There are also companies with whom you can contract for this service. It's my understanding that if you have a problem they will help you mitigate it. I'm not sure if they require some specific DDoS gear or if they are able to take advantage of their customer's gear to address the issue. In any case, it's reactive. Frank -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Mike Lyon Sent: Monday, March 24, 2008 5:02 PM To: NANOG Subject: Mitigating HTTP DDoS attacks? Howdy all, So, i'm kind of new to this so please deal with my ignorance. But, what is common practice these days for HTTP DDoS mitigation during an attack? You can of course route every offending ip address to null0 at your border. But, if it's a botnet or trojan or something, It's coming from numerous different source IPs and Null0 routes can get very cumbersome. obviously. How do you folk usually deal with this? Any input would be greatly appreciated. Cheers, Mike