Comment by lsc

> It's a major selling point to me that AWS employs some more sophisticated countermeasures to attacks like these.

There are very good clean pipe services available; the major limitation is that the clean pipe provider must have enough capacity to absorb any attack... something that can be quite difficult unless you are someone like L3.

However, the good clean pipe services are all very expensive. (I don't mean the "http only" service like cloudflare; that is a very different sort of thing.) - this is because of that aforementioned limitation; you need a lot of headroom in your bandwidth to run a clean pipe service.

But yeah, amazon charges a lot more for bandwidth than you'd expect to pay direct from a transit provider at small-ISP scale, so I would hope that they have enough capacity and technology to filter fairly large attacks.