On 12/8/2010 10:28 AM, Dobbins, Roland wrote:
Application-layer attacks aside, most packet-flooding attacks these
days don't completely fill links, as there's no need for the attacker
to do so.
I think the difference here is scale. packet-flooding attacks often do
fill links; if the links drop to 155mb/s or below. I've seen some gig+
DOS, but that is less common. The DOS I posted a flow capture link for
wasn't that large, but enough to flood out the little DS3 going to the
small town where the target DSL customers was.
Jack