The pool operators should allow miners to provide the pool with an ip address where the pool can dial the miner to establish a connection...with a bit of software running on the miner's machine, it would allow the pool to initiate outbound connections to the members of the pool and operate though a bank of ip addresses that shield the pool from these DDOS attacks.

If the pools don't do something like this, then people will start resorting to setting up their own smaller, private pools if these DDOSes continue.