I don’t know anything about this particular isp or attack, but if that 250 gbps is aimed at specific parts of their infrastructure that are not designed for this much load, it’s likely to saturate individual links, servers, and/or network gear.
Their announcement said “all of our services”, so this could be anything from their authoritative/recursive dns to monitoring or billing servers to specific routing nodes.
So even if they had nice fat 100G pipes coming in, and those pipes weren’t saturated, a ddos of this size with a mix of vectors can be debilitating on enough discrete pieces of infrastructure that the isp is effectively “down” for many end users.
(Again I am only speaking generally with guesses about what might be going on at this isp. I’m also not a network engineer but I do write code for network gear that does anti ddos stuff.)
Their announcement said “all of our services”, so this could be anything from their authoritative/recursive dns to monitoring or billing servers to specific routing nodes.
So even if they had nice fat 100G pipes coming in, and those pipes weren’t saturated, a ddos of this size with a mix of vectors can be debilitating on enough discrete pieces of infrastructure that the isp is effectively “down” for many end users.
(Again I am only speaking generally with guesses about what might be going on at this isp. I’m also not a network engineer but I do write code for network gear that does anti ddos stuff.)