Comment Re:Limit, but not eliminate, DDoS (Score 1) 107
I agree with you: there's no difference to Arbor between a DDoS attempt and a slashdotting. To us a large bandwidth anomaly is a large bandwidth anomaly (looks like a huge duck, it probably is a huge duck). We're providing tools for network operators to get a handle on the traffic in their networks, specifically large bandwidth anomalies -- regardless of their cause. Sometimes the duck is only slashdot and you let it waddle by. Sometimes the duck kicks your network's butt and you'd like to do something about it.
I also agree with you about the centralized company approach to DDoS. Our position is to make sure that we give network operators the tools to make sure that the perimeter of their own "island" of the Internet is secured. If they want to cooperate, we'll give them the tools to do that too.
Clearly, bandwidth-based attacks will continue to evolve (eg Zapatista protests), however, you can only slice a huge bandwidth flood so many ways. It's not a needle in a haystack.
