GoDaddy : DoS :: Contact

• Previous message (by thread): GoDaddy : DoS :: Contact
• Next message (by thread): GoDaddy : DoS :: Contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3 Aug 2015, at 20:46, Mel Beckman wrote:

> 1. From the RFC itself, you by definition sacrifice the victims 
> address:
>
> 3.1. ...While this does "complete" the attack in that the target 
> address(es)
> are made unreachable, collateral damage is minimized.  It may also be
> possible to move the host or service on the target IP address(es) to
> another address and keep the service up, for example, by updating
> associated DNS resource records.

This is incorrect.  I've used S/RTBH for the last 15 years or so to 
mitigate attacks.  One absolutely does *not* 'sacrifice the victim's IP 
address'.

The section you're quoting is describing D/RTBH, by way of explaining 
its deficiencies.  It would probably be a good idea to read the RFC in 
its entirety.  S/RTBH is described in Section 4 - e.g., the very next 
section.

> 2. No ISP I know of supports it (e.g., via BGP communities)

As noted in my previous message in this thread, one applies this on 
one's own transit-/peering-edge router.  While it won't prevent said 
link from being saturated, it keeps traffic from the blackholed source 
off one's own core, and off the targeted IP(s), which is of operational 
utility.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Previous message (by thread): GoDaddy : DoS :: Contact
• Next message (by thread): GoDaddy : DoS :: Contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]