The DOS attack was a result of a customer, once identified our engineers block the IP that was causing the DOS attack.
We are phasing into production systems that will add significantly more scale to the way we register and maintain subscribers presence. In respect of the way we handle DOS while we have introduced granularity in the way we classify and treat offending IPs, that simply shifts into our session border.