Re: UDP port 80 DDoS attack

["Dobbins, Roland" <rdobbins () arbor net>]

On Feb 6, 2012, at 8:37 AM, Keegan Holley wrote:

> Source RTBH often falls victim to rapidly changing or spoofed source IP"s. 

S/RTBH can be rapidly shifted in order to deal with changing purported source IPs, and it isn't limited to /32s.  It's 
widely supported on Cisco and Juniper gear (flowspec is a better choice on Juniper gear).

If folks don't want to read the presos or search through the archives, that's fine, of course.  The fact is that there 
are quite a few things that operators can and should do in order to mitigate DDoS attacks; and making the perfect the 
enemy of the merely good only helps the attackers, doesn't it?

;>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

                The basis of optimism is sheer terror.

                          -- Oscar Wilde