On 2012.02.05 20:37, Keegan Holley wrote:
2012/2/5 Dobbins, Roland<rdobbins () arbor net>
S/RTBH - as opposed to D/RTBH - doesn't kill the patient. Again, suggest
you read the preso.
Source RTBH often falls victim to rapidly changing or spoofed source IP"s.
It also isn't as widely supported as it should be. I never said DDOS was
hopeless, there just aren't a wealth of defenses against it.
This is so very easily automated. Even if you don't actually want to
trigger the routes automatically, finding the sources you want to blackhole
is as simple as a monitor port, tcpdump and some basic Perl.