> > Sounds standard practice. > This way of (D)DoS mitigation results with cutting the poor target completely out of the network ... So the attacker succeeded very well with your assistance as legitimate users can not any more reach the guy. Is it his fault that he got attacked ?
Do you also do the same if this is transit traffic ? When do you remove such black hole ? You look at the ingress counters to the target ? Did you ever instead of the above considered automation to apply at least src-dst + ports filters with Flow Spec and just rate limit the malicious distributed flows (rfc5575) ? Thx, R. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
