On 3 Aug 2015, at 20:35, Mel Beckman wrote:
But SYN floods are easily detected and deflected by all modern firewalls. If a handshake doesn’t complete within a certain time interval, the SYN is discarded.
This is incorrect. I've seen a 20gb/sec stateful firewall taken down by a 3mb/sec spoofed SYN-flood due to DDoS exhaustion. I've seen a 10gb/sec load-balancer taken down by 60s of 6kpps of HOIC:
<https://app.box.com/s/a3oqqlgwe15j8svojvzl>
The majority I’ve seen, however, are TCP.
<https://en.wikipedia.org/wiki/Hasty_generalization>
In any event, I think it’s not useful to misuse the term DDoS, and that it refers to any attack where the source addresses are distributed across the Internet, making them difficult to identify and therefore block.
Again, that ship sailed long ago. ----------------------------------- Roland Dobbins <rdobb...@arbor.net>
