The web server isn't and hasn't been down this morning. What we are experiencing is a packet flood denial of service attack. Basically, someone is flooding an IP address belonging to one of our customers with a large number of packets that completely clog the links to the Internet. This is not normal traffic, web or otherwise; they are packets that, to our router look like UDP packets with a length of 1500 bytes; but they are doing something tricky to the packet that evades the filtering mechanism in the Cisco routers at Sprint so that filters they try to block with are not working. For the present, they've put a null route in for the host that is being targeted that effectively tells the world there is no route to that host; but obviously that's not a good solution since it leaves that host isolated from the net. They are involving other engineers to try to figure out how these packets are getting back filters. This work will necessarily involve pulling out the null route intermittantly with some intermittant loss of network connectivity resulting. There really isn't any other way to address this problem, they and we need to understand exactly how the hackers are getting past the Cisco filters so that can be corrected.