Ooh, a good idea (or is it just late on Friday?)
Two possible Achilles heal with this approach is that the multihop bgp session between the customer and the ISP's low end router may die under the flood of the attack. Also the low end router could drop it's IBGP peering if it becomes too flooded with the now redirected traffic.
I think an appropriately secured web-based interface would be better than multihop-BGP trickery, for the 'death of the customer connection' reason. I'd hope every responsible noc operator has at least 5 backup dialup accounts on other people's networks to access the webpage through. Perhaps the low-end router (or Zebra running box)on the ISPs side could advertise the routes internally to the ISP network with an next-hop of a big router that can take the pain (or a security box that can log the packets). Alternatively, a route-map on each router in the network could null route any route advertisement with a nullroute community (curses, thought of it a couple of seconds too late :-) Cheers, Phil Sykes, Network Engineer Cable & Wireless European IP Engineering p: +49 89 92699 204 m: +49 172 89 79 727