Roland Dobbins <rdobbins@arbor.net> writes:
On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote:
2. is there a standard way to push a null-route on the attackers source IP upstream?
Sure - if you apply loose-check uRPF (and/or strict-check, when you can do so) on Cisco or Juniper routers, you can combine that with the blackhole to give you a source-based remotely-triggered blackhole, or S/RTBH. You can do this at your edges, and you *may* be able to arrange it with other networks with whom you connect (i.e., scope limited to your link with them).
Ah, nice. thank you, that is exactly what I was looking for. I'll read up on it this weekend and see if I can talk my provider into letting me push that upstream. -- Luke S. Crawford http://prgmr.com/xen/ - Hosting for the technically adept http://nostarch.com/xen.htm - We don't assume you are stupid.