On Feb 6, 2012, at 8:37 AM, Keegan Holley wrote:
Source RTBH often falls victim to rapidly changing or spoofed source IP"s.
S/RTBH can be rapidly shifted in order to deal with changing purported source IPs, and it isn't limited to /32s. It's widely supported on Cisco and Juniper gear (flowspec is a better choice on Juniper gear). If folks don't want to read the presos or search through the archives, that's fine, of course. The fact is that there are quite a few things that operators can and should do in order to mitigate DDoS attacks; and making the perfect the enemy of the merely good only helps the attackers, doesn't it? ;> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde