Network packet prioritization

What is claimed is: 1. A non-transitory machine readable storage medium having instructions embodied thereon, the instructions when executed by a processor: analyze historical network packets to determine a number of occurrences of atypical values for selected packet attributes; identify a network packet intended for a destination host on a computer network; analyze a packet header for the network packet for a plurality of packet attributes having atypical values indicating that the network packet is associated with a potential attack on the computer network, wherein an atypical value for a packet attribute does not correspond to an expected value for the packet attribute and the atypical value complies with a communication protocol standard for the packet attribute; obtain suspicion weights assigned to the plurality of packet attributes that are identified as having the atypical values indicating that the network packet is associated with the potential attack on the computer network, wherein the suspicion weights are inversely proportional to the number of occurrences of the atypical values of the selected packet attributes in the historical network packets; calculate a suspicion score for the network packet using the suspicion weights for the plurality of packet attributes that are identified as being associated with the potential attack; determine network capacity for the computer network that the network packet is intended to travel through to reach the destination host; and determine whether to drop the network packet based, at least in part, on the network capacity for the computer network and the suspicion score for the network packet. 2. A non-transitory machine readable storage medium as in claim 1 , wherein determining whether to drop the network packet further comprises, dropping the network packet based, at least in part, on the suspicion score representing a lower priority as compared to suspicion scores for other network packets. 3. A non-transitory machine readable storage medium as in claim 1 , wherein instructions that when executed by the processor further analyze historical network packets to identify packet attributes having values that are associated with a computer network attack. 4. A computer implemented method, comprising: analyzing historical network packets to determine an occurrence of packet attributes having atypical values; analyzing a network packet for packet attributes having the atypical values that indicate that the network packet is associated with a potential network attack; obtaining from computer memory a suspicion weight assigned to a packet attributes identified as having an atypical value that indicates that the network packet is associated with the potential network attack, wherein the suspicion weight is inversely proportional to a number of occurrences of the atypical value of the packet attribute in the historical network packets; calculating a suspicion score for the network packet using the suspicion weights assigned to the packet attributes identified as having the atypical value indicating that the network packet is associated with the potential network attack; and determining whether to drop the network packet. 5. A method as in claim 4 , further comprising dropping the network packet based, at least in part, on processing capacity for a computer network being below a threshold and the suspicion score for the network packet compared to suspicion scores for other network packets. 6. A method as in claim 4 , further comprising dropping the network packet based, at least in part, on available network bandwidth capacity for a computer network being below a threshold and the suspicion score for the network packet compared to suspicion scores for other network packets. 7. A method as in claim 6 , further comprising determining the available network bandwidth capacity by: identifying an attribute of the network bandwidth capacity associated with a particular network packet type; and determining an amount of the network bandwidth capacity that is available to transmit network packets of the network packet type. 8. A method as in claim 4 , wherein the packet attributes analyzed for a value indicating that the network packet is associated with a potential network attack are selected by analyzing historical network packets to identify packet attributes having suspicious values. 9. A method as in claim 4 , further comprising: analyzing historical network packets for packet attributes having suspicious values; assigning a suspicion weight to a packet attribute having a suspicious value according to a probability of the suspicious score occurring; and storing the assignment of the suspicion weight to the packet attribute in the computer memory. 10. A method as in claim 4 , further comprising determining a suspicion weight for a packet attribute by: collecting a suspicion value history for network packets transmitted to a destination host during a time window comprising a current time to a time in the past; analyzing the suspicion value history to determine an occurrence of a suspicious value for a packet attribute; and assigning a suspicion weight to the packet attribute according to the occurrence of the suspicious value. 11. A method as in claim 4 , wherein calculating the suspicion score for the network packet using the suspicion weights assigned to the packet attributes further comprises, aggregating the suspicion weights assigned to the packet attributes identified as having a value that indicates that the network packet is associated with the network attack. 12. A method as in claim 4 , further comprising prioritizing network traffic as a result of network bandwidth capacity for a computer network being below a threshold, wherein network packets having a suspicion score representing a higher priority are transmitted to an intended destination host and network packets having a suspicion score representing a lower priority are dropped. 13. A method as in claim 4 , further comprising: buffering a network packet having a suspicion score representing a lower priority based, at least in part, on network bandwidth capacity for a computer network being below a threshold; and transmitting the network packet to an intended destination host based, at least in part, on the network bandwidth capacity for the computer network increasing. 14. A method as in claim 4 , wherein the values associated with the packet attributes are obtained from at least one packet header. 15. A method as in claim 4 , wherein analyzing the network packet further comprises analyzing a network packet selected from: an IP packet, a TCP (Transmission Control Protocol) packet, a UDP (User Datagram Protocol) packet, an ICMP (Internet Control Message Protocol) packet, an HTTP (Hypertext Transfer Protocol) packet or a DNS (Domain Name System) packet. 16. A system comprising: a processor; a memory device including instructions that, when executed by the processor, cause the system to: analyze historical network packets to determine an occurrence of atypical value formats for packet attributes; identify a network packet intended for a destination host on a computer network; analyze a plurality of packet attributes associated with the network packet for atypical value formats that indicate that the network packet is associated with a potential network attack; obtain suspicion weights assigned to the plurality of packet attributes identified as having atypical value formats, wherein a packet attribute is assigned a higher suspicion weight as a result of the packet attribut