>More often that not, the most devastating attacks fill session tables >of session-tracking firewalls far quicker than filling up bandwidth >pipes I suppose - a 1000-node botnet with each node creating 1000 >sessions will fry a firewall capable of 1-million sessions. This is >probably what took individual portals offline in this case rather than >the volume of the attack. It could be any one of the devices in the pipeline which gets it buffer filled ( hand wavy), load balancer , firewalls or the servers, the smallest one of any would be the first point of failure.
regards ANish
