A 2 gigabit event isn’t big enough to be considered a real attack, a service like cloudflare can sink a 2 terrabit attack every day of the week.
Building a DDoS protection service ( that isn’t just black holing traffic ) starts with having enough bandwidth to throw away the attack volume plus keep your desired traffic working and have a bit of overhead to work your mitigation strategies.
What this means is to DIY a useful service you start by buying a couple of terrabits of bandwith in ‘small’ chunks of a hundred gigabits or so in most peering locations around the globe and then you build a proxy layer like cloudflare on top of it with a team of smart dudes to automate outsmarting the bad guys.
I don’t like cloudflare either, but the barriers to entry in this industry are epic.
A 2 gigabit event isn’t big enough to be considered a real attack, a service like cloudflare can sink a 2 terrabit attack every day of the week.
Building a DDoS protection service ( that isn’t just black holing traffic ) starts with having enough bandwidth to throw away the attack volume plus keep your desired traffic working and have a bit of overhead to work your mitigation strategies.
What this means is to DIY a useful service you start by buying a couple of terrabits of bandwith in ‘small’ chunks of a hundred gigabits or so in most peering locations around the globe and then you build a proxy layer like cloudflare on top of it with a team of smart dudes to automate outsmarting the bad guys.
I don’t like cloudflare either, but the barriers to entry in this industry are epic.