On 12/8/10 6:30 AM, Drew Weaver wrote:
Yes, but this obviously completes the 'DDoS attack' and sends the signal that the bully will win.
it's part of a valid mitigation strategy. shifting the target out from underneath the blackholed address is also part of the activity. that's easier in some cases than others. the bots will move and you play whack a rat with your upstreams. joel
-Drew
From: alvaro.sanchez@adinet.com.uy [mailto:alvaro.sanchez@adinet.com.uy] Sent: Wednesday, December 08, 2010 8:46 AM To: rdobbins@arbor.net; North American Operators' Group Subject: Re: Over a decade of DDOS--any progress yet?
A very common action is to blackhole ddos traffic upstream by sending a bgp route to the next AS with a preestablished community indicating the traffic must be sent to Null0. The route may be very specific, in order to impact as less as possible. This needs previous coordination between providers. Regards.