Re: UDP port 80 DDoS attack

[Keegan Holley <keegan.holley () sungard com>]

2012/2/8 Dobbins, Roland <rdobbins () arbor net>

> On Feb 8, 2012, at 8:07 PM, bas wrote:
>
> > As far as I see it S/RTBH is in no way a solution against smart
> attackers, of course it does help against all the kiddie attacks out
> > there.
>
> Once again, I've used S/RTBH myself and helped others use it many, many
> times, including to defend against attacks with shifting purported source
> IPs.  flowspec, IDMS and other tools are very useful as well, but S/RTBH is
> supported on a lot of hardware, if operators choose to configure it.
>
> It is not a panacea.  It is one tool in the toolbox.
>
> Folks can either choose to make use of it or choose not to do so; it is
> operationally proven, it does work, and it's certainly better than nothing.
>  YMMV.
I agree.  I think RTBH is a broadsword not a scalpel.  It's a tool in the
tool box and there is a danger of dropping legitimate traffic with both
S/RTBH and D/RTBH.  BGP isn't a security protocol.  It's not even that
great of a routing protocol.