If I hit you with a statusResponse DRDoS, and you go into your firewall (for example say some variant of Linux, Windows' is shit) and you say something like
then yes, packets will be blocked from reaching your applications but that 100MB internet connection you have between your server and the internet is still being used. Unless you are filtering these packets out well before they reach your line, it really doesn't make a difference.
iptables -A INPUT -m string --string 'statusResponse' -j DROP
If the attack is larger than your connection, then you are essentially fucked, no matter how many filters or firewalls you have in place. If you can't block it before it reaches your line, it still saturates it.
For my next post, if needed, I will paint a pretty picture...