T1's are cheap, OC12s are not cheap.
That may be the case, but I think that Kim hit the nail on the head earlier. With the number of multi-megabit connected homes growing rapidly, there is a rapidly growing number of exploitable hosts for those perpetrating DDoS attacks to take advtange of.
On Wed, Feb 09, 2000 at 05:37:49PM -0800, Roeland M.J. Meyer wrote:
Please remember that cable-modems are asymetric and the aggregate upstream pipe is shared.
Some MSOs choose to rate limit their user's upstreams as low as 128kbit/sec, others do not. For example, we limit our users to 1mbit/sec currently. As for the upstream communications channel, this is not much of a limitation. Typical DOCSIS configurations include multiple upstream ports tied to a single downstream. It is typical to combine a small number of optical receivers to a given upstream port (1 or 2). Each optical receiver typically carries 500 homes passed. Operating a 16 QAM carrier with a channel width of 3.2MHz yields ~10.24mbit/sec of bandwidth. Subtract a little for overhead, and figure you're doing pretty well and subscribe 10% of your passed homes, or roughly 100 users per upstream port. Your average user isn't pounding on the upstream too hard, so figure less than a quarter of these users really hit it hard, and they're not likely to all be doing it at the same time. I'd consider a few cable or DSL networks with handfuls of compromised hosts sitting on them a large threat given that it doesn't take a huge amount of bandwidth to create a rather damaging TCP flood. I realize that these users are not as threatening as a dorm network attached to a T3/OC-3c, but the CM/DSL population is growing a lot faster than the dorm population. /cbz