This would depend on the size of the DDoS and the type. We do offer layer 3 filtering but it doesn't filter for layer 7 attacks such as xmlrpc floods or bruteforcing.
When an attack is detected by monitoring hardware on our network, a brief null-route is placed on the target IP while routes are pushed into BGP tables around the world to re-route the /24 block of the offending IP into our filtering service. Clean traffic is then delivered from this filtering service back into our network.
While filtering is active, there will be a slightly increased number of hops and latency for most customers, though most people will never notice this. Customers who may not necessarily be the target of the attack but have an IP in the same /24 may notice this behavior of different routing or increased latency.
Given the way the internet works we can't re-route that single IP (/32) into the filtering service which is why we have to route the entire /24. We don't do this for funsies nor do we want to filter more than necessary. The minimum routable size for most of the internet is a /24 (254 IPs) so that's what we have to do. We don't anticipate many people noticing or complaining about this.
We have an attack capacity of approximately 930Gbps. To date the largest DDoS in history was around 600Gbps.
You can read more about our DDoS protection/filtering at the link below.
--
https://www.knownhost.com/ddos-protection.html
--
Using services such as CloudFlare is a good option for those layer 7 attacks.
