[jessaustin]

The attacker's packets will contain bittorrent's magic connection bits.

ISTM that once you've determined bittorrent is the attack vector, the hard part is done? Is dropping by "magic bits" harder than dropping by ip/port?

[phil21]

Yes. Very much harder. One can be done at line rate on any halfway decent router, and the other requires deep packet inspection which is considerably more expensive.

[Danieru]

In theory yes, but it requires deep packet inspection to catch before it hits the server. Such equipment is expensive per GB/s and not something you'd have access to by accident.