Well the issue is that the IP and port of the MNs are known to the network and thus making them vulnerable. Well I don't think that all MNs will be able to get knocked down by this, surely there will be a few individuals to host a few MNs with high security. Don't you think so?
Absolutely - but the cost of doing this is extremely high. During a DDoS a datacenter is having their bandwidth saturated, and it's affecting other customers in the datacenter, so they will typically get their upstream bandwidth provider to null-route all traffic bound for that IP address. The upstream bandwidth provider's equipment is all muscle, no brain, on massive amounts of bandwidth, so it can't route things based on the type of data, only on the destination. Typically this means that DDoS mitigation is done, for example, by having round-robin DNS that spreads the load out to different data centers, and when under attack the DNS records can be updated faster than an attacker can reroute his DDoS. If the attack is sufficiently clever and sufficiently large there will be downtime, but it'll be measured in minutes and not in hours.
The only way to mitigate this is to scrub the data at line rate, which means you need your own very powerful, very clever, very expensive routers collocated at the DC. You're also going to need to rent at least 20gbps of the DC's bandwidth, even if you're only using a tiny tiny fraction of that, as a DDoS attack will fill that pipe and your routers will need to scrub it and only let clean data through. It's definitely doable, but it'll cost you tens of thousands of Dollars a month.
Problems like these make problems like Monero's blockchain bloat seem trivial in comparison.
This actually kind of sucks for me because I'm really hoping someone comes up with a solid anon solution that can be implemented in to Bitcoin style blockchain tech at some point.
I guess at this point the only hope is XC's closed source solution. But I'm not holding my breath tbh.