On 13/Oct/18 23:01, Robert Raszuk wrote:
> > This way of (D)DoS mitigation results with cutting the poor target > completely out of the network ... So the attacker succeeded very well > with your assistance as legitimate users can not any more reach the > guy. Is it his fault that he got attacked ? > > Do you also do the same if this is transit traffic ? > > When do you remove such black hole ? You look at the ingress counters > to the target ? > > Did you ever instead of the above considered automation to apply at > least src-dst + ports filters with Flow Spec and just rate limit the > malicious distributed flows (rfc5575) ? We provide 2 options - the poor man's one (which completes the attack) and the paid-for one, which cleans the attack. Mark. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
