On 12/9/19 3:32 PM, Florian Brandstetter via NANOG wrote:
In any regard, <1 Gbps is pretty piss poor for an amplification attack too.
But, as others have pointed out, plenty to knock a single subscriber, shared access link (DOCSIS, wireless, or even well loaded GPON), or even a small regional PoP down. Plenty of opportunity for mayhem even with just a couple 100Mbps which is trivial to come up with these days as the spread of consumer-accessible speeds keeps growing. Keeping it small makes it less likely to get noticed and, perhaps even more importantly for the perpetrator, harder for the networks responsible for the reflection/amplification to track down the problem using traffic analysis as well as coming in on the lower end of the "how much do I care?" part of the abuse team's line-up. -- Brandon Martin