Does this blocking also apply to VPNs which are likely routing through data centers? One would think that most botnets are running on compromised consumer networks.
Botnets must leverage their infected host's internet connection. Almost all anti-bot tools use IP/rate metrics to identify the classic DOS: a large number of connections from a few IPs.
To get around Threatstop, Distil, and other solutions, we see attackers having to use 100+ different source IPs during their coordinated attacks.
To get around Threatstop, Distil, and other solutions, we see attackers having to use 100+ different source IPs during their coordinated attacks.