Without saying too much, I think I can say tat the attacks did go on for hours
a few times, but stopped before too much tracing could be done.
Initially I thought Panix was being attacked by a random attacker; Voicenet
in Philadelphia was attacked for almost a day on their mail ports, and another
provider in Philly was attacked for 4-6 hours on news ports (pretty
ineffective). But Panix has been attacked a few times now.
I've actually got a kernel built for sun4c that is pretty good/resistant,
but only to the attacks I can *think of*. I and panix are trying to get it
working on sun4m.
Bottom line, it would be good if everyone who could would filter incoming
on customers or outgoing on borders. While you're at it, if your network
is relatively simple (compared to, say, MCI's or UUNET's or Sprint's), you
might want to filter incoming on borders at exchange points to prevent others
from using you for transit.
Avi