I would say that > 99% of the attacks that we see are 'link fillers' with < 1% being an application attack. thanks, -Drew -----Original Message----- From: Dobbins, Roland [mailto:rdobbins@arbor.net] Sent: Wednesday, December 08, 2010 10:41 AM To: North American Operators' Group Subject: Re: Over a decade of DDOS--any progress yet? On Dec 8, 2010, at 10:36 PM, Thomas Mangin wrote:
If you are a smaller network, you need the filtering to be performed by your transit provider, as your uplink will otherwise be congested.
Actually, most DDoS attacks aren't link-flooding attacks - this hasn't been true for the last ~7 years or so. I'm not saying it doesn't happen, because it does, and sometimes quite spectacularly - but in most cases, the attackers don't have to flood the link to achieve their desired goal. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Sell your computer and buy a guitar.