Someone mentioned this earlier during the main attack but is probably got swamped, is it not possible to whitelist active miners and block everything else during an attack ?
Whitelisting does not work. iptables does not work. Once an attacker is already flooding your pipes, blocking them does not magically remove their traffic that is already hitting your switch. Upstream filtering IS in place at BTC Guild, but this is hitting through Stratum ports. There simply isn't any way to completely block the traffic, outside of having enough bandwidth to absorb it. Then the problem becomes identifying good vs bad traffic. BTC Guild regularly has 25,000-30,000 active stratum connections. It's *extremely* hard to separate the good from the bad.