<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2018-06-06 9:57 GMT+03:00 Yahav Shasha <span dir="ltr"><<a href="mailto:yahav.shasha@gmail.com" target="_blank">yahav.shasha@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">well, on a large enough scale, it won't matter even if the server drops them, it will clog the nic way before it even gets to the server..</div><div class="gmail_quote"><div><div class="h5"><div dir="ltr"><br></div></div></div></div></blockquote></div><div><br></div><div>Still you are right if we speak about super mega extra large scale of tcp syn attack, but I've never actually seen them THAT big. Usually few hundreds of bots running on cheap vps with 100 mbps shared connection, which typical nowadays server might take care of on a 1 gbps port. TCP requests are not that large to hit the nic at 1 gbps connection. It might be like 1 mln or even more requests to kill it. To kill a 100 mbps port you have to generate like somehow about 210 000 syn pps. Thats a lot. And for 1 gbps its like 2 100 00 pps. This should be really large botnet all over the world, otherwise it will be kept down by and upstream provider, as they don't like ddos also. If it would be that large this guy would be blackholed on the bgp layer already. </div><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Best regards,<br>Roman.</div>
</div></div>