Comment Re:Solution (Score 1) 90
When you are talking these large DDOSs that generate 60Gb of data, you are talking millions of hosts. You need to get them blocked upstream from yourself, otherwise you are still getting the flood and things will crawl on all of your services irregardless. However upstream blocking is generally not source address based, just destination -- sure we will blackhole all packets destined to _YOUR_ server. Therefore you are still down. Yes, you can move the target but the DDOS will just follow.
If you deal with that problem and they are also generating traffic on your HTTPS port to tie up your services, how do you differentiate DDOS traffic from the normal user who is trying to connect? Sure, you can examine the activity of each connection but there is no time for that when you have thousands and thousands coming in per second.
It's like playing whack-a-mole but blindfolded and your wife has her head in there so you better watch out!
The only way to deal with this is to use raw processing and huge network pipes against it, which is what the protection services provide.