attacks/ • https://blog.cloudflare.com/a-winter-of-400gbps-weekend-ddos- attacks/ • Directly hitting the target IP (not amplified) • Often spoofed source IP 8
450gbps and 100M pps per target • Use small DNS TTL to be able to "scatter" - retire IP's • Random-prefix DNS • Hard to defend • HTTP attacks • IP reputation works (iptables) • Dynamic WAF / "firewall alike" rules for blocking repetitive traffic 22