> Certainly. The first step in doing so is information. Both Nordunet and
> Sunet, whose operations I'm involved in, make extensive network information
> available publically, including load graphs for individual WAN links. These
> are often our best tools in looking where things come from.
What you could also do is just look at the amount of ICMP packets (as dDOS
is mostly done through ICMP) and publish that....
- kurtis -