Questions:
What is the granularity of the isolation? Do you isolate the entire subnet or just the IP address?
JS: We block the subnet. At some point we may be able to block the host, attacker's address or just one port that the attack is using.
JR: May be possible to block traffic on the Ethernet card

How does your state diagram deal with multiple block messages?
JS: It goes back to the start state.

Do you flag boundary controllers out on the interface?
JS: It won't get a blocked message from the Internet
 
DOB: While an attack is starting, what happens if there's congestion on the A-C-B link?
Source routing after attack is in progress through E-D-B
JR: It may look like two independent attacks on the state diagram, but the end result will be the same.

DOB: What about the notion of what state the node is in and an attack that takes place over time?

DOB: There may be race conditions.

NP: Can you go through an entire sequence of an attack and trace it through?
[Demonstration on the white board]