Might not be overhyped. With the POC out, I checked several different DNS servers and about 90% of them were vulnerable. Even patched systems may be vulnerable if they are sitting behind nat devices. Since ISP vendors werent invited to be part of Kaminskys alliance, none of them have released signatures.

Application layer firewalls are useless. If the packet has to traverse all the way to the APp layer before its filtered, it can do nothing for DOS or overflows. An enterprise class solution would involve a perimiter firewall and an application specific firewall by 2 seperate verdors.

Nice.
In response to the nmap comment, I would rather have my port scan show up from their ISP instead of mine.

How is this any different from Tor or any of the other client based proxies? If a company is strict enough to lock down internet access, one would hope they also lock down local admin privilidges.

I have read on some sites that this is the most serious DNS vulnerability ever. Recently ive read on Full Disclosure that this is extremely over-hyped.
AParently all of the major vendors have released updates but we all know that 80% of the companies affected wont apply updates before November.