"The server is flooded!"

"With requests? DDoS?"

"No."

Some years ago our company site was hosted by a prick who knew nothing and started to pretend the server got a virus or whatever.

I tested their server and figured out they did not have any firewall policies going on like mitigation of ssh brute force.

It was at this time I learned about SYN flood, and boy I flooded that port 80 of them.

The company site went down for as long as I wanted.

It was great because now we manage it in house and never had a problem anymore.

So here's a random idea: DDoS defence swarm.

Install the daemon on your server, and every time your server gets DDoS'd, all members of the swarm will mobilise to defend you, but the catch is that your server will have to help other members of the swarm too.

The defensive technique in question can be one of many:

1. Automated IP blocking/reporting with a blacklist in distributed form.
2. Other swarm members counterattack and cooperatively DDoS the offending addresses.
3. Flood the ISP with automated emails to force them to pay attention to the problem.

...or a combination of all of the above.

The only issue I can see with this is abuse potential. A clever person can trick the swarm into DDoSing innocents.