On 3 Aug 2015, at 20:46, Mel Beckman wrote:
1. From the RFC itself, you by definition sacrifice the victims address:
3.1. ...While this does "complete" the attack in that the target address(es) are made unreachable, collateral damage is minimized. It may also be possible to move the host or service on the target IP address(es) to another address and keep the service up, for example, by updating associated DNS resource records.
This is incorrect. I've used S/RTBH for the last 15 years or so to mitigate attacks. One absolutely does *not* 'sacrifice the victim's IP address'. The section you're quoting is describing D/RTBH, by way of explaining its deficiencies. It would probably be a good idea to read the RFC in its entirety. S/RTBH is described in Section 4 - e.g., the very next section.
2. No ISP I know of supports it (e.g., via BGP communities)
As noted in my previous message in this thread, one applies this on one's own transit-/peering-edge router. While it won't prevent said link from being saturated, it keeps traffic from the blackholed source off one's own core, and off the targeted IP(s), which is of operational utility. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>