So which one of those things do you think any of the victims wasn't doing before, and how will the steps now prevent a future DDOS attack from affecting its servers? If the victims had done all of these things before they were attacked, would it have prevented the attack from affecting their service?
Those aren't just rhetorical questions, I'm trying to understand how to approach this.
If you view DDOS as a traffic surge, can we use any lessons from other phenomenon involving surges, such as vehicle traffic at rush hour, water runoff from a storm, lightning strike.
I wonder if viewing it as a surge or natural phenomenon is really the right way, or whether using an electronic warfare model is more appropriate. I'm not current in ECM and ECCM methods, but there seem some parallels -- not a complete one -- between being hit by bistatic or multistatic radar illuminators, and by being hit by DDoS. Remember that stealth isn't a matter of being invisible, but, above all, preventing fire control radar from locking on a target. The more intelligent the DDoS attack, the more likely it is to be adaptive. Radar trackbreakers don't necessarily overpower the emitter, but confuse it. Hypothetically, if we have a clue which sources are sending the attack, giving them the impression they are succeeding may cause them to go elsewhere, or not add more phantoms.