Recently had a client's website under a massive DDoS attack. The HA cluster of ASL 5 machines held up, losing packets mind you, but SSH still worked for me to get into them.
Not bad, held up to 20000 packets per SECOND. Myself, my team, and our client were pretty impressed.
Hosted at a telco co-location facility. They have a 10mbit line provisioned. Looked at the MRTG graphs from the provisioning switch, and it showed the 10mbit was fully used. We checked the MRTG graphs on the upstream switch, and it showed almost 80mbit of traffic coming into that local switch.
It is running on IBM xSeries (can't remember the model), which are older machines, with 1.2GHz cpu's, and 512MB RAM.
We ended up having the telco put a filter on the switch to block the port 80 traffic causing this all, thats where we were able to get the packet counts. The guy from the telco was impressed because he had never seen a DDoS of this size come in to a web server before, and he was suprised I was still able to remotely get in to check things out.
Hosted at a telco co-location facility. They have a 10mbit line provisioned. Looked at the MRTG graphs from the provisioning switch, and it showed the 10mbit was fully used. We checked the MRTG graphs on the upstream switch, and it showed almost 80mbit of traffic coming into that local switch.
It is running on IBM xSeries (can't remember the model), which are older machines, with 1.2GHz cpu's, and 512MB RAM.
We ended up having the telco put a filter on the switch to block the port 80 traffic causing this all, thats where we were able to get the packet counts. The guy from the telco was impressed because he had never seen a DDoS of this size come in to a web server before, and he was suprised I was still able to remotely get in to check things out.
