On Thu, 12 Jul 2001, Dan Hollis wrote:
On Thu, 12 Jul 2001, Brad wrote:
Sorry- but after doing all of that, DDoS attacks still saturate even the largest circuits- thus denying the service.
It is not perfect, but it does help.
Of course there are those who take the approach "it is not a perfect solution so we will not bother filtering anything at all".
Well- I have a little experience with this, and from that experience I have noticed that DDoS attacks can often saturate the circuits to the point of BGP failure. Of course- null-routing the target address does help with the CPU overhead a little.. However the service is effectivly shut off by that point anyway.
-Dan
--- Brad Baker Director: Network Operations American ISP brad@americanisp.net +1 303 984 5700 x12 http://www.americanisp.net/