[149566] in North American Network Operators' Group
Re: UDP port 80 DDoS attack
daemon@ATHENA.MIT.EDU (Keegan Holley)
Wed Feb 8 10:54:47 2012
In-Reply-To: <57E4018B-5E7E-4F0E-97E5-C8220A99ACD1@arbor.net>
From: Keegan Holley <keegan.holley@sungard.com>
Date: Wed, 8 Feb 2012 10:53:16 -0500
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: NANOG Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
2012/2/8 Dobbins, Roland <rdobbins@arbor.net>
> On Feb 8, 2012, at 8:07 PM, bas wrote:
>
> > As far as I see it S/RTBH is in no way a solution against smart
> attackers, of course it does help against all the kiddie attacks out
> > there.
>
> Once again, I've used S/RTBH myself and helped others use it many, many
> times, including to defend against attacks with shifting purported source
> IPs. flowspec, IDMS and other tools are very useful as well, but S/RTBH is
> supported on a lot of hardware, if operators choose to configure it.
>
> It is not a panacea. It is one tool in the toolbox.
>
> Folks can either choose to make use of it or choose not to do so; it is
> operationally proven, it does work, and it's certainly better than nothing.
> YMMV.
>
>
I agree. I think RTBH is a broadsword not a scalpel. It's a tool in the
tool box and there is a danger of dropping legitimate traffic with both
S/RTBH and D/RTBH. BGP isn't a security protocol. It's not even that
great of a routing protocol.
