Well im still thinking of a way to stop or limit ddos attacks.
First of all, i have a openvz and a kvm vps with ipv6, is it possible for customers(without needing to submit a support ticket) to null route there own ipv6 addresses?
I am thinking of maybe limiting web server speeds (but i heard that does not really matter in a ddos attack?) and then have several (different vps) web servers randomly distribute the requested data.
I seriously hate tcp/udp - I wish there was a way you can just "block connections (and the data it sends - without using resources router/server side) from a ip" from what i understand from what i read is that when a bot connects it will send a crap load of dummy data to attack the server and it will overload the network. And i read that whitelist of ip address does not help provent ddos attacks.
Its like "hopeless" to prevent major ddos attacks unless you pay a crap load of money a month for a proxy or datacenter that supports it :-/