Comment by zettabomb
1 year ago
These days it seems that DDoS attacks are often not targeted at bandwidth either, but rather packets per second. It is (apparently) much easier to exhaust routing capacity with an inordinate number of tiny packets than with a still large number of large packets. Cloudflare has some fun ways to deal with this [0].
[0] https://blog.cloudflare.com/mitigating-a-754-million-pps-ddo...
What they did to me was flood the Linux Kernel with TCP connections. That's why it's so important to block IPs in the raw PREROUTING table. You need to nip it in the bud before Linux starts allocating any memory to the attacker.