6344 mobile It doesn't pay to dispute what you know to be true. -- Fred Reed