Nothing except specialized services can protect you from 100Gbps attack if your normal connection is only 1Gbps.
It simply overfloods the pipe - it works in the same manner as water. When attackers use up all your bandwidth, nothing is left for the normal traffic.
Yes, I appreciate the concept of the attack vector for DOS, I'm also aware there are alternative attacks that only require low bandwidths to exploit known timeout intervals on DNS servers to deny legitimate user access. The DOS toolkit is larger than regular bandwidth flooding these days.
I have no useful insights as to how it would be done, the technical aspects of data routing at the basest level is not something that I know much about. I just find it surprising that there has been no innovation into how we solve this problem. Hacking servers with high bandwidth connections may never be completely solved, so it's tempting to think about addressing the issue from a more fundamental basis, and not just using expensive mitigation services. It just becomes an arms race then, and there's alot of potential corrupt behaviour that can stem from that.
