They've made a big announcement about it, but the code doesn't yet
appear to be on their ftp site. The announcement does not describe
what approach they took to solving the problem (presumably something
more then their existing patch for the larg PCB hash table). See
http://www.bsdi.com/press/19961002.html for the full announcement.
It scares me to think how much effort has gone into defense against
this one denial of service attack when there are endless possibilities
for other ones.