I was looking on the website of arbor, they keep nice statistics on DDOS attacks around the globe. Arbor makes a DDOS appliance that is used by many large carriers to detect DDOS attacks and protect them. These appliances send information and statistics back to Arbor and end up in a report.
Many people think a DDOS is easy to stop; a bit of flood protection here, some threat detection on the firewall and maybe an IPS ? Maybe this just won’t work, if the attacker has sufficient resources he will most certainly flood your connections and oops – al you can do is hide behind that expensive firewall. Even if you can afford 10Gbit connections on several exchanges your not safe, it’s a matter of time that the attacker will have sufficient resources to plan an attack.
Of course to generate this much traffic the attacker must have an enormous desire to attack since this would require a bot net on a global scale with sufficient internet connections, but this already happend when the FBI took down MegaUpload.com. And, please do not forget that even small attacks can be very effective! A TCP SYN flood to one address (a webserver for example) could bring the host down and require no more then 700-1000kbps.
So what do you do? Buy an expensive DDOS Appliance or invest in upgrading all connections to the limit? If you go for the DDOS appliance and the attacker filled the internet pipe you look like an idiot of course but if you go for more bandwidth without any DDOS protection you can still be the target of a smaller DDOS attack.