[133629] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Tue Dec 14 20:34:54 2010
Date: Tue, 14 Dec 2010 17:34:24 -0800
From: Joel Jaeggli <joelja@bogus.com>
To: Drew Weaver <drew.weaver@thenap.com>
In-Reply-To: <F3318834F1F89D46857972DD4B411D70019C4766B6@EXCHANGE.thenap.com>
Cc: North American Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/8/10 6:30 AM, Drew Weaver wrote:
> Yes, but this obviously completes the 'DDoS attack' and sends the signal that the bully will win.
it's part of a valid mitigation strategy. shifting the target out from
underneath the blackholed address is also part of the activity. that's
easier in some cases than others. the bots will move and you play whack
a rat with your upstreams.
joel
> -Drew
> From: alvaro.sanchez@adinet.com.uy [mailto:alvaro.sanchez@adinet.com.uy]
> Sent: Wednesday, December 08, 2010 8:46 AM
> To: rdobbins@arbor.net; North American Operators' Group
> Subject: Re: Over a decade of DDOS--any progress yet?
>
> A very common action is to blackhole ddos traffic upstream by sending a
> bgp route to the next AS with a preestablished community indicating the
> traffic must be sent to Null0. The route may be very specific, in order
> to impact as less as possible. This needs previous coordination between
> providers.
> Regards.
>
