Wouldn't it be nice to know what filters to install to protect your web site before it gets hit?
Sharing information with the edge about what's happening, and what to look for needs to happen. Why aren't the attack destination NOCs getting this info out? Three days into this, and I have *no* idea what I would be looking for if I was the notwork manager for a large undermanaged edge site (mmm, .edu). "Look for a big traffic peak" just doesn't cut it; I've got locally "more urgent" problems than watching for a blip on an mrtg. Given the highly distributed nature of this attack and thought being put into it, our lusers probably realize this and are *avoiding* pegging invidual ingress wires excessively. Until large numbers of sites are educated about exactly what's going on right now, and what they need to do their part of fixing it (with text for linux HOWTO level of clue; what many high-bandwidth capable sites are running w/ now), NOC staff isn't going to be sleeping much. Glad it's not my problem right now. Now, do you see the problem in this attitude? How many edge network managers are thinking exactly this way?