Explore defensive strategies against various denial of service attacks in this 30-minute Black Hat conference talk. Delve into CloudFlare's infrastructure optimization techniques, covering multiple layers from flowspec and sflow to kernel bypass and iptables. Learn about effective defense methods, including BPF usage, and discover why some technically sound ideas prove impractical. Gain insights on protecting HTTP/S and DNS services, with techniques applicable to common DDoS types like Chargen, SSDP, NTP, and DNS reflection. Examine real-world experiences, successful approaches, and lessons learned in defending against service attacks, network floods, and botnet threats.