Hi
Amplification attacks and syn floods are just touching the surface of ddos attack vectors. You should look into some industry reports:
Here are a couple examples to get you started.
https://www.radware.com/ert-report-2015/
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
I was looking into using this mechanism for blocking DDoS on Juniper
devices, but at the time, they only supported 8k flowspec entries/routes
and this was not sufficient to deal with the problem. My fallback was to
poison the routing table with null routes, but the problem with this was
that it didn't address inbound traffic, only the replies.
We ended up ditching all of this in favor of a third party external
scubbing vendor. They tend to prefer big honking boxes running
signatures whereever possible to drop identified malicious traffic.
When you get right down to it, the vendors have a lot of experience
day-to-day performing mitigations, and flowspec (or other BGP
mitigations) are more useful to carriers and ISPs to null out the
destination rather than the source.
Pierre
+1
I use this to block all kinds of unwanted traffic (with prejudice, of course).