There's two classes of discussion here. One for service providers
who should have DDOS defense, and one for enterprises who should have
risk mitigation in mind. I think that operators should have DDOS defense
capabilities for themselves and their customers, and I think that enterprises
should seriously evaluate their need for a full blown implementation of a
DDOS solution based on a solid risk analysis.
As far as DOS tracing goes, using the freeware tools locally, and either
buying and/or subscribing to a ddos defense service make sense as much
as it makes sense to analyze the cost and your own capability as well as
your providers capability to quickly and successfully defend against a DDOS.
-M<