On 18/11/2019 13:50, Mike Hammett wrote:
I would like the list to know that not all targets attract such large attacks. I know many eyeball ISPs that encounter less than 10 gig attacks, which can be reasonably absorbed\mitigated. Online gamers looking to boot someone else from the game aren't generally committing
100 gigs of resources to an attack.
There are two very good reasons to use 'surgical' amounts of traffic in attacks: 1. Concealing the size of your botnet 2. Reducing the damage to the end user's ISP, and thus reducing the likelihood that they escalate the attack to the authorities (because who's got the time to do that for an individual subscriber?) The shift to "just enough to knock the customer off without killing the whole network" happened around ~2015 in my capacity, at least. -- Tom