To bring this to life btw about why NoName is so successful in terms of bringing things down - this is entire config for eastsuffolk.gov.uk, which has been down since 7am UK time.
There's no packet flood. There's no large packets. There's nothing like that. It's a layer 7, application layer attack.
All they do is send lots of web search requests with gibberish -- $_1 and $_5 are just large random strings. It's enough to CPU and memory exhaust most webservers.
UK Councils doing a much better job at coming back online this time around compared to last month's NoName attacks - 8 out of the 9 targeted (which are still in the botnet DDoS config, so attacks continue) are back online, only eastsuffolk.gov.uk remains down.
