What was the biggest DDoS attack you have ever encountered? How many gigabits per second? Packets per second? How many unique source IP addresses? How long did it last?<p>The peak number of real (non-spoofed) source IPs is also very interesting. I wonder whether it is feasible to automatically maintain a blacklist of offending IPs that managed to establish a TCP connection (and are thus real).
Its old but GRC had a write-up about the attacks against them and infiltrating the bots: <a href="http://www.crime-research.org/library/grcdos.pdf" rel="nofollow">http://www.crime-research.org/library/grcdos.pdf</a><p>I couldn't find the originals on GRC website anymore: <a href="http://www.grc.com/default.htm" rel="nofollow">http://www.grc.com/default.htm</a><p>If I recall, after that writeup, GRC was knocked off the web by a BGP attack or something...
The best attack vector is usually Apache. Nonetheless, the records I heard are from Akamai:<p>Peak: 300,000 unique IPs, 795,000 page views/s, 98,000 unique views/s, 200Gbps [0].<p>[0] <a href="http://wwwns.akamai.com/rsa_2011/RSA_NOCC_DDoS.pdf" rel="nofollow">http://wwwns.akamai.com/rsa_2011/RSA_NOCC_DDoS.pdf</a>
I have not encountered DDoS attacks directed at my own properties, but I had domains hosted on Namecheap that were hit when their DNS got DDoS'd a few times last year.<p>There is plenty of coverage of this if you just do a search: <a href="http://www.google.com/search?gcx=c&sourceid=chrome&ie=UTF-8&q=namecheap+dns+ddos" rel="nofollow">http://www.google.com/search?gcx=c&sourceid=chrome&i...</a>
I have collected some reports on DDoS sizes here:
<a href="https://code.google.com/p/googleappengine/issues/detail?id=6000#c1" rel="nofollow">https://code.google.com/p/googleappengine/issues/detail?id=6...</a>