There are two problems with Source-Based Remote Triggered Black Hole (S/RTBH): 1. From the RFC itself, you by definition sacrifice the victims address: 3.1. ...While this does "complete" the attack in that the target address(es) are made unreachable, collateral damage is minimized. It may also be possible to move the host or service on the target IP address(es) to another address and keep the service up, for example, by updating associated DNS resource records. 2. No ISP I know of supports it (e.g., via BGP communities) -mel
On Aug 3, 2015, at 6:31 AM, Roland Dobbins <rdobbins@arbor.net> wrote:
On 3 Aug 2015, at 20:28, Mel Beckman wrote:
Blackholing works on destination address — it’s a route to null0.
<https://tools.ietf.org/html/rfc5635>
----------------------------------- Roland Dobbins <rdobbins@arbor.net>