i will refrain from saying anything directly negative here, other than this should never have happened. if there were not measures put into place that would prevent this from happening, which you cant predict that it will or wont, but there are certainly resources available and have been for years for DDOS protection. but even beyond that, i am not understanding why this took over a week to curtail? the moment this was noticed, and surely you guys have some sort of monitoring going on, then something see more should have been done to reroute the attack.

the attack was directly on the IP, so this could have been nipped with some ingenuity and thinking. first change the nameservers names, immediately shorten your TTL on the registrar, and in your DNS settings on the server, then push to new IP's and nameserver names, leaving the attacked IP routed to a dead-end. then and this is all something i would have done immediately, i would have routed the attack right back out to the ip or IP's it was coming from, and set it into a loop that would have taken down the attacking server. this would have all been accomplished in about six hours, not days.

at any rate, if you dont need DDOS protection, or the knowledgeable staff to handle such an attack, then yes, HFW is a great choice. but remember folks, you cant ride in a cadilac when you purchase a volkswagon.

Regards,
DosDawg