There's a great article on The Register about a recent, giant attack on Spamhaus, based on the Cloudflare blog. At its peak, for one hour, one of their upstream networks was receiving 300Gb/s of traffic - the highest ever reported for a DDoS.
Details below the fold...
That's big, but just how big?
One way is to consider network adaptors. A desktop computer now probably has a 1Gb/s network and will struggle to use all its capacity. In the datacentre, your server will have one or more 10Gb/s ports. Big datacentres will concentrate traffic from many servers on a large router to send data onto the internet proper, the biggest port you can buy here is 100Gb/s. The DDoS would have saturated three of these ports.
Another way is to consider a huge InternetExchange (the people who connect all the ISPs to the Internet). The London INternet eXchange (LINX) averages 1Tb/s, so this attack by itself increased traffic by one third of all UK traffic. The DDoS also attacked Internet Exchanges in 3 other cities.
A third way is to think about using a disk array to produce the same traffic. As a rule of thumb, a disk drive supports about 100MB/s. Over an hour, this is 360GB - about the size of a small disk. And you need 375 of them to produce 300Gb/s.
Disks can't simply be plugged into a network - they need a disk array. Let's assume we use ones like this. Let's also assume that the system can saturate its 10Gb/s network. We would need 30 disk arrays, each with 12 disks. That's two racks, together drawing 10kW. And to hit 4 exchanges, we would need 8 racks of disks.
Something of this scale:
What was the attack?
How could a group generate such traffic?
In a word, amplification.
The botnet commander sent a single command to the botnet of hundreds of thousands or perhaps millions of computers. Each compromised computer in the network send small requests. However, the response is perhaps 100x larger than the request.
The average data flowing into and out of servers is shown below - other than Spamhaus, I doubt anyone noticed any individual computer doing anything strange:
What did Spamhaus do?
The major takeaway from this is, if you are under attack, go to the professionals.