On Wed, Nov 06, 2002 at 12:38:33PM +0100, Daniel Hartmeier wrote: > Well, a real distributed DoS attack involves many hosts fully > establishing connections to a service you provide to the public, which > either saturates your uplink or the resources on your server so that > legitimate connections cannot be handled anymore, thus denying service > to your legitimate peers.
real life example: we were target to a DDoS about a year ago - sucked a total incoming bandwidth of over 1 TByte/s - of course that's far beyond our uplink capacities. I could have filtered as much as I want - pointless. We were able to stop the attack at the border routers of our uplinks, but that's a different story. As unfortunate as it is: there is nothing, really nothing, you can do about a well done DDoS attack. If it is not well done you have a chance if your uplinks are cooperating.