Cute explaination but I was more interested in possible solutions. From an academic perspective anyway. For example, if it is a virus, why not change connection ports, at least temporarily? It would require a replacement virus to use the new ports and that would at least buy some time. One possible solution might be to develop some kind of connection algorithm that allows an automatic rejection from an IP address, that makes too many connection attempts, by interacting with a fire wall. The DoS attacks would then be handled by a system that is designed for such attacks.
