I tried this download. Pain to work up a Linux box but it does what they say. Detects DDoS and worm propagation and suggests ACL's. From there site I see there is an auto mode that if implemented at peering points would stop DoS and superworms auto-magically.
From this site:
"FloodGuard Alert is designed to detect all forms of flooding and bandwidth attacks, including DDoSes and superworms. The software initially trains on ingress traffic directed at your protection domain that it uses to statistically identify anomalous traffic. It also suggests initial mitigation steps (ACLs/filters) that can be taken to stop the attack while letting legitimate traffic through. It comes with a comprehensive Java-based GUI that facilitates traffic visualization, configuration, control, analysis, report generation, and SYSLOG- and email-based communications"
Download at www.reactivenetwork.com/downloads
Juno Sys Admin