What is the feasibility of building a DDoS protection box out of a bare Linux
server running a dual-10G/40G NIC inline with iptables handling junk traffic,
and then a third eth for management? Seems like the 10G/40G card could help
scrub traffic before it hits your core? Has anyone built one? I’ve heard about
CCR’s, but my experience with MT has been...weird, they just do weird stuff
from time to time, YMMV, etc. etc., but I’ve had better luck with Cisco and the
usual suspects. It seems like a purpose built vanilla Linux box would be easily
upgradeable, universally supported with vanilla kernel support, etc. and you
could just tweak stuff until you got it dialed, no?