But they can still live on VPNs and not the open internet. Requests from outside can be blocked. Sure an external router or DNS server might go down but the internal network would be intact. The routing can even be updated on internal routers. People can invite others to the network, and the whole invitation system can be throttled. Byebye DDOS
How does an "internal network" work with an online community? Are members across a community hard-wired in to this online community?
Otherwise it's still subject to all of the same DDoS attacks of a global social network provider. Except that it'll be easier to take it down since it has fewer resources to protect itself (i.e. it doesn't have multiple 10 gbit pipes to the internet and likely can't blackhole traffic with BGP routes)
So yes, the internal network may be fine if a DDoS attack takes down the router to the rest of the internet, but does that matter since no one can reach it?
Or are you envisioning entire communities unplugging themselves from the internet if any community member is under DoS attack?
A DDoS attack is dependent on flooding the users connection with traffic, so if this connection cannot be established, a DDoS is unable to have a significant impact
Your first statement is true, but the traffic doesn't have to be successfully terminated for an attack -- a DDoS attack can easily fill your internet pipe with traffic even if your firewall silently ignores it (and indeed, once the attack is underway, it's likely that your servers can't keep up with the request rate, so many of the connections are going unanswered). So a VPN is no magic bullet.
