Re:Filtering doesn't save incoming bandwidth (Score 1)

This is true, we have been doing some testing of the various DDoS solutions, (and quite frankly the Cisco/Riverhead did the worst out of any we tested). But CPU use on these devices never caused us any alarm. The battle of DOS Mitigation is 2 staged, and you need to be in conversation with your ISP, so that their backbone guys can filter out traffic once it reaches a certain level. The purpose of the mitigation device is to detect anomalous traffic, and keep your site up while your ISP tracks down the largest offenders and block them at the backbone level. Most ISP's will do this, as if I'm seeing a GBit attack coming at one of my customers, this is going to effect all of the customers within the IDC.