Thanks. This sounds more reasonalbe to me.
Attacks of that size are starting to become commonplace via
amplification as Roland mentions. Your routers can filter them
(assuming sufficient peering capacity) by rate limiting packets that are
likely participating in such an attack (easy to distinguish by
source-port and size).
There are also occasional direct (not amplified) attacks of that scale.
You can absorb them by using anycast to prevent the attack from
overwhelming any single datacenter, then running a pool of machines in
each location to handle local load. Most attacks of that scale are
using large packets, so the query rate is not as high as you might think
(but it can still be quite high!).
Attacks at this scale are beyond the capabilities of most organizations,
so you should always do your part to identify and dismantle the botnet
infrastructure when possible. Collecting a list of participating IPs
and notifying their abuse contacts helps.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
