[rstupek]

Not if the level of incoming bandwidth exceeds the available bandwidth of the circuits involved.. you can't filter it when the link is saturated. Cloudflare uses other techniques like global distribution so aggregate bandwidth is higher than the attack bandwidth

[pigtailgirl]

does anyone else have a network that can do what Cloudflare can do? seems like magic sometimes.

[smartbit]

The Netherlands has NaWas non-profit service that filters out DDOS attacks, in Q1’22 7,4 times per days with DDOS traffic up to 300Gbps. It’s a few man shop, costs of membership are low. From their FAQ https://www.nbip.nl/en/nawas/faq/ :

The NaWas infrastructure is designed as an on-demand service. After detecting an attack, the traffic is routed via BGP to the NaWas hardware and then the mitigation process starts. All traffic is then rerouted and the own connections can thus manage with less capacity and thus remain cheaper.

To connect to the NaWas, a port must be available from one of the following parties: AMS-IX, NL-IX, LINX, NET-IX, Top-IX, M-IX, V-IX or one of these cloud interconnects DCSPine, Epsilon, Megaport.

[viraptor]

Yes, there's a few distributed DDoS protection services. For example Fastly, Akamai, GcoreLabs, and a few smaller ones. They're mostly less evil too as a bonus.

[seunosewa]

Perhaps OVH?