[lsc]

it's fairly large. There are really two factors in a DoS, though, total throughput and packet size. Obviously, your incoming pipe can only handle a certain total throughput, I mean, that's what most of us get billed on.

However, most routers and firewalls also have a limit on packets per second they can process, on top of the throughput limits. I've got a 100Mbps commit on a 1000mbps pipe, and I can handle 1000Mbps of 'normal' traffic... but I got taken out a month back by a 200Mbps DDos that used very small packets. My router couldn't handle it. (now, if I had spent money on a better router, it wouldn't be a problem. As far as I can tell, even, a reasonable software router could have handled it.)

Another way to measure this is the capacity required to absorb the attack. You can get he.net bandwidth for around a thousand dollars a month per gigabit, and he.net is about as cheap as bandwidth gets, so to soak a 50 gigabit attack, you'd have to have fifty thousand dollars a month of spare capacity.

(I'm sure there are further discounts available between the 1GiB and the 50GiB tier... but you get the idea. )

[ttimrawi]

Considering the fact I've seen this attack first hand. I can tell you a couple of things about it's strength. It's very flexible one minute they are sending packet size 1500 bytes udp, the other they are sending 48 bytes syn tcp 80. However, filtering them with a Firewall is not hard at all since they do have packet patterns you can detect, but even if you can find a firewall and have it on the edge of your network traffic is STILL reaching your network and if you can handle 50Gbps of traffic all coming from a couple of different ASn than "wow".