I would like to know a little about how a ddos attack effects servers and connections.
An example: The attacker has 1000 victims in their botnet. Each victim has an upload speed of 2Mbps and the attack starts a UDP attack.
About how many Gbps or Mbps will this attack in total have? I believe the upload speed from each victim's connection will be used to send the attack. Am I right? Would the math work just by multiplying: 2Mbps x 1000 victims = 2Gbps?
The bot master, is able to direct how much he wants to hit, how long, and such information like that, and because it has '1000 zombies', don't mean there all the same connection, isp, power, and such.
DDoS is very bad for any hosting company, client, user, server, connection, network. Why? Because the attack causes your server to be over-loaded, flooded, and it denys your server service (Denial of Service - DDOS).
It's always good to make sure you stay away from the people that do this such type of activity as it's always good to not be around them as when being around them or assioated with people that have 'bot nets', either is always getting negative attention and could pull you in to have you look like the owner so if anything goes wrong it goes back to you and there sky-free.
The attack it self, there's so many types of floods, There's no real estimate to be able to calc. which zombie pc is sending how much of the flood, for how long, and how powerful it is. The computer could be sending 100gbit per minute and maybe only 56mbit is getting taken by the server, the reason for this is they usually set the power up higher as usually not all of the attack is reached to the server in the full power so when more are hitting at the same rate it causes floods, overloads, and downtime and causes the servers connection to be overloaded and dropped.
We actually have developed a in-house software that's included in our FusionSOLAR package that nullroutes/blackholes and such on big enough floods, and has some other key factors to it that is able to determine the flood size and such and how to block it and what's needed to be done. It also alerts our security admins anytime negative traffic is directed at our clients, nodes, and such servers etc. With this protection it's always monitoring to ensure the network for each client, server node, and etc is at it's best, theres no problems it helps us notice problems before they happen.
May I ask why your wondering this? Usually when people are wondering question's like this is they're getting attacked alot, or are wondering the power of what they found, or have?