I ignore them, happens to me all the time some box or group of boxes for some reason decide to try and poke holes in one or more of my servers, in the past year I'd say only one has actually had any effect and that was on a pretty loaded server so I just dropped anything that looked suspicious, they stopped after a few days.
What's really sad is lately I've noticed an increase in people trying to perform syn flood attacks which is very easy to mitigate.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Well, the definition of mitigating an attack is pretty much reducing the impact of the attack such that regular traffic can be served at a reasonable speed. Getting 1.5 Mbps of traffic on a 1000 Mbps pipe isn't going to impact regular traffic. You say that legitimate traffic would be "competing" with the attack, but you're talking about something that represents 0.15% of the total pipe coming into the box. How is competing with a measly 1.5Mbps different from competing with the inbound traffic of all the other linodes on the physical host? What if somebody else on the host is running a legitimate DNS server getting more than 1.5 Mbps of traffic?

If you're under attack, and the attack is having zero impact on either your financials or ability/performance to serve traffic, I'd call that attack effectively mitigated.

So, in response to your question, if somebody sent 1.5 Mbps of malicious DNS traffic to me and I didn't have anything listening on port 53, yes, I'd just ignore it. Attacks that have no impact are best ignored, because the attacker will eventually give up for lack of effect. But 1.5Mbps barely qualifies as an attack, it's barely more than a probe.

Thanks obs

Just wanted to thank everyone that replied on this thread. I'm marking it as resolved it seems like the overall consensus is that this really wasn't a big deal at all, be it 7Mb/s or 1.5Mb/s. As you guys have described the overall load placed on the linode and the network pipe is insignificant and ultimately not worth worrying about in this situation.

I'm am glad, however, linode thought it was a reasonable request to change my IP. That made the whole thing a moot point, but I'm grateful for the discussion and all of your ideas.

Thanks again,
Aaron

...well I'd buy you a fur coat (but not a real fur coat, that's cruel)

Eat the whales!

Persons for the
Excessive
Tasting of
Animals

I'd buy you a green dress (but not a real green dress, that's cruel)

I'd buy you furniture for your house (maybe a nice chesterfield or an ottoman)