I attribute this to over-zealous marketing. As I
mentioned at the NANOG BoF, there is, indeed, a
decrease in latency about 6 hours prior to the
actual mass attack. Mike Lloyd (RouteScience)
saw this, too. There's also a decrease about
16 hours out. Sean suggested that they might be
attributed to cable cuts, but I don't have the
data to attempt correlation.
If Semantec's ouija board brought them news "hours"
earlier, they are behaving reprehensibly not to
have alerted the community.
Peter